Papers
Topics
Authors
Recent
2000 character limit reached

MLSMM: Machine Learning Security Maturity Model (2306.16127v1)

Published 28 Jun 2023 in cs.SE, cs.CR, and cs.LG

Abstract: Assessing the maturity of security practices during the development of Machine Learning (ML) based software components has not gotten as much attention as traditional software development. In this Blue Sky idea paper, we propose an initial Machine Learning Security Maturity Model (MLSMM) which organizes security practices along the ML-development lifecycle and, for each, establishes three levels of maturity. We envision MLSMM as a step towards closer collaboration between industry and academia.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (15)
  1. Software engineering for machine learning: A case study. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), pp.  291–300. IEEE, 2019.
  2. Modeling realistic adversarial attacks against network intrusion detection systems. Digital Threats: Research and Practice (DTRAP), 3(3):1–19, 2022.
  3. Wild patterns: Ten years after the rise of adversarial machine learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp.  2154–2156, 2018.
  4. “i never thought about securing my machine learning systems”: A study of security and privacy awareness of machine learning practitioners. In Proceedings of Mensch und Computer 2021, pp.  520–546. 2021.
  5. Security maturity self-assessment framework for software development lifecycle. In Proceedings of the 17th International Conference on Availability, Reliability and Security, pp.  1–8, 2022.
  6. Wild patterns reloaded: A survey of machine learning security against training data poisoning. arXiv preprint arXiv:2205.01992, 2022.
  7. Machine learning security in industry: A quantitative survey. IEEE Transactions on Information Forensics and Security, 18:1749–1762, 2023. doi: 10.1109/TIFS.2023.3251842.
  8. Adversarial machine learning-industry perspectives. In 2020 IEEE security and privacy workshops (SPW), pp. 69–75. IEEE, 2020.
  9. Lipner, S. The trustworthy computing security development lifecycle. In 20th Annual Computer Security Applications Conference, pp. 2–13. IEEE, 2004.
  10. “security is not my field, i’ma stats guy”: A qualitative root cause analysis of barriers to adversarial machine learning defenses in industry,”. In Proceedings of the 32nd USENIX Security Symposium, 2023.
  11. Web application security: Improving critical web-based applications quality through in-depth security analysis. In International Conference on Information Society (i-Society 2011), pp.  457–462. IEEE, 2011.
  12. Threat assessment in machine learning based systems, 2022.
  13. Infiltrating security into development: Exploring the world’s largest software security study. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp.  1326–1336, 2021.
  14. Conceptualizing the secure machine learning operations (secmlops) paradigm. In 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), pp.  127–138. IEEE, 2022.
  15. Cross: a framework for cyber risk optimisation in smart homes. Computers & Security, 130:103250, 2023.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now

Whiteboard

Paper to Video (Beta)

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up