CAREER: Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses

职业：保护用于机器学习的可重新配置硬件加速器：威胁与防御

• 批准号: 2239672
• 负责人: Xiaolin Xu
• 金额: $ 59.9万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2028-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2239672&HistoricalAwards=false
• 关键词: CAREER; Securing; Reconfigurable; Hardware; Accelerator

The proliferation of Machine Learning (ML)-enabled applications has fueled a pressing demand for high-performance computing hardware. As a reconfigurable device offering high power efficiency and low overhead, the field programmable gate array (FPGA)-based ML acceleration systems (FPGA-ML) have become the workhorse of ML computing and inference to support many applications in critical domains, including aerospace, defense, and autonomous driving. Although promising, the growing trend of FPGA-ML accelerators also presents new targets for adversaries to attack. This CAREER project will holistically investigate the FPGA-ML system security and integrate the scientific outcomes with educational activities. The research outcome of this project will generate new security components to the emerging FPGA-ML development toolchains and metrics to evaluate the security of real-world products built on these systems, as well as enable technology transfer of research results to the industry practice. This project contains a significant educational component and will attract K-12 students to pursue a STEM education and nurture and cultivate undergraduate and graduate students from underrepresented groups to engage in this open research field. This CAREER project systematically investigates the threats and defenses of the FPGA-ML systems. The scientific outcomes will significantly enrich the traditional works that mainly consider ML security from an algorithm aspect and neglect implementation peculiarities. There are three complementary research thrusts to investigate: (1) Run-time FPGA-ML integrity by studying the impacts of run-time disruption on FPGA-ML acceleration engine for different malicious objectives; (2) Design-time confidentiality by attacking state-of-the-art FPGA-ML systems to explore the potential attack surface; (3) Efficient and scalable defense solutions by characterizing the root causes of both run-time and design-time vulnerabilities of the FPGA-ML systems and developing cross-layer defense strategies at the circuit- and system-level to suit different application scenarios. The proof-of-principles will be applied in designing and prototyping secure FPGA-ML acceleration systems, and the cross-domain knowledge learned from this project will complement the broader AI-enabled cyberspace.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

机器学习（ML）的应用程序的扩散推动了对高性能计算硬件的紧迫需求。作为具有高功率效率和低顶开销的可重新配置设备，现场可编程门阵列（FPGA）基于ML的ML加速度系统（FPGA-ML）已成为ML计算的工作强和推理，以支持包括气球，防御，国防和自动驾驶在内的关键领域中的许多应用。尽管很有希望，但FPGA-ML加速器的日益增长的趋势也为对手攻击的新目标。该职业项目将整体研究FPGA-ML系统安全性，并将科学成果与教育活动相结合。该项目的研究结果将为新兴的FPGA-ML开发工具链和指标生成新的安全组件，以评估这些系统上构建的现实世界产品的安全性，并使研究结果将技术转移到行业实践中。该项目包含一个重要的教育部分，并将吸引K-12学生从事STEM教育，培育和培养来自人数不足的团体的本科生和研究生，以参与这个开放的研究领域。该职业项目系统地研究了FPGA-ML系统的威胁和防御。科学的结果将大大丰富传统作品，这些作品主要考虑算法方面的ML安全性和忽视实施特点。有三个互补的研究推力要研究：（1）运行时FPGA-ML完整性通过研究运行时破坏对FPGA-ML加速引擎对不同恶意目标的影响； （2）通过攻击最先进的FPGA-ML系统来探索潜在的攻击表面来设计时间机密性； （3）通过表征FPGA-ML系统的运行时和设计时间漏洞的根本原因，并在电路和系统级别开发跨层防御策略，以适合不同的应用程序场景。原理证明将应用于设计和原型制定安全的FPGA-ML加速系统，从该项目中学到的跨域知识将补充更广泛的AI-ENI-ENI-ENI-ENBEBSPACE。该奖项反映了NSF的法定任务，并通过该基金会的知识优点和广泛的影响来评估NSF的法定任务，并被认为是值得的支持。

项目成果

MirrorNet: A TEE-Friendly Framework for Secure On-Device DNN Inference

• DOI: 10.1109/iccad57390.2023.10323746
• 发表时间: 2023-10
• 期刊: 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)
• 作者: Ziyu Liu;Yukui Luo;Shijin Duan;Tong Zhou;Xiaolin Xu

AutoReP: Automatic ReLU Replacement for Fast Private Network Inference

• DOI: 10.1109/iccv51070.2023.00478
• 发表时间: 2023-08
• 期刊: 2023 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Hongwu Peng;Shaoyi Huang;Tong Zhou;Yukui Luo;Chenghong Wang;Zigeng Wang;Jiahui Zhao;Xiaowei Xie;Ang Li;Tony Geng;Kaleel Mahmood;Wujie Wen;Xiaolin Xu;Caiwen Ding

HammerDodger: A Lightweight Defense Framework against RowHammer Attack on DNNs

• DOI: 10.1109/dac56929.2023.10247671
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Gongye Cheng;Yukui Luo;Xiaolin Xu;Yunsi Fei

PASNet: Polynomial Architecture Search Framework for Two-party Computation-based Secure Neural Network Deployment

• DOI: 10.1109/dac56929.2023.10247663
• 发表时间: 2023-06
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Hongwu Peng;Shangli Zhou;Yukui Luo;Nuo Xu;Shijin Duan;Ran Ran-Ran;Jiahui Zhao;Chenghong Wang;Tong Geng;Wujie Wen;Xiaolin Xu;Caiwen Ding

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation

NNSplitter：通过自动权重混淆的 DNN 模型主动防御解决方案

• 发表时间: 2023
• 期刊: 40th International Conference on Machine Learning (ICML 2023
• 作者: Zhou, Tong;Ren, Shaolei;Xu, Xiaolin
• 通讯作者: Xu, Xiaolin