Title:  Efficient Reconfigurable Privacy-Preserving AI

Date: Tuesday, Oct 8, 2025

Time: 9:00 AM – 11:00 AM ET

Location: Remote

 Zoom Meeting: https://gatech.zoom.us/my/jianming

Committee:

Dr. Tushar Krishna (Advisor) - ECE, Georgia Institute of Technology

Dr. Hyesoon Kim - CS, Georgia Institute of Technology

Dr. Moinuddin Qureshi - CS, Georgia Institute of Technology

Dr. G. Edward Suh - ECE, Cornell University / NVIDIA

Dr. Srini Devadas - EECS, Massachusetts Institute of Technology

Abstract: 

The current trajectory of AI systems prioritizes computational performance at scale, often relegating data privacy to an afterthought. This approach is unsustainable. The imminent rise of personalized agents, embodied AI, and sensitive applications like healthcare transforms privacy from a mere compliance feature into a fundamental requirement for earning user trust and ensuring market viability. This creates a critical bottleneck for current systems: how do we secure AI of tomorrow using the non-private infrastructure we have today?

Modern large-scale privacy-preserving machine learning (PPML) systems often rely on a hardware-centric solution, designing Trusted Execution Environments (TEEs) for every system component (CPU, GPU, memory and communication etc.). It introduces disjointed development and maintenance costs. This thesis is to bring all levels of privacy protection to existing AI systems and understand principles of privacy protection for improving efficiency. This brings two benefits: (a) immediate augmentation of existing AI systems with all levels of privacy protection without hardware changes, and (b) guidance on the design of future reconfigurable AI systems that can adapt itself to efficiently serve both full-spectrum PPML and standard ML. My research enables it via full-stack optimizations on four pillars: (1) ML model architecture that isolates private assets into separate independent routes by design, controlling how much data requires protection, (2) Privacy preservation that leverages domain-specific knowledge to minimize the extra costs introduced by privacy guarantee, (3) Compilation that lowers high-precision modular cryptographic operators across privacy tiers into low-precision kernels efficient on today’s hardware, and (4) Hardware that reconfigures itself to efficiently process computation of various shapes and flexible memory reorganizations.