Q&A — Meet Professor Nicolas Papernot

September 27, 2019

The Edward S. Rogers Sr. Department of Electrical & Computer Engineering (ECE) welcomed Professor Nicolas Papernot as its newest faculty member this fall. He joins ECE from Pennsylvania State University after spending a year at Google Brain as a research scientist. We sat down with Professor Papernot to hear about his research, why he chose ECE at U of T and asked him what advice he had for the class of 2T3.

You joined us after spending a year at Google. Can you tell us a bit about your academic history?

I moved to the U.S. for grad school after studying engineering in France at the Ecole Centrale de Lyon. In the U.S., I completed my PhD in Computer Science and Engineering at the Pennsylvania State University where I worked with Professor Patrick McDaniel on the security of machine learning. Upon graduating, I deferred my offer from the ECE at the University of Toronto to spend a year as a research scientist at Google Brain in California where I worked on privacy in machine learning.

What are you working on research-wise and where do you see your research going in the future?

I am generally interested in aspects of machine learning that relate to its trustworthiness. That includes things like privacy and security.

Because machine learning often analyzes data that is sensitive — like personal communication or health records, for example — it is important to make sure that it learns to recognize patterns that are generic and supported by the data of many individuals, as opposed to patterns that are sensitive because they only apply to a few individuals.

Once machine learning is deployed, it is also important to make sure that the predictions they produce are the ones we expected. My research helped build an understanding of the attack surface exposed by machine learning models so that we can make them more robust to manipulations of their inputs.

What do you mean by ‘attack surface’?

By attack surface, I mean the different ways that an adversary can attack a system. The idea is to understand which components of the system design can be exploited by an adversary, so that the system design can be improved.

Are there any collaborations with other professors, departments, faculties or industries that you are looking forward to?

Yes, I am excited to collaborate with many colleagues at U of T. For instance, I have started working on privacy-preserving machine learning for healthcare with my Vector Institute colleague Professor Marzyeh Ghassemi from the Department of Computer Science.

Security and machine learning are hot topics globally, why did you choose ECE at U of T?

Toronto, and Canada in general, are leading centres for machine learning both in academia and industry. Through the Vector Institute, I received a Canada CIFAR AI Chair which gives me the resources I need to start my lab and recruit talent. At ECE, I can also collaborate with researchers working on computer security, like Professor David Lie.

As a professor, what advice do you have for undergraduate and graduate students?

I would recommend that students leverage the opportunity they have to take risks as undergraduate and graduate students. Once you graduate, you will never have such a large degree of freedom to pursue what is important to you.

More information:
Jessica MacInnis
Senior Communications Officer
The Edward S. Rogers Sr. Department of Electrical & Computer Engineering
416-978-7997; jessica.macinnis@utoronto.ca