A. James Clark School of Engineering

Permanent URI for this communityhttp://hdl.handle.net/1903/1654

The collections in this community comprise faculty research works, as well as graduate theses and dissertations.

Browse

Subject: search.filters.subject.intellectual property

Search Results

Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    Security Enhancement and Bias Mitigation for Emerging Sensing and Learning Systems
    (2021) Chen, Mingliang; Wu, Min; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Artificial intelligence (AI) is being used across various practical tasks in recent years, facilitating many aspects of our daily life. With AI-based sensing and learning systems, we can enjoy the services of automated decision making, computer-assisted medical diagnosis, and health monitoring. Since these algorithms have entered human society and are influencing our daily life, such important issues as intellectual property protection, access control, privacy protection, and fairness/equity, should be considered when we are developing the algorithms, in addition to their successful performance. In this dissertation, we improve the design of emerging AI-based sensing and learning systems from security and fairness perspectives. The first part is the security protection of deep neural networks (DNN). DNNs are becoming an emerging form of intellectual property for model owners and should be protected from unauthorized access and piracy to encourage healthy business investment and competition. Taking advantage of DNN's intrinsic mechanism, we propose a novel framework to provide access control to the trained DNNs so that only authorized users can utilize them properly to prevent piracy and illicit usage. The second part is privacy protection in facial videos. Remote Photoplethysmography (rPPG) can be used to collect a person's physiological signal when his/her face is captured by a video camera, which may raise privacy issues from two aspects. First, individual health conditions may be revealed from a facial recording unintentionally by a person without his/her explicit consent from a facial recording. To avoid the physiological privacy issue, we develop \textit{PulseEdit}, a novel and efficient algorithm that can edit the physiological signals in facial videos without affecting visual appearance to protect the person's physiological signal from disclosure.On the other hand, R\&D of rPPG technology also has a potential leakage of identity privacy. We usually require public benchmark facial datasets to develop rPPG algorithms, but facial videos are often very sensitive and have a high leakage risk in identity privacy. We develop an anonymization transform that removes sensitive visual information identifying an individual, but in the meantime, preserves the physiological information for rPPG analysis. In the last part, we investigate fairness in machine learning inference. Various fairness definitions in prior art were proposed to ensure that decisions guided by the machine learning models are equitable. Unfortunately, the ``fair'' model trained with these fairness definitions is sensitive to threshold, i.e., the condition of fairness will no longer hold when tuning the decision threshold. To this end, we introduce the notion of threshold-invariant fairness, which enforces equitable performances across different groups independent of the decision threshold.
  • Thumbnail Image
    Item
    VLSI CAD Tool Protection by Birthmarking Design Solutions
    (IEEE, 2005-04) Yuan, Lin; Qu, Gang; Srivastava, Ankur
    Many techniques have been proposed in the past for the protection of VLSI design IPs (intellectual property). CAD tools and algorithms are intensively used in all phases of modern VLSI designs; however, little has been done to protect them. Basically, given a problem P and a solution S, we want to be able to determine whether S is obtained by a particular tool or algorithm. We propose two techniques that intentionally leave some trace or birthmark, which refers to certain easy detectable properties, in the design solutions to facilitate CAD tool tracing and protection. The pre-processing technique provides the ideal protection at the cost of losing control of solution’s quality. The post-processing technique balances the level of protection and design quality. We conduct a case study on how to protect a timing-driven gate duplication algorithm. Experimental results on a large set of MCNC benchmarks confirm that the pre-processing technique results in a significant reduction (about 48%) of the optimization power of the tool, while the post-processing technique has almost no penalty (less than 2%) on the tool’s performance.
  • Thumbnail Image
    Item
    VLSI Design IP Protection: Solutions, New Challenges, and Opportunities
    (IEEE, 2006-06) Yuan, Lin; Qu, Gang
    It has been a decade since the need of VLSI design intellectual property (IP) protection was identified [1,2]. The goals of IP protection are 1) to enable IP providers to protect their IPs against unauthorized use, 2) to protect all types of design data used to produce and deliver IPs, 3) to detect the use of IPs, and 4) to trace the use of IPs [3]. There are significant advances from both industry and academic towards these goals. However, do we have solutions to achieve all these goals? What are the current state-of-the-art IP protection techniques? Do they meet the protection requirement designers sought for? What are the (new) challenges and is there any feasible answer to them in the foreseeable future? This paper addresses these questions and provides possible solutions mainly from academia point of view. Several successful industry practice and ongoing efforts are also discussed briefly.
  • Thumbnail Image
    Item
    Fair Watermarking Techniques
    (IEEE, 2000-01) Qu, Gang; Wong, Jennifer L.; Potkonjak, Miodrag
    Many intellectual property protection (IPP) techniques have been proposed. Their primary objectives are providing convincible proof of authorship with least degradation of the quality of the intellectual property (IP), and achieving robustness against attacks. These are also well accepted as the most important criteria to evaluate different IPP techniques. The essence of such techniques is to limit the solution space by embedding signatures as constraints. One key issue that should be addressed but has not been discussed is the fairness of the techniques: what is the quality of the solution subspace for different signatures, that is, how large the solution subspace is (uniqueness), and how difficulty it is to get a solution from such subspace (hardness)? In this paper, we introduce fairness as one of the metrics for good IPP techniques and post the challenge problem of how to design fair watermarking techniques. We claim that all fair techniques have to be instanceoriented and due to the complexity of the problem itself, we propose an approach that utilizes the statistical information of the problem instance. We use the satisfiability (SAT) problem as an example to illustrate how fairness could be achieved. We make the observation that the unfairness of the previous watermarking techniques comes from the global embedding of the signature and propose fair watermarking techniques. We test the uniqueness and hardness on a model with full knowledge of the solution and real life benchmarks as well. The experimental results show fairness can be achieved.
  • Thumbnail Image
    Item
    Publicly Detectable Techniques for the Protection of Virtual Components
    (IEEE, 2001-06) Qu, Gang
    Highlighted with the newly released intellectual property (IP) protection white paper by VSI Alliance, the protection of virtual components (VCs) has received a large amount of attention recently. Digital signature is one of the most promising solutions among the known protection mechanisms. However, the trade-off between hard-to-attack and easy-to-detect and the lack of efficient detection schemes are the major obstacles for digital signatures to thrive. In this paper, we propose a new watermarking method which (i) allows the watermark to be public detected without forensic experts, (ii) gives little advantage to attackers for forgery, and (iii) does not lose the strength of protection provided by other watermarking techniques. The basic idea is to make part of the watermark public. We explain the concept of this public-private watermark and discuss the generation and embedding of such marks. We use popular VLSI CAD problems, namely technology mapping, partitioning, graph coloring, FPGA design, and Boolean satisfiability, to demonstrate its easy detectability, high credibility, low design overhead, and robustness. Finally, this technique is compatible with all the known watermarking and fingerprinting techniques.