Vasisht Duddu is one of 24 recipients internationally and one of two from Canada to receive a 2024 IBM PhD Fellowship. Established in 1951, these competitive graduate fellowships recognize and support outstanding PhD students around the world.
As an awardee, Vasisht will receive a $25,000 USD stipend and the opportunity to intern with IBM to improve his understanding of industrial research, broaden his range of technical contacts, and strengthen his technical experience. The last time a Canadian earned this distinction was in 2021 and, notably, the student was also a PhD candidate at the Cheriton School of Computer Science.
“I am delighted that Vasisht has been awarded an IBM Fellowship,” said Vasisht’s advisor and Cheriton School of Computer Science Professor, N. Asokan. “He is an exceptionally strong researcher with a deep understanding of machine learning security. He is also incredibly motivated. Even as an undergraduate, Vasisht sought out international partnerships. And as a graduate student, he has contributed to high-impact research published in top-tier conferences with me and researchers at other institutions.”
Vasisht Duddu is a PhD candidate at the Cheriton School of Computer Science, advised by Professor and Cheriton Chair N. Asokan, the Executive Director of Waterloo’s Cybersecurity and Privacy Institute. Vasisht works on enhancing trust in machine learning systems by systematically evaluating risks to security, privacy, fairness and transparency, and designing practical defences. He also designs regulatory compliance, safety and reliability mechanisms to ensure accountability. As of Feburary 2025, Vasisht published 19 papers that have been cited collectively 452 times with a h-index of 9 according to Google Scholar.
In addition to his IBM PhD Fellowship, Vasisht is one of two students to receive CPI’s 2024 Cybersecurity and Privacy Excellence Graduate Scholarship, sponsored by Mastercard, as well as a David R. Cheriton Graduate Scholarship, awarded from 2024 to 2026.
About Vasisht Duddu’s research
Vasisht’s research addresses a critical question in machine learning, namely how can trust in machine learning algorithms be improved in the presence of adversarial risks. He explores this research question from the perspective of unintended interactions between machine learning defences and risks. While several defences have been proposed to enhance trust in machine learning, they may inadvertently increase susceptibility to other unrelated risks.
With Professor N. Asokan and Intel research scientist Sebastian Szyller, Vasisht co-authored a systematization of knowledge paper that developed a framework to identify and explain interactions between defences and risks, as well as conjecture about unintended interactions. This research received the Distinguished Paper Award at the 45th IEEE Symposium on Security and Privacy and led to Amulet, an open-source library supported by Intel to evaluate unintended interactions, underscoring the industrial impact of his research. To mitigate unintended risks, he is examining effective strategies to combine existing defences to protect against multiple risks simultaneously.
Despite designing effective defences, it is important to determine whether a defence has been implemented honestly and correctly by untrusted practitioners. Specifically, how can technical mechanisms be designed to ensure regulatory compliance.
To this end, Vasisht is developing machine learning property attestations, technical mechanisms that allow practitioners to prove key properties of their models, training data, and configurations to verifiers. His approach uses machine learning, cryptographic techniques, and trusted hardware to enable companies to validate their claims. This work resulted in a paper titled Attesting Distributional Properties of Training Data for Machine Learning, presented at ESORICS 2024, the 29th European Symposium on Research in Computer Security, as well as another paper under submission. Additionally, his paper on ownership verification of graph neural networks, titled GrOVe: Ownership Verification of Graph Neural Networks using Embeddings, was presented at the 2024 IEEE Symposium on Security and Privacy, the premier forum for developments in computer security and electronic privacy.