AISEC: AI Secure and Explainable by Construction

Lead Research Organisation: Heriot-Watt University
Department Name: S of Mathematical and Computer Sciences

Abstract

AI applications have become pervasive: from mobile phones and home appliances to stock markets, autonomous cars, robots and drones. As AI takes over a wider range of tasks, we gradually approach the times when security laws, or policies, ultimately akin to Isaac Asimov's "3 laws of robotics" will need to be established for all working AI systems. A homonym of Asimov's first name, the project AISEC (``Artificial Intelligence Secure and Explainable by Construction"), aims to build a sustainable, general purpose, and multidomain methodology and development environment for policy-to-property secure and explainable by construction development of complex AI systems.

We will create and deploy a novel framework for documenting, implementing and developing policies for complex deep learning systems by using types as a unifying language to embed security and safety contracts directly into programs that implement AI. The project will produce a development tool AISEC with infrastructure (user interface, verifier, compiler) to cater for different domain experts: from lawyers working with security experts to verification experts and
system engineers designing complex AI systems. AISEC will be built, tested and used in collaboration with industrial partners in two key AI application areas: autonomous vehicles and natural language interfaces.


AISEC will catalyse a step change from pervasive use of deep learning in AI to pervasive use of methods for deep understanding of intended policies and latent properties of complex AI systems, and deep verification of such systems.

Planned Impact

We will maximise the impact of our research by industrial exploitation, collaboration with other academics, engaging with industry and government stakeholders, and public engagement activities. Activities are planned as follows.

1. Building a working Demonstrator tool, AISEC. This will be co-designed with our industrial partners and developed during the project, as well as used for "in-the-wild" experiments in the third year.

2. Open-source community building around our technology. We will make the AISEC platform freely available on an open-source platform such as Github (the largest worldwide repository of software used by many companies following an Open Innovation model).

3. Direct application of our research in industry, during and after the project. The research has been designed to fit closely with the industrial goals of our partners, who see security and verification of AI as vital to their future business. We are engaging with a range of companies, from start-up through SMEs to large industry. By establishing a regular board meeting, we will support and extend our engagement.

4. To foster the direct impact of our work and conduct in-the-wild experiments, we plan that the third year of the project will have a significant portion of time with our researchers embedded in industry. Our project partners have dedicated resource to support this, and we will pursue additional partnerships during the project.

5. Public engagement. Drawing on experience and expertise in public engagement of the investigatory team, we plan a series of events and online activities which will appeal to the broader public, in particular, to help raise awareness of emerging solutions to the challenge of trustworthy and secure AI.

6. Government and policy-making engagement. We will continue existing engagements with Scottish Government, the Scottish National Cyber Resilience Advisory Board, Police Scotland, as well as UK government contacts in DCMS and NCSC, to discuss future policy and regulation impacts of AI technology and security.

7. Skills and training. The research will contribute both to direct training, of the employed RAs and associated PhD researchers in the project, but also indirectly to educational materials being delivered across our Universities and the wider Scottish education landscape, through connections with Skills Development Scotland, Graduate Apprenticeships in Cyber Security, and the Edinburgh and Glasgow City-Region Deal initiatives.

8. Research community building and Knowledge exchange. Using networking funds available to Scottish Universities through SICSA, we will take part and organise meetings to showcase AISEC research. For AISEC itself, we will organise a specialised annual workshop open to academia and industrial researchers, bringing together partners and researchers from related areas to draw on the excitement and importance of the research topic.

9. Academic networking among associated UK flagship projects. Besides the usual channels for academic dissemination of our research in international conferences and journals, we will network with other significant research activities in the area. Specifically in the UK, we have connections to TIPS, the Cyber Security Research Institutes VeTTS, RITICS and RISCS, the new TIPS Network+ SPRITE, the IoT PETRAS 2.0 Hub, PaCCS as well as smaller responsive mode funded EPSRC projects. We expect to connect to the ISCF initiative in Digital Security by Design. We have recently started a small exploratory research project with NCSC on Security and AI. Through these connections, we expect AISEC will bring additional impact from further routes, and broader networks of interest across industry and government.

All of the above impact activities will be conducted within the ORBIT framework for Responsible Research and Innovation, and activities monitored regularly during the project to ensure delivery on each pathway.

Publications

10 25 50