inference software tampering

Query use case

Has the software (SBOM) used by the inference code used for my inference AI system been tampered with?

Schemas used

Pseudo code

FUNCTION ai_system_sbom_hash_matches(AI_System_ID, Submitted_Hash)
    // Retrieve the AI system's code details using its ID.
    SET (Ignored_Hash, Code_ID) = get code details of AI_System_ID

    // Retrieve the SBOM hash stored in the code record for the given Code_ID.
    SET Stored_SBOM_Hash = get SBOM hash from code record for Code_ID

    // Compare the stored SBOM hash with the submitted hash.
    IF Stored_SBOM_Hash equals Submitted_Hash THEN
        RETURN True
    ELSE
        RETURN False
END FUNCTION

Explanation

Retrieve AI System Code Details:
- The function extracts the code details from the AI system record using its identifier, which yields the Code ID (ignoring the verification credential hash).
Retrieve Stored SBOM Hash:
- Using the Code ID, the function fetches the code record and retrieves the SBOM hash stored within it.
SBOM Hash Comparison:
- The function compares the retrieved SBOM hash with the Submitted Hash provided as input.
- If they match, it returns True, indicating the SBOM hash is valid; otherwise, it returns False.

Query

db:ai_system_sbom_hash_matches(AiSystemId, Hash) link to query
link to simulator

Notes

The relationships between entities in the AI system supply chain are shown in the below diagram, with the inference AI system and hash being checking for tampering highlighted in red.

alt text

Query use case​

Schemas used​

Pseudo code​

Explanation​

Query​

Notes​