Skip to main content
profile image
George K. Thiruvathukal, PhD
Article
An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain
SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses
  • Wenxin Jiang, Purdue University
  • Nicholas Synovic, Loyola University Chicago
  • Rohan Sethi, Loyola University Chicago
  • Aryan Indarapu, University of Illinois at Urbana-Champaign
  • Matt Hyattt, Loyola University Chicago
  • Taylor R. Schorlemmer, Purdue University
  • George K. Thiruvathukal, Loyola University Chicago
  • James C Davis, Purdue University
Download Find in your library
Document Type
Conference Proceeding
Publication Date
11-11-2022
Pages
105-114
Publisher Name
Association for Computing Machinery
Disciplines
Abstract

Deep neural networks achieve state-of-the-art performance on many tasks, but require increasingly complex architectures and costly training procedures. Engineers can reduce costs by reusing a pre-trained model (PTM) and fine-tuning it for their own tasks. To facilitate software reuse, engineers collaborate around model hubs, collections of PTMs and datasets organized by problem domain. Although model hubs are now comparable in popularity and size to other software ecosystems, the associated PTM supply chain has not yet been examined from a software engineering perspective.

We present an empirical study of artifacts and security features in 8 model hubs. We indicate the potential threat models and show that the existing defenses are insufficient for ensuring the security of PTMs. We compare PTM and traditional supply chains, and propose directions for further measurements and tools to increase the reliability of the PTM supply chain.

Identifier
ISBN: 978-1-4503-9885-5
Comments

Author Posting © Association for Computing Machinery, 2022. This article is posted here by permission of the Association for Computing Machinery for personal use, not for redistribution. The article was published in SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Pages 105-114, November 2022. https://www.doi.org/10.1145/3560835.3564547

Creative Commons License
Creative Commons Attribution 4.0 International
Copyright Statement

© Association for Computing Machinery, 2022.

Citation Information
Wenxin Jiang, Nicholas Synovic, Rohan Sethi, Aryan Indarapu, Matt Hyatt, Taylor R. Schorlemmer, George K. Thiruvathukal, and James C. Davis. 2022. An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED ’22), November 11, 2022, Los Angeles, CA, USA. ACM, New York, NY, USA, 10 pages. https: //doi.org/10.1145/3560835.3564547