Keep it Simple [Principle 6]
Keep It Simple, Stupid (often spelled out KISS) is good advice when it comes to security. Complex software (including most ML software) is at much greater risk of being inadequately implemented or poorly designed than simple software is, causing serious security challenges. Keeping software simple is necessary to avoid problems related to efficiency, maintainability, and of course, security. But software is by its very nature complex.
Machine Learning seems to defy KISS by its very nature. ML models involve complex mathematics that is often poorly understood by implementers. ML frequently relies on huge amounts of data that can’t possibly be fully understood and vetted by system engineers. As a result, many ML systems are vulnerable to numerous attacks arising from complexity. It is important for implementers of ML systems to recognize the drawbacks of using complex ML algorithms and to build security controls around them. Adding controls to an already complex system may seem to run counter to our simplicity goal, but sometimes security demands more. Striking a balance between achieving defense-in-depth and simplicity, for example, is a tricky task.
KISS should help inform ML algorithm selection. What makes an adequate algorithm varies according to the goals and requirements of the system, yet there are often multiple choices. When such a choice needs to be made, it is important to consider not only the accuracy claims made by designers of the algorithm, but also how well the algorithm itself is understood by engineers and the broader research community. If the engineers developing the ML system don’t deeply understand the underlying algorithm they are using, they are more likely to miss security problems that arise during operations. This doesn’t necessarily mean that the latest and greatest algorithms can’t be used, but rather that engineers need to be cognizant of the amount of time and effort it takes to understand and then build upon complex systems.