The Libraries will be performing maintenance on UWSpace from July 15th-17th, 2026. UWSpace will be offline for all UW community members during this time.

Assumption Stress-Testing for Machine Learning Security

dc.contributor.authorKassis, Andre
dc.date.accessioned2026-07-14T20:12:05Z
dc.date.available2026-07-14T20:12:05Z
dc.date.issued2026-07-14
dc.date.submitted2026-07-08
dc.description.abstractSecurity is guided by the principle that a system is only as strong as its weakest link. Despite the undeniable benefits brought by the growing integration of machine learning (ML) into nearly all aspects of modern life, decades of research and real-world deployment have established a broad consensus that systems oblivious to malicious behavior are fundamentally unsafe. In practice, ill-intended users can abuse access to powerful generative models to create harmful deepfakes capable of facilitating fraud and impersonation, or instigating societal chaos. At the same time, the rapid adoption of ML in high-stakes settings such as online moderation, media authenticity verification, and biometric authentication introduces the risk of these mechanisms being manipulated or bypassed through carefully crafted inputs with potentially catastrophic consequences, as repeatedly demonstrated in practice. This thesis approaches these threats from an assumption-driven perspective, arguing that critical failures in ML security do not arise from isolated weaknesses of individual models, but from flawed or insufficiently scrutinized assumptions underlying broader robustness concepts. To study this problem, the thesis advances the perspective of assumption stress-testing, a framework for systematically analyzing the assumptions on which security mechanisms rely and constructing targeted approaches that subject them to worst-case behavior. Across four projects spanning multiple ML security domains, the thesis demonstrates how violating these assumptions can make the underlying concepts themselves inapplicable, causing entire classes of mechanisms built upon them to fail regardless of how they are instantiated. Specifically, the thesis investigates the robustness of voice authentication and image watermarking technologies designed to support media authenticity, revisits the reliability of a state-of-the-art defense paradigm against adversarial examples, and explores the constructive use of assumption-aware analysis to devise systems whose robustness remains meaningful under rigorous evaluation.
dc.identifier.urihttps://hdl.handle.net/10012/23748
dc.language.isoen
dc.pendingfalse
dc.publisherUniversity of Waterlooen
dc.subjectmachine learning security
dc.subjectadversarial robustness and defenses
dc.subjectadaptive evaluation
dc.subjectwatermark removal
dc.subjectadversarial purification
dc.subjectvoice authentication
dc.subjectassumption stress-testing
dc.titleAssumption Stress-Testing for Machine Learning Security
dc.typeDoctoral Thesis
uws-etd.degreeDoctor of Philosophy
uws-etd.degree.departmentDavid R. Cheriton School of Computer Science
uws-etd.degree.disciplineComputer Science
uws-etd.degree.grantorUniversity of Waterlooen
uws-etd.embargo.terms0
uws.contributor.advisorHengartner, Urs
uws.contributor.affiliation1Faculty of Mathematics
uws.peerReviewStatusUnrevieweden
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Kassis_Andre.pdf
Size:
17.22 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
6.4 KB
Format:
Item-specific license agreed upon to submission
Description:

Collections