Machine Learning Seminar: Ziqi Zhang "Hardware-Rooted Secure LLM System."
- Sponsor
- Research Area of Artificial Intelligence
- Speaker
- Ziqi Zhang
- Contact
- Allison Mette
- agk@illinois.edu
- Originating Calendar
- Siebel School Speakers Calendar
Abstract: Large Language Models are widely deployed today, yet their model parameters and training data are highly vulnerable to system-level attacks. This risk arises because modern LLM systems are not designed for confidentiality. In this talk, I present TAOISM, a TEE-based confidential framework for secure LLM deployment on heterogeneous devices. TAOISM utilizes the security feature of TEE and computation capability of co-located GPU. The core insight is to partition LLM into two parts: a smaller but critical part is shielded by TEE, and a computation-heavy part is obfuscated and offloaded to GPU. Today I will focus on two key techniques: TEESlice, which isolates sensitive model components into TEEs through principled model partitioning, and Game of Arrows, which provides efficient and robust model obfuscation on untrusted GPUs by addressing parameter vector direction leakage.
Bio: Ziqi Zhang is currently a Postdoc Researcher at UIUC working with Lingming Zhang. He obtained Ph.D degree and bachelor degree in Peking University. His research interests lies in secure hardware, AI security, and software security. Specifically, he is interested in how to build a secure LLM and agent system and how to utilize agents to solve real-world security problems. His work has been published on top-tier conferences in various domains, including computer security, software engineering, and AI. More information can be found at https://ziqi-zhang.github.io/