Expanding ML-Documentation Standards For Better Security

TL;DR

This paper highlights the low security awareness in ML documentation and proposes expanding existing standards to include security details, aiming to improve ML-security practices.

Contribution

It introduces a novel extension to current ML documentation standards by adding a security section, based on Model Cards and Datasheets, to enhance security transparency.

Findings

Identifies gaps in current ML documentation practices.

Proposes an expanded documentation method including security info.

Highlights the need for standard adoption in practice.

Abstract

This article presents the current state of ML-security and of the documentation of ML-based systems, models and datasets in research and practice based on an extensive review of the existing literature. It shows a generally low awareness of security aspects among ML-practitioners and organizations and an often unstandardized approach to documentation, leading to overall low quality of ML-documentation. Existing standards are not regularly adopted in practice and IT-security aspects are often not included in documentation. Due to these factors, there is a clear need for improved security documentation in ML, as one step towards addressing the existing gaps in ML-security. To achieve this, we propose expanding existing documentation standards for ML-documentation to include a security section with specific security relevant information. Implementing this, a novel expanded method of documenting security requirements in ML-documentation is presented, based on the existing Model Cards and Datasheets for Datasets standards, but with the recommendation to adopt these findings in all ML-documentation.