CAREER: Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses

职业：保护用于机器学习的可重新配置硬件加速器：威胁与防御

• 批准号: 2239672
• 负责人: Xiaolin Xu
• 金额: $ 59.9万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2028-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2239672&HistoricalAwards=false
• 关键词: CAREER; Securing; Reconfigurable; Hardware; Accelerator

The proliferation of Machine Learning (ML)-enabled applications has fueled a pressing demand for high-performance computing hardware. As a reconfigurable device offering high power efficiency and low overhead, the field programmable gate array (FPGA)-based ML acceleration systems (FPGA-ML) have become the workhorse of ML computing and inference to support many applications in critical domains, including aerospace, defense, and autonomous driving. Although promising, the growing trend of FPGA-ML accelerators also presents new targets for adversaries to attack. This CAREER project will holistically investigate the FPGA-ML system security and integrate the scientific outcomes with educational activities. The research outcome of this project will generate new security components to the emerging FPGA-ML development toolchains and metrics to evaluate the security of real-world products built on these systems, as well as enable technology transfer of research results to the industry practice. This project contains a significant educational component and will attract K-12 students to pursue a STEM education and nurture and cultivate undergraduate and graduate students from underrepresented groups to engage in this open research field. This CAREER project systematically investigates the threats and defenses of the FPGA-ML systems. The scientific outcomes will significantly enrich the traditional works that mainly consider ML security from an algorithm aspect and neglect implementation peculiarities. There are three complementary research thrusts to investigate: (1) Run-time FPGA-ML integrity by studying the impacts of run-time disruption on FPGA-ML acceleration engine for different malicious objectives; (2) Design-time confidentiality by attacking state-of-the-art FPGA-ML systems to explore the potential attack surface; (3) Efficient and scalable defense solutions by characterizing the root causes of both run-time and design-time vulnerabilities of the FPGA-ML systems and developing cross-layer defense strategies at the circuit- and system-level to suit different application scenarios. The proof-of-principles will be applied in designing and prototyping secure FPGA-ML acceleration systems, and the cross-domain knowledge learned from this project will complement the broader AI-enabled cyberspace.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

支持机器学习(ML)的应用程序的激增推动了对高性能计算硬件的迫切需求。基于现场可编程门阵列(现场可编程门阵列)的ML加速系统作为一种高能效、低开销的可重构器件，已经成为ML计算和推理的主力，支持航空航天、国防、自动驾驶等关键领域的应用。尽管前景看好，但日益增长的FPGA-ML加速器趋势也为对手提供了新的攻击目标。该项目将对现场可编程门阵列系统的安全性进行全面研究，并将科研成果与教育活动相结合。该项目的研究成果将为新兴的FPGA-ML开发工具链和指标生成新的安全组件，以评估构建在这些系统上的现实产品的安全性，并使研究成果能够转化为行业实践。该项目包含一个重要的教育组成部分，将吸引K-12学生接受STEM教育，并培养和培养来自代表性不足群体的本科生和研究生，以从事这一开放的研究领域。这个职业项目系统地研究了现场可编程门阵列系统的威胁和防御。这些研究成果将极大地丰富传统工作中主要从算法角度考虑ML安全性而忽视实现特性的问题。(1)针对不同的恶意目标，研究运行中断对FPGA-ML加速引擎的影响；(2)设计时的保密性，通过攻击最先进的FPGA-ML系统来发现潜在的攻击面；(3)高效和可扩展的防御解决方案，通过分析运行时和设计时漏洞的根源，并在电路和系统级别制定跨层防御策略，以适应不同的应用场景。原则证明将应用于设计和制作安全的FPGA-ML加速系统的原型，从该项目中学到的跨领域知识将补充更广泛的人工智能支持的网络空间。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

MirrorNet: A TEE-Friendly Framework for Secure On-Device DNN Inference

• DOI: 10.1109/iccad57390.2023.10323746
• 发表时间: 2023-10
• 期刊: 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)
• 作者: Ziyu Liu;Yukui Luo;Shijin Duan;Tong Zhou;Xiaolin Xu

AutoReP: Automatic ReLU Replacement for Fast Private Network Inference

• DOI: 10.1109/iccv51070.2023.00478
• 发表时间: 2023-08
• 期刊: 2023 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Hongwu Peng;Shaoyi Huang;Tong Zhou;Yukui Luo;Chenghong Wang;Zigeng Wang;Jiahui Zhao;Xiaowei Xie;Ang Li;Tony Geng;Kaleel Mahmood;Wujie Wen;Xiaolin Xu;Caiwen Ding

HammerDodger: A Lightweight Defense Framework against RowHammer Attack on DNNs

• DOI: 10.1109/dac56929.2023.10247671
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Gongye Cheng;Yukui Luo;Xiaolin Xu;Yunsi Fei

PASNet: Polynomial Architecture Search Framework for Two-party Computation-based Secure Neural Network Deployment

• DOI: 10.1109/dac56929.2023.10247663
• 发表时间: 2023-06
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Hongwu Peng;Shangli Zhou;Yukui Luo;Nuo Xu;Shijin Duan;Ran Ran-Ran;Jiahui Zhao;Chenghong Wang;Tong Geng;Wujie Wen;Xiaolin Xu;Caiwen Ding

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation

NNSplitter：通过自动权重混淆的 DNN 模型主动防御解决方案

• 发表时间: 2023
• 期刊: 40th International Conference on Machine Learning (ICML 2023
• 作者: Zhou, Tong;Ren, Shaolei;Xu, Xiaolin
• 通讯作者: Xu, Xiaolin