1 Security Considerations
Authentication: How Users Sign On
Authentication refers to the way users sign on.
Administrators can—and should—implement Single Sign-on (SSO). SSO reduces the number of passwords users have to remember. It may also enable multi-factor login, which is when users are asked to provide some verification in addition to their passwords, like a code that they receive via text or email.
If your Construction and Engineering Intelligence environment is provisioned in Oracle Cloud Infrastructure (OCI), it comes with an identity management domain for access management.
Authorization: What Users Can Access
Authorization determines what users can access.
In Construction and Engineering Intelligence, users are managed using a combination of the following:
- Roles: Administrators can view and select one or more CIC roles for users.
- Data Sources: Administrators can give access to specific data sources to users and/or user groups
- Workspaces: Based on the user's role and access to data sources, administrators can give users access to specific workspaces in the Construction and Engineering Intelligence user interface.
Machine Learning
Some cautions unique to security in machine learning are discussed below.
It is important to understand the following security considerations while providing access to administrators and users.
Construction and Engineering Intelligence users don’t have visibility to the following data:
- Data in source applications outside their access purview
- Training data in Construction and Engineering Intelligence
Furthermore, they don’t have access to personal information (PI) data, ML models, and cannot change model code. At no point are the models exposed to organizations that could change access or inject malicious adjustments. Additionally, no PI is used in training or testing.
However, some cautions unique to security in machine learning are in order and discussed below:
- The Construction and Engineering Intelligence administrator role is very powerful and therefore must be granted judiciously.
The Construction and Engineering Intelligence administrator role grants access to the Administration module to manage Construction and Engineering Intelligence users and data. In addition to managing users specific to data sources, administrators can also add Construction and Engineering Intelligence-only users, to accommodate those users who are not necessarily associated with a specific data source. Therefore, granting access to administration module should be limited and restricted.
- Administrators should be cautious of input poisoning.
Data used in training shapes future predictions. Malicious or bad data can lead to bad future predictions. Construction and Engineering Intelligence administrators should be aware of the projects opted into the system and also aware of which projects are used for training the models that leads to prediction accuracy. Use security best practices such as Separation of Duty controls outlined in the Product/Service Feature Guide of Oracle CIC Advisor (Doc ID 114.2) on My Oracle Support to ensure that those choosing the projects for Construction and Engineering Intelligence, which will also be used for training, opt in their target data appropriately.
Unintended or misleading source data can affect outputs. Construction and Engineering Intelligence is delivered with multiple off-the-shelf Seed Models, which are trained with sample data. These are not ideal models to use, but they give your organization a good starting point for enabling the system, and to see a first round of predictions while you understand how to train with your data.
- Irrelevant features can precipitate confounding and spurious correlations.
It is important to understand how certain features affect your predictions or how your data is reflected in the feature set. For example, if you are an organization without costs, you may want to make sure no cost features are selected. To get a basic implementation with the models you can choose SeedModel customerData. This model will use the Seed Model features with your data. Therefore select only the relevant features applicable for your data.
- Data Privacy and Access Controls
The models are protected for data used in training, and users have no access to this data.
Users have access to the dashboard unless they are administrators (Construction and Engineering Intelligence administrator) which is role based permissions controlled by the client side. Since a regular user does not have access to the administration role (Construction and Engineering Intelligence administrator), they cannot poison the models by training it through introducing malicious scenarios.
Training and prediction is also controlled by administrators (Construction and Engineering Intelligence administrator) which enables controlled training and model executions.
- Membership Inference Attack (MIA) / Model robustness attack (MRA)
This is an inherent weakness in machine learning.
Machine learning is prone to new attack vectors such as the Membership Inference Attack (MIA) where the user of an ML model may be able to infer the training data. Similarly it is also prone to the Model Robustness Attack (MRA) where the user of an ML model may be able to skew the inputs imperceptibly to cause large errors in prediction. For better security, Construction and Engineering Intelligence makes such attempts difficult by not exposing the model code or its hyperparameters. To further enhance the product for good privacy-preservation, continuous attempts are being made to have models learn from the training data, but do not have them memorize it, and enabling defense mechanisms such as, Regularization.
Additionally, models continuously enhance to be robust by multiple tests to ensure that the accuracy does not change significantly from the baseline accuracy under various conditions.
They evolve with multiple trainings and testing on similar data but different scenarios and data points with simultaneous customer usage.