About me

I am a postdoc in the SPRING Lab at EPFL, headed by Prof. Carmela Troncoso. My position is funded by the CYD Distinguished Postdoctoral Fellowship of the Cyber-Defense Campus, where my main collaborator is Dr. Raphael Meier.

I completed my PhD in the Computational Privacy Group at Imperial College London, advised by Dr. Yves-Alexandre de Montjoye. My research lies at the intersection between machine learning, privacy, and security. I study privacy and security vulnerabilities in data processing technologies: machine learning models, query-based systems, and perceptual hashing-based client-side scanning, through the lens of automated attacks. Through a rigorous study of privacy vulnerabilities, my research can inform the design of principled countermeasures allowing to prevent them and, ultimately, to use data safely.

Prior to starting my PhD, I obtained an MSc in Computer Science from EPFL, Switzerland, and the Diplome d’Ingénieur de l’Ecole Polytechnique (equivalent to a Bachelors and Master’s degree) from Ecole Polytechnique, France. At Ecole Polytechnique, I studied Pure and Applied Mathematics and Computer Science, and specialized in Data Science. Towards completion of my EPFL MSc degree, I did my Master Thesis in the Department of Computer Science at the University of Oxford under the supervision of Prof. Thomas Lukasiewicz, and in close collaboration with Dr. Oana-Maria Camburu. My research there was on 1) developing deep learning-based approaches to solve the Winograd Schema Challenge and on 2) developing sentence representation models with the goal of improving interpretability and performance on a set of benchmark natural language processing tasks.

In the summer of 2022, I was a research intern in the Microsoft Research Confidential Computing team (Cambridge, UK). I worked on the privacy of machine learning models with Shruti Tople and Daniel Jones. In the summer of 2020, I was a research intern at Twitter (London, UK) in the graph learning team. I worked with Dr. Davide Eynard on the privacy of Twitter graph data. In 2017, I did a summer internship at Google (Boulder, Colorado, USA), in the Payments Compliance Engineering Team, where I was supervised by Craig Wright. In 2016, I did a 5-month internship at Google (Paris, France), where I was supervised by Dr. Sertan Girgin.

News

26/02/2024: My paper “Re-pseudonymization strategies in smart meter data are not robust to deep learning profiling attacks” with Miruna Rusu and Yves-Alexandre de Montjoye has been accepted at CODASPY 2024. The paper will be out soon.

01/02/2024: My paper “Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting” with Daniel Jones, Yves-Alexandre de Montjoye, and Shruti Tople has been accepted at PoPETS 2024! We’ll make the most recent version available soon.

22/01/2024: I attended the discussion panel of the Synthetic Data for Biomedical Applications workshop organised by CHUV and the Swiss Data Science Center.

01/11/2023: I started a postdoc at Ecole Polytechnique Fédérale de Lausanne (EPFL) in Switzerland. I am part of the SPRING Lab headed by Prof. Carmela Troncoso. I am generously funded by the CYD Distinguished Postdoctoral Fellowship of the Swiss Cyberdefense Campus where my main collaborator is Dr. Raphael Meier.

24/07/2023: This week I visited Prof. Thorsten Strufe and his research group at KIT, spending a wonderful week in Karlsruhe.

11/07/2023: I participated in a panel on Data Protection in an AI-Driven World organised by the UK Internet Governance Forum, talking about how we can evaluate the privacy risks of AI models.

04/07/2023: New preprint available: Synthetic is all you need: removing the auxiliary data assumption for membership inference attacks against synthetic data.

30/06/2023: This week I attended the Interdisciplinary Summerschool on Privacy (ISP 2023) in Berg en Dal, Netherlands. I taught a 2-hour class titled “Evaluating the privacy of data processing systems through inference attacks”.

17/06/2023: New preprint available: Achilles’ Heels: Vulnerable Record Identification in Synthetic Data Publishing.

14/06/2023: I presented my Re-aligning Shadow Models can Improve White-box Membership Inference Attacks paper at the PPML workshop in Paris.

14/06/2023: I presented the QuerySnout tool and attended a panel on re-identification at the CNIL Privacy Research Day event in Paris. Three of my other papers were presented by my collaborators on the other panels, two of which examine the robustness of perceptual hashing-based client-side scanning and a third one demonstrating correlation leakages in ML models.

08/06/2023: New preprint available: Re-aligning Shadow Models can Improve White-box Membership Inference Attacks.

12/05/2023: I successfully defended my PhD thesis! I am grateful to my examiners Prof. Vitaly Shmatikov and Prof. Emil Lupu for their feedback.

10/05/2023: I gave a talk about my research at the Centre for Data Ethics and Innovation.

26/04/2023: I gave a talk about my research at the Computer Science Brunel PhD Symposium.

03/04/2023: Our paper Deep perceptual hashing algorithms with hidden dual-purpose: when client-side scanning does facial recognition has been accepted at the IEEE S&P 2023 conference!

20/02/2023: I presented my work at the probability and statistics seminar of the University of Bourgogne France-Comte (Besancon).

09/11/2022: This week, I attended the ACM CCS 2022 conference in Los Angeles, USA. I presented my paper QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems.

11/08/2022: Check out our new blogpost on the effectiveness of black-box evasion attacks against deep perceptual hashing models.

11/08/2022: This week, I attended the USENIX Security ‘22 conference in Boston, USA. I presented my paper on evaluating the robustness of perceptual hashing-based client-side scanning systems.

Usenix Security talk

22/07/2022: I completed my internship in Microsoft Research’s Confidential Computing team and I am now back at Imperial! I will soon share more updates on the work.

13/07/2022: I received a diversity grant from the USENIX association for attending the USENIX Security ‘22 conference in Boston!

02/05/2022: I started an internship at Microsoft Research in the Confidential Computing team, working with Shruti Tople and Daniel Jones.

30/03/2022: I presented my paper Interaction data are identifiable even across long periods of time at the Privacy and Security Seminar, check out this link for the recording.

11/08/2021: I presented my work on evaluating the robustness of perceptual hashing-based client-side scanning to adversarial attacks at the UK-SPS seminar. Check out this link for the recording.

19/11/2021: I gave a contributed talk at the PPML 2021 workshop on my paper Interaction data are identifiable even across long periods of time, check out this link for the recording.

04/11/2021: I gave a talk at the CAMLIS 2021 conference on my paper Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning , which was selected for a full talk.

Research

Publications

* denotes joint first authorship.

  1. Crețu A.-M., Jones, D., de Montjoye Y.-A., and Tople, S. Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting. To appear in PoPETS 2024. [Earlier arXiv version]
  2. Guépin, F., Meeus, M., Crețu A.-M., and de Montjoye Y.-A. Synthetic is all you need: removing the auxiliary data assumption for membership inference attacks against synthetic data. In 18th DPM International Workshop on Data Privacy Management (DPM 2023). [Paper]
  3. Meeus, M., Guépin, F., Crețu A.-M., and de Montjoye Y.-A. Achilles' Heels: Vulnerable Record Identification in Synthetic Data Publishing. In 28th European Symposium on Research in Computer Security (ESORICS 2023). [Paper]
  4. Jain S., Crețu A.-M., Cully, A. and de Montjoye Y.-A. Deep perceptual hashing algorithms with hidden dual-purpose: when client-side scanning does facial recognition. In 2023 IEEE Symposium on Security and Privacy (SP). [Paper]
  5. Crețu A.-M.*, Houssiau, F.*, Cully, A. and de Montjoye Y.-A. QuerySnout: Automating the discovery of attribute inference attacks against query-based systems. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22). [Paper] [Extended arXiv version] [Code]
  6. Crețu A.-M., Monti F., Marrone S., Dong X., Bronstein M. and de Montjoye Y.-A. Interaction data are identifiable even across long periods of time. Nature Communications 13, 313 (2022). [Paper]
    • Presented at the ACM CCS Privacy Preserving Machine Learning 2021 workshop (PPML 2021). Contributed talk.
    • Presented at the NeurIPS Privacy and Machine Learning 2021 workshop (PriML 2021).
    • Featured in TechCrunch and Science News.
  7. Jain S.*, Crețu A.-M.* and de Montjoye Y.-A. Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning. 31st USENIX Security Symposium (USENIX Security 22) [Paper] [Extended arXiv version]
  8. Kocijan V., Camburu O.-M., Crețu A.-M., Yordanov Y., Blunsom P. and Lukasiewicz T. WikiCREM: A Large Unsupervised Corpus for Coreference Resolution. Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP) (2019) [Paper]
  9. Kocijan V., Crețu A.-M., Camburu O.-M., Yordanov Y. and Lukasiewicz T. A Surprisingly Robust Trick for the Winograd Schema Challenge. Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics (ACL 2019) [Paper]

Preprints

  1. Crețu A.-M.*, Guépin F.* and de Montjoye Y.-A. Correlation Inference Attacks against Machine Learning Models. arXiv preprint (2021) [arXiv]

Awards and scholarships

  • I am recipient of the USENIX '22 Diversity grant, which generously supported my trip to the conference in Boston.
  • I am a recipient of the EPFL Excellence Fellowship (awarded to students with outstanding academic records), which generously supported my studies at EPFL.
  • My studies in France were supported by a competitive 2-year full scholarship from the Fondation Odon Vallet and by a 2.5-year scholarship from the Fondation de l'Ecole Polytechnique.
  • I was born and grew up in Romania. There, I participated in many mathematics contests, including the Romanian National Olympiad, where I won one gold medal, three silver medals, and one bronze medal.