From cdc03f9b64717869d41ec503d540baa8245208a9 Mon Sep 17 00:00:00 2001 From: Mihai Maruseac Date: Thu, 20 Jun 2024 13:52:34 -0700 Subject: [PATCH] Add model_transparency as a sandbox project Signed-off-by: Mihai Maruseac --- README.md | 1 + .../model_signing_sandbox_stage.md | 92 +++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 process/project-lifecycle-documents/model_signing_sandbox_stage.md diff --git a/README.md b/README.md index 1cc305ac..cbc75eb7 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ The following Technical Initiatives have been approved by the TAC. You may learn | gittuf | https://github.com/gittuf/gittuf | TBD | Supply Chain Integrity WG | [Sandbox](process/project-lifecycle-documents/gittuf_sandbox_stage.md) | | OpenVEX | https://github.com/openvex | [Meeting Notes](https://docs.google.com/document/d/1C-L0JDx5O35TjXb6dcyL6ioc5xWUCkdR5kEbZ1uVQto/edit) | Vulnerability Disclosures WG | [Sandbox](process/project-lifecycle-documents/openvex_for_sandbox_stage.md) | | OSV Schema | https://github.com/ossf/osv-schema | [Meeting Notes](https://docs.google.com/document/d/1jzqhW9SK9QRA39fQz0RiAkvpRWB0xztt1TAFJEseTlA/edit?usp=sharing) | Vulnerability Disclosures WG | TBD | +| Model signing | https://github.com/sigstore/model-transparency | [Meeting Notes](https://docs.google.com/document/d/18oAsfhfKJurH-YTUFe520CAZS3lkORX1WnZmBv4Llkc/edit) | AI/ML Security WG | [Sandbox](process/project-lifecycle-documents/model_signing_sandbox_stage.md) | | Package Analysis | https://github.com/ossf/package-analysis | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG | TBD | | Package Feeds | https://github.com/ossf/package-feeds | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG | TBD | | Protobom | http://github.com/bom-squad/protobom | [Meeting Notes](https://docs.google.com/document/d/1bz2BBImzSnLRiBLrA5GehQ0ckW3Vs7Gmtt8R-Olm0QY/edit) | Security Tooling WG | [Sandbox](process/project-lifecycle-documents/protobom_sandbox_stage.md) | diff --git a/process/project-lifecycle-documents/model_signing_sandbox_stage.md b/process/project-lifecycle-documents/model_signing_sandbox_stage.md new file mode 100644 index 00000000..9e6c4d3f --- /dev/null +++ b/process/project-lifecycle-documents/model_signing_sandbox_stage.md @@ -0,0 +1,92 @@ +## Application for creating a new project at Sandbox stage + +### List of project maintainers + +The project has 7 maintainers from 3 different organizations: + +* Laurent Simon, Google, @laurentsimon +* Daniel Major, NVidia, +* Eoin Wickens, HiddenLayer, @EWickens +* Mihai Maruseac, Google, @mihaimaruseac +* Hayden Blauzvern, Google, @haydentherapper +* Sarah Meiklejohn, Google, @smeiklej + +### Mission of the project + +The project must be aligned with the OpenSSF mission and either be a novel +approach for existing areas, address an unfulfilled need, or be initial code +needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF +projects collaborate with the existing project rather than seek a new project. + +> Create a cryptographic signing specification for artificial intelligence and +> machine learning models, addressing challenges such as very large models that +> can be used separately, and the signing of multiple disparate file formats +> held within a directory. This specification may have wider applicability to +> signing directories of multiple arbitrary file formats. This specification may +> later be proposed as a formal standard. + +#### Specific Goals Include: + +* Build a library for model signing and verification +* Integrate said library with ML frameworks (e.g., TensorFlow, PyTorch) +* Integrate said library with ML model hubs (e.g., Kaggle, Hugging Face) +* Develop standards for efficient hashing of large models +* Develop standards for efficient verification of models that contain multiple + formats in the same place +* Develop standards for efficient verification of models at inference time. + +#### Non-Goals Include: + +* Developing a new model format +* Handling security of ML outputs + +### OpenSSF Mission Alignment + +We believe our mission aligns with the OpenSSF mission in the following ways: + +> make it easier to sustainably secure the development, maintenance, and +> consumption of the open source software + +The model signing project aims to reduce the complexity of signing and verifying +the integrity of models, making it easier to be adopted by the industry at +large. + +> fostering collaboration + +The library is developed by a cohort of independent companies working together +to solve common problems. The goal is to integrate the library with most tools +that ML practitioners use, to uplift the entire ecosystem. + +> establishing best practices + +The model signing library must be strongly tested. It should define standards +for efficiently hashing and verifying integrity of models. + +### AI/ML Security WG Alignment + +This project started in parallel with the AI/ML Security WG. During one meeting +of the WG, it was decided to spin up a SIG for model signing +(https://github.com/ossf/ai-ml-security/issues/10). Since the output of this SIG +is in code for this library and associated standards and specs, we need to make +this a project. + +### IP policy and licensing due diligence + +When contributing an existing Project to the OpenSSF, the contribution must +undergo license and IP due diligence by the Linux Foundation (LF). + +* Yes (all code under Apache2 from the start, repo under Sigstore, which is + already an OpenSSF (thus, LF) member) + +### Project References + +The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project. + +| Reference | URL | +|--------------------|-----| +| Main Repository | TODO | +| Contributing guide | TODO | +| Security.md | TODO | +| Roadmap | TODO | +| Demos | TODO | +| Other | TODO |