Aarti Kashyap

Email: aartisk@cs.ubc.ca, kaarti.sr@gmail.com
Github: aartikash
Blog: TBD

My primary PhD advisor is William J. Bowman. I consider Margo Seltzer as my academic mentor since my Masters and am also being co-advised by her in PhD. I’m also remotely working with Marco Guarnieri from IMDEA, Spain.

In my masters I worked with Karthik Pattabiraman on security of Cyber-Physical Systems.

Some topics that I’m trying to understand are: Secure compilation, Full abstraction, Microarchitecture and architecture layers and their attacks and defenses.

Publications

2020

1. Security analysis of deep neural network-based cyber-physical systems

   Kashyap, Aarti

   MASc. Thesis, University of British Columbia 2020

   Abs PDF

   Cyber-Physical Systems (CPS) are deployed in many mission-critical applications such as medical devices (e.g., an Artificial Pancreas System (APS)), autonomous vehicular systems (e.g., self-driving cars, unmanned aerial vehicles) and aircraft control management systems (e.g., Horizontal Collision Avoidance System (HCAS) and Collision Avoidance System-Xu (ACAS-XU)). Ensuring correctness is becoming more difficult as these systems adopt new technology, such as Deep Neural Network (DNN), to control these systems. DNN are black-box algorithms whose inner workings are complex and difficult to discern. As such, understanding their vulnerabilities is also complex and difficult. We identify a new vulnerability in these systems and demonstrate how to synthesize a new category of attacks Ripple False Data Injection Attacks (RFDIA) in them by perturbing specific inputs, by minimal amounts, to stealthily change the DNN’s output. These perturbations propagate as ripples through multiple DNN layers and can lead to corruptions that can be fatal. We demonstrate that it is possible to construct such attacks efficiently by identifying the DNN’s critical inputs. The critical inputs are those that affect the final outputs the most on being perturbed. Understanding this new class of attacks sets the stage for developing methods to mitigate vulnerabilities. Our attack synthesis technique is based on modeling the attack as an optimization problem using Mixed Integer Linear Programming (MILP). We define an abstraction for DNN-based CPS that allows us to automatically: 1) identify the critical inputs, and 2) find the smallest perturbations that produce output changes. We demonstrate our technique on three practical CPS with two mission-critical applications in increasing order of complexity: Medical systems (APS) and aircraft control management systems (HCAS and ACAS-XU). Our key observations for scaling our technique to complex systems such as ACAS-XU were to define: 1) appropriate intervals for their inputs and the outputs, and 2) attack specific objective (cost) functions in the abstraction.

2. ReLUSyn: Synthesizing Stealthy Attacks for Deep Neural Network-Based Safety-Critical Cyber-Physical Systems: Student Research Abstract

   Kashyap, Aarti

   In Proceedings of the 35th Annual ACM Symposium on Applied Computing 2020

   Abs PDF

   Safety-critical cyber-physical systems have become an important part of our society. The controllers for safety-critical systems have recently been leveraging the research progress in Deep Neural Networks (DNNs) in order to construct data-driven models with high safety and reliability properties. There have been multiple approaches that are being used to enforce properties such as safety and stability on the models obtained after training in order to obtain robust neural networks.We provide a systematic approach in order to synthesize stealthy attacks on safety-critical CPS, given DNNs are being used as the underlying models for capturing the system behavior and taking future decisions. We focus on conducting an input-output range analysis for neural networks. Our technique is based on encoding non-linear DNNs Mixed Integer Linear Programming (MILP) in order to synthesize the data ranges for the attacker which can lead to malicious actions without being detected. This approach can be generalized to synthesize tailored stealthy attacks based on different user behaviors.

2019

1. Ontology based intrusion detection system for Slow-DOS attacks

   Kashyap, Aarti, and Gopalakrishnan, Akshay

   CS-CAN Student Symposium, 2019

   PDF

Research Internships

• 2020 IMDEA, Spain with Marco Guarnieri
• 2020 MPI-SWS, Germany with Eva Darulova
• 2017 NTT-DATA, Japan with Shota Togasaki
• 2016/17 Interface Technologies, India with Srinivasan Iyer

Service

• Sub-reviewer for HPDC’19, HPDC’20, QRS’20
• Artifact Evaluation Committe at ECOOPS’20.
• Student Volunteer (SV) at PLDI’19, SPLASH’19, POPL’19.

Awards and Honours

• Selected for Heidelberg Laureate Forum: My interview