Securing the ML Lifecycle
Training Data Question / Action Item
Standard Advanced
Where does your raw data come from , and has it been securely transmitted ?
Can you prove data provenance at the application layer ?
Can an attacker poison the training data to reduce the integrity of the trained model ?
Could the training data itself be considered a trade secret ? Table 5-2 : Training Data Assessment
✓
✓
✓
✓
Preprocessing / Training Question / Action Item
Standard Advanced
Have you secured your training parameters and overall setup ?
Are you using attested training algorithms and related software ( e . g ., signed GPU drivers )?
Are you using adversarial robustness testing techniques ?
Could any of the preprocessing data ( e . g ., selected features ) be of interest to an attacker ?
Table 5-3 : Preprocessing / Training Assessment
✓
✓
✓
✓
Model Deployment / Operation
Question / Action Item Where is your trained model deployed ? Are standard access controls for accessing the model enforced ? Is there any need for commercial license-based access controls ? Are your queries and answers secured ?
Standard Advanced
✓ ✓
✓
✓
Table 5-4 : Model Deployment Assessment
IIC Journal of Innovation 49