CAREER: Dependable and Secure Machine Learning Acceleration from Untrusted Hardware

职业：来自不受信任的硬件的可靠且安全的机器学习加速

• 批准号: 2238873
• 负责人: Wujie Wen
• 金额: $ 60万
• 依托单位: Lehigh University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2024-02-29
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2238873&HistoricalAwards=false
• 关键词: CAREER; Dependable; Secure; Machine; Learning

Fueled by the advancements of machine learning (ML) models and computing hardware, intelligence is becoming a household brand from cloud to edge, transforming every walk of life. For intelligent systems with safety and security as their primary requirements, such as autonomous vehicles and doctorless clinics, ensuring inference dependability is essential. Unfortunately, current hardware cannot provide such a promise. The inference execution can be disturbed by either passive faults or active physical fault attacks on hardware components like memory, logic. While there have been relevant studies from the perspective of data, the problem in the context of hardware is different and far less explored. This CAREER project aims to create a new paradigm of safeguarding ML execution against both passive hardware faults and active fault attacks, with a focus on proactively rooting inference dependability into ML processing by design. Unlike prior reactive hardware bug repair or hardware security-based solutions, which do not closely embrace ML's distinct properties, the project's novelties lie in the new capability development inside ML processing, namely "Multi-Purposed Neuron", and the cross-layer exploration of ML algorithm, hardware architecture and hardware security centered around this. The project's broader significance and importance are: 1) yield practical solutions for ensuring the root of trust of accelerated artificial intelligence (AI) services in security, healthcare, automated systems, and other domains; 2) advance the state-of-the-art on the interactions among AI algorithm, hardware, and security design; 3) provide abundant educational opportunities and outreach activities to nurture and attract students from underrepresented groups and the K-12 community. The project seeks to develop "Multi-Purposed Neuron"-centered ML inference protection methodologies for hardware accelerators through algorithm-hardware-security co-design, with guarantees of generality, scalability, feasibility, and durability. The project consists of three thrusts: 1) Improve fault tolerance offline through "Coded Neurons" and hardware optimization without assuming a fixed attack available prior (Generality); 2) Mitigate multiple faults online via "Guarded Neurons", dedicated training methods and hardware design (Scalability); 3) Defend against strong and adaptive attacks by real time proactive solutions built upon "Honey Neurons" and Trust Execution Environment (Durability). The impact on inference accuracy, latency and hardware overhead will be minimized across all thrusts (Feasibility).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在机器学习 (ML) 模型和计算硬件进步的推动下，智能正在成为从云到边缘的家喻户晓的品牌，改变着各行各业。对于自动驾驶汽车、无医生诊所等以安全保障为首要要求的智能系统来说，确保推理的可靠性至关重要。不幸的是，当前的硬件无法提供这样的承诺。推理执行可能会受到对内存、逻辑等硬件组件的被动故障或主动物理故障攻击的干扰。虽然已经从数据的角度进行了相关研究，但硬件背景下的问题却有所不同，而且探讨得还少。该 CAREER 项目旨在创建一种新的范例，保护 ML 执行免受被动硬件故障和主动故障攻击，重点是通过设计主动将推理可靠性植根于 ML 处理中。与之前的反应式硬件错误修复或基于硬件安全的解决方案不同，这些解决方案并未紧密拥抱机器学习的独特属性，该项目的新颖之处在于机器学习处理内部的新功能开发，即“多用途神经元”，以及跨层探索ML算法、硬件架构和硬件安全都是围绕这个展开的。该项目更广泛的意义和重要性在于：1）提供实用的解决方案，确保加速人工智能（AI）服务在安全、医疗保健、自动化系统和其他领域的信任根； 2）推进人工智能算法、硬件和安全设计之间交互的最先进水平； 3) 提供丰富的教育机会和外展活动，以培养和吸引弱势群体和 K-12 社区的学生。该项目旨在通过算法-硬件-安全协同设计，开发以“多用途神经元”为中心的硬件加速器机器学习推理保护方法，并保证通用性、可扩展性、可行性和耐用性。该项目由三个主旨组成：1）通过“编码神经元”和硬件优化来提高离线容错能力，而不假设先有固定攻击可用（通用性）； 2）通过“Guarded Neurons”、专门的训练方法和硬件设计（可扩展性）在线缓解多种故障； 3) 通过基于“蜂蜜神经元”和信任执行环境（持久性）的实时主动解决方案防御强大的自适应攻击。所有主旨（可行性）对推理准确性、延迟和硬件开销的影响都将降至最低。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。