REOM: A Reverse Engineering Framework for On-device TensorFlow-Lite (TFLite) Models
This is the artifact for our paper “Investigating White-Box Attacks for On-Device Models” which has been accepted by ICSE2024 Research Track. Existing approaches cannot handle the model conversion from on-device models to debuggable models (i.e., PyTorch) because the on-device model has non-debuggable components. Thus, current studies underestimate the risks of deployed ML models. Our proposed tool can process the non-debuggable components and convert the compiled on-device model to the PyTorch model for security exploitation. We submit our artifact to claim available, reusable, and results-reproduced badges. In our submitted artifact, we provide a Docker image that contains the environment and codes. It also provides a test set that has nine TFLite models and corresponding test sets that are mentioned in the experiments of our paper. Users can follow the guidelines to convert the TFLite models to debuggable PyTorch models and then use white-box attack algorithms to evaluate the robustness of the model. Reviewers and other users need to use Linux Shell Script to run the code and obtain the results.