PILOT Seminar: Ziqi Zhang, "Hardware-Rooted Secure LLM Systems"
- Sponsor
- Siebel School of Computing and Data Science
- Originating Calendar
- Siebel School PILOT Seminars
Refreshment will be provided.
Abstract:
Large Language Models are widely deployed today, yet their model parameters and training data are highly vulnerable to system-level attacks. The root cause is that modern LLM systems are not designed with security as a first-class goal. In this talk, I present TAOISM, a TEE-based confidential framework for secure LLM deployment on heterogeneous devices. The core insight is TEE-Shielded LLM Partition (TSLP), which partitions LLM into two parts: a smaller but critical part is shielded by TEE, and a computation-heavy part is obfuscated and offloaded to a GPU. My research strengthens the security of such partitioned designs, achieving a significantly better trade-off between model protection and computational efficiency. In this talk, I will first give a high-level overview of the TAOISM framework. Then I will focus on two key techniques: TEESlice, which enables principled and secure model partitioning, and ArrowCloak, which provides efficient and robust model obfuscation on untrusted GPUs by addressing parameter vector direction leakage. At last, I will talk about my future work plan on how to build a full-stack secure AI ecosystem.Bio:
Ziqi Zhang is currently a Postdoc Researcher at UIUC working with Lingming Zhang. He obtained Ph.D degree and bachelor degree in Peking University. His research interests lies in secure hardware, AI security, and software security. Specifically, he is interested in how to build a secure LLM and agent system and how to utilize agents to solve real-world security problems. His work has been published on top-tier conferences in various domains, including computer security, software engineering, and AI. More information can be found at https://ziqi-zhang.github.io/