What I am sharing today is [2023 Large Model Security Solution*** Report Producer: Security.
Featured Reports** Public Title: A global repository of industry reports
|The importance of security risks
With the rapid development of large-scale model technology, it is increasingly widely used in various fields, from scientific research to business, to daily life, office and other aspects. However, a series of potential security risks are followed, and the initiation and response of these risks are not only related to the reputation of the enterprise, but also related to the protection of personal privacy and social stability. That's why it's critical to understand and respond to these security risks.
First, large models process large amounts of sensitive data and personal information in many application scenarios, such as users' search history, social interactions, and financial transactions. This makes the risk of data breaches and privacy breaches not negligible. Once this sensitive information is compromised, personal privacy rights can be seriously compromised, and even used for malicious acts, such as identity theft, fraud, and social engineering attacks. This not only causes financial losses to the victims, but can also lead to panic and distrust in society.
|Data security and privacy issues
1. Risk of transmission interception:In the pre-training, fine-tuning, and inference services of non-privatization of large models, data needs to be transferred between different subjects or departments. This data often includes a variety of sensitive information and privacy, such as personally identifiable information, financial data, etc. If adequate security measures are not taken during data transmission, attackers may intercept this data and obtain sensitive information, causing security and privacy concerns for users and organizations. Therefore, when using large model services, appropriate security measures must be taken to protect the confidentiality and integrity of data to prevent the risk of transmission interception.
2. The operator snoops on the risk:In the fine-tuning and inference phases, sensitive data such as personally identifiable information and enterprise data are often used to improve the accuracy and performance of the model. However, if this data is spied on or collected by large model operators, there is a risk of misuse. The Operator may use this data to understand the user's private information, such as personal preferences, behavioral Xi, social networks, etc., so as to carry out targeted advertising or promotion strategies. In addition, the Operator may leak data to third parties, which may be partners, data analysis companies, advertising companies, etc., in order to obtain unfair benefits.
|Software fine-tuning inference scheme based on homomorphic cryptography
Homomorphic cryptography is a federated Xi key technology that provides the ability to compute and process data in an encrypted state, thereby protecting the privacy and security of data. The idea of data protection for the large model is to realize the computing logic of the large model through homomorphic cryptography, so that the large model can accept the encrypted data input, and the overall fine-tuning and reasoning process is completely dense, and the final result is also returned to the client in the form of dense state, and the whole process is completely dense, so this process is completely deployed to the server side on the cloud. However, the customer only needs to upload the local privacy data to the server after densification, and all the computing process is completed by cloud outsourcing, but the cloud service cannot obtain the computing content.
For the homomorphic cryptography scheme, the core is how to realize the core computing logic of the large model through homomorphic cryptography, which mainly includes:, embedding, transformer(attention) and header. Due to the computational complexity of homomorphic cryptography and the limited computation supported, how to reasonably use homomorphic cryptography algorithms to meet the requirements of availability and accuracy, and realize the privacy protection scheme in the fine-tuning and inference stage.
|Trusted Execution Environment Solution
The Trusted Execution Environment (TEE) is a secure area in the processor that protects the confidentiality and integrity of programs and data from being stolen and destroyed from the outside. Together with storage encryption and network communication encryption, TEE can protect data privacy and security during ATREST and intransit. With the development of TEE technology, confidential computing technology has emerged to add a secure processor between the computing core and the memory to protect the data security and privacy of the computing core (INUSE).
Since TEE includes multiple hardware modules, involving the whole life cycle of data processing and circulation, it is relatively vulnerable to side-channel attacks, so it is necessary to build a defense-in-depth security system to resist attacks from different directions, strengthen security testing to actively find problems, and update the security patches of all components in the system in a timely manner.
|A secure sandbox-based solution
Security sandboxing technology is a technology that separates models, data usage rights, and ownership by building an isolated and secure environment that can be debugged and runAt the same time, it provides functions such as computing power management and communication required for model fine-tuning calculation, so as to ensure that the pre-trained model of the model owner can complete the model fine-tuning task without the private boundary defined by the model owner.
The security sandbox product is a software system or software and hardware integration system that is provided to all participants in the process of model open sharing, provides functions such as computing power management and communication required for model security and open sharing, and meets the requirements of computing tasks.
This article is for informational purposes only and does not represent any investment advice from us. To use the information, please refer to the original report. )
Featured Reports** Public Title: A global repository of industry reports