Somesh Jha, Sheldon B. Lubar Chair and Professor in the University of Wisconsin–Madison Department of Computer Sciences, has been recognized with the ACM Conference on Computer and Communications Security (CCS) 2025 Test-of-Time Award for his influential paper “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures.” The award honors research that has had a lasting impact in the field of computer and communications security. The paper, co-authored with Matt Fredrikson, Associate Professor in the School of Computer Science at Carnegie Mellon University, and Thomas Ristenpart, Professor in the Department of Computer Science at Cornell University, were formally recognized at ACM CCS 2025 in Taipei, Taiwan, in October.
Published a decade ago, the paper broke new ground in identifying how machine-learning (ML) algorithms can inadvertently leak private information. At the time, all three authors were affiliated with UW–Madison: Jha as a professor, Ristenpart as an assistant professor, and Fredrikson as a graduate student.
“Machine-learning algorithms are increasingly utilized in privacy-sensitive applications such as predicting lifestyle choices, making medical diagnoses, and facial recognition,” Jha explains. “In model inversion attacks, an adversary attempts to infer private data — such as genomic information about an individual — by interacting with the model. Our work developed a new class of attacks that exploit the confidence values revealed alongside predictions.” The research has since influenced both the design of privacy-preserving machine learning systems and the development of countermeasures to reduce these vulnerabilities.
Somesh Jha’s research spans computer security, privacy, and formal methods, with a focus on how theoretical insights can inform practical systems. His co-authors are also leaders in their fields: Matt Fredrikson works on privacy and fairness in machine learning and program analysis for security; Thomas Ristenpart studies applied and systems security, with notable contributions to cloud and cryptographic security. Together, their collaboration has had a profound and enduring impact on the security and privacy of modern AI systems.