DSN-2026: Accepted Tutorials

This tutorial introduces fault injection (FI) techniques for analyzing the resilience of machine learning (ML) applications, with a focus on both deep neural networks (DNNs) and large language models (LLMs). While ML systems are increasingly used in safety-critical domains, their unpredictable failure modes require systematic evaluation through FI. Participants will gain hands-on experience using LLTFI, a flexible framework developed at UBC, along with PyTorch-based tools, to inject faults into ML models and analyze the results. The tutorial will cover the workflow of designing FI experiments, interpreting results, and applying these techniques to real-world scenarios. Special attention will be given to the emerging challenges of FI in LLMs, where adaptive and multi-task behaviors complicate resilience analysis. We will discuss methodologies for large-scale FI campaigns and highlight open research problems in this space. By the end of the tutorial, attendees will understand how to apply FI to modern ML systems and evaluate their robustness in practical settings.

Outline

• Introduction to FI, Philosophy of FI, and high-level overview of LLTFI (30 minutes)
• Two case studies for illustrating the use of LLTFI, one injecting faults into DNN applications, and the other for injecting faults into LLM applications (60 minutes)
• A case study for illustrating large-scale LLM FI, launching a FI campaign on a cluster, analyzing the obtained FI trace and investigating task-specific LLM outcomes against faults. (60 minutes)
• Open issues and research directions in fault injection, free-form discussion (30 minutes)

Overview

The rapid proliferation of small unmanned aerial systems (drones) has fundamentally transformed low-altitude airspace, creating new opportunities in infrastructure inspection, disaster response, and commercial delivery — but also introducing serious risks to public safety, aviation operations, and critical infrastructure protection. Recent incidents involving unauthorized drone activity near airports, military installations, and sensitive facilities underscore the growing need for reliable airspace monitoring. Addressing these risks requires solutions that combine sensing technologies, dependable system design, and cybersecurity principles.

This half-day tutorial provides a comprehensive overview of modern airspace monitoring technologies and their associated cybersecurity implications. We examine sensing approaches ranging from traditional radar systems to emerging passive sensing techniques that leverage ambient radio-frequency (RF) signals and spaceborne transmitters — such as low-Earth-orbit (LEO) satellite constellations — as illuminators of opportunity. These passive approaches offer advantages including reduced cost, increased stealth, and improved scalability compared to active radar systems.

A central focus of the tutorial is the intersection between cybersecurity and safety in airspace monitoring. Detection infrastructures can themselves become targets of cyber attacks, including spoofing, signal injection, replay attacks, and adversarial evasion. We discuss these threat vectors in depth and examine how distributed sensing architectures can improve resilience and coverage. Through a real-world case study of passive sensing systems that leverage LEO satellite signals, we demonstrate how next-generation sensing networks can provide scalable and dependable airspace awareness.

Participants will gain a broad understanding of the technological landscape of drone detection, the cybersecurity challenges facing sensing infrastructures, and open research directions in dependable airspace monitoring.

Outline

Part 1 — Landscape and Technologies (50 min)

• The Emerging Airspace Security Problem (20 min). Growth of drone usage across commercial and civilian sectors; accidental versus malicious drone activity; implications for national security and critical infrastructure protection.
• Airspace Monitoring Technologies (30 min). Traditional radar systems; radio-frequency (RF) sensing; acoustic sensing; optical and computer-vision methods; introduction to passive sensing approaches.

Part 2 — Cybersecurity and Passive Sensing (40 min)

• Airspace Monitoring Cybersecurity Threats (20 min). Spoofing attacks on sensing infrastructure; signal injection and replay attacks; drone identity spoofing and GNSS manipulation; adversarial evasion strategies.
• Passive Sensing Approaches (20 min). Passive radar fundamentals; illuminators of opportunity; leveraging LEO satellite constellations (e.g., Starlink) for airspace monitoring.

Break (15 min)

Part 3 — Dependability and Safety (30 min)

• Dependability Challenges (15 min). Reliability of sensing infrastructure; coverage and scalability trade-offs; detection accuracy and false-alarm management; system resilience and redundancy.
• Safety Implications (15 min). Aviation safety concerns; notable airport drone incidents; protection of critical infrastructure.

Part 4 — Case Study and Open Challenges (60 min)

• Case Study: Passive Detection Using LEO Satellites (40 min). Passive detection with LEO satellites as illuminators of opportunity; forward-scatter sensing techniques; real-world deployment experiences, experimental results, and lessons learned; live demo.
• Open Research Challenges and Q&A (20 min). Scalable airspace monitoring; adversarial drones and countermeasures; AI-assisted sensing and detection; regulatory and operational challenges; open Q&A with participants.

Target Audience

This tutorial targets researchers and practitioners working in cybersecurity, dependable systems, wireless sensing, critical infrastructure protection, and autonomous systems. The tutorial is designed to be accessible to participants without prior background in radar systems while still providing technical depth for experienced researchers.

Supporting Materials

The tutorial will be supported by presentation slides, a live demo, and selected experimental results from real-world passive sensing deployments using LEO satellite signals.

Overview

Confidential Computing (CC) has emerged as a critical security paradigm for protecting sensitive code and data within untrusted public compute infrastructures. This tutorial provides a comprehensive, top-down exploration of the CC landscape, organized into three sections: Fundamentals, Platforms, and Research. In the Fundamentals section, we cover core security principles, application scenarios, and the overarching challenges facing CC. This section provides attendees with a high-level conceptual overview of the technology. The Platforms section delves into technical specifications to explain how CC mechanisms operate “under the hood.” We will focus on two key platforms: Intel Trust Domain Extensions (TDX) and NVIDIA GPU Confidential Computing. Attendees will gain a deep understanding of memory access control, cryptographic isolation, remote attestation, and secure I/O channels for CPU-GPU data transmission. Finally, the Research section highlights three recent studies to illustrate real-world use cases, the security implications of CC misuse, and strategies to overcome performance bottlenecks. This concluding section will familiarize attendees with the current research frontier and prepare them to explore this evolving field.

Outline

Section I: Fundamentals of Confidential Computing (1 hour)

• Threat model and security principles
• Timeline of major CC technologies
• Representative applications: confidential AI, collaborative learning, confidential containers
• System and security challenges

Section II: Confidential Computing Platforms (1 hour)

CPU-CC: Intel TDX

• Building blocks: VT, MKTME, SGX
• Security features of TDX
• Secure initialization of TDX module
• Memory protection: confidentiality and integrity
• Remote attestation

GPU-CC: NVIDIA Hopper

• Security principles of GPU-CC
• Blueprint: architectural engines
• Bootstrap: secure boot, key negotiation, device attestation, and firewall establishment
• Bridge: CPU-GPU data paths, data protection mechanisms, and security implications

Section III: Research on Confidential Computing (1 hour)

Discussion of our recent CC research works from three perspectives:

• Leveraging CC for confidential AI and collaborative learning
• Security implications of misusing CC
• Overcoming the performance bottleneck of GPU-CC

For the latest speaker list, bios, and abstracts, see the tutorial website: https://resist-tutorial.github.io/

Organizers: Peter W. Deutsch (MIT), Vincent Quentin Ulitzsch (MIT), Mengjia Yan (MIT), Sudhanva Gurumurthi (AMD), Vilas Sridharan (AMD), Harish Dixit (Meta), Sriram Sankar (Meta)

Overview

As process nodes shrink and datacenters scale toward exascale, Silent Data Corruptions (SDCs) have emerged as a primary challenge to computational integrity at scale. Once dismissed as rare anomalies, SDCs are now implicated in corrupted AI training weights, silent database corruptions, and elusive bugs that surface only after billions of compute-hours.

This full-day tutorial offers a cross-layer journey through the SDC landscape, led by academic and industry experts from AMD, Meta, and Google. We begin at the silicon level — examining the defects, variability, and aging phenomena at the root of these corruptions — then ascend through architectural mitigations, software-level testing and resilience, and finally workload behavior in distributed systems and large-scale AI. The tutorial bridges the dialogue between those who design silicon and those who manage the software running upon it, leaving attendees with a clear view of the open research questions that will define the next decade of reliable systems design.

Outline

Morning (3 hours)

• Silicon Marginality and Fault Origins (45 min). Defects, variability, and aging; trends and remediation at the process and circuit levels.
• Architectural Defenses and Redundancy (45 min). ECC, residue checking, lockstepping, and modular redundancy, with their power, area, and performance trade-offs.
• Testing for SDCs via Software Approaches (1.5 hours). Simulation-driven and compiler-driven test generation for detecting SDC-causing defects in a fleet.

Afternoon (3 hours)

• Software Robustness to SDCs (45 min). Building software and compilers robust to hardware defects, with insights from large-scale production deployments.
• At-Scale Failure Trends and Debugging (1.5 hours). Hyperscale failure trends drawn from recent large-scale industry reports on fleet-wide hardware reliability.
• The Future of Reliable Systems Panel (30 min). Shrinking nodes, AI/ML for failure prediction, and the road ahead.
• Open Discussion (15 min).

Target Audience

Graduate students seeking a research area combining hardware, reliability, and systems; dependability researchers wishing to understand industrial hyperscaler constraints; and practitioners responsible for device and datacenter reliability. Basic knowledge of computer architecture and systems programming is expected.

Overview

Designer errors remain a leading cause of software faults and security vulnerabilities, yet they are rarely addressed systematically in system design. This tutorial equips students, researchers, designers, and developers with the knowledge and strategies needed to develop trustworthy computer systems by proactively preventing human errors. It presents a structured framework centered on four fundamental questions in system design and development: why errors occur, what patterns of errors are made, when they are most likely to arise, and how cognitive strategies can be applied to prevent them. Building on these foundations, the tutorial leverages real-world faults and vulnerabilities from industrial projects to help participants identify underlying human-error causes. Participants will develop cognitive awareness of human error across diverse project contexts, learn effective prevention techniques, and engage in interactive analysis of trustworthiness issues drawn from their own experiences. A curated set of practical error-prevention strategies will be provided for immediate application. The tutorial adapts core modules from Dr. Huang’s first-of-its-kind, award-winning course, Human Errors in Software Engineering, which has been used to train professional software engineers across multiple organizations.

Outline

Session 1. Theories and Concepts

• Introduction (10 minutes). Engaging warm-up questions and relatable examples that illustrate how human errors occur in everyday life.
• Cognitive Mechanisms Behind Human Error (10 minutes). Overview of the cognitive processes that lead to errors, including how attention, memory, and decision-making contribute to mistakes.
• Common Human Error Modes (40 minutes). Presentation of typical human error patterns, supplemented with interactive psychological exercises and games that allow participants to experience error-making firsthand.

Session 2. Practical Techniques for Preventing Human Errors in System Design

• Error-Prone Scenarios (30 minutes). Analysis of how specific development contexts trigger different types of human errors, leading to faults and vulnerabilities.
• Hands-On Human-Error Root Cause Analysis (40 minutes). Practical session where participants analyze the human error root causes of faults and vulnerabilities using real-world academic and industrial data.

Session 3. Discussions and Takeaways (20 minutes)

• Cognitive strategies for proactively preventing human errors.
• Open discussion where participants share experiences and reflect on real-world cases.