CAREER: Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses

职业：保护用于机器学习的可重新配置硬件加速器：威胁与防御

• 批准号: 2239672
• 负责人: Xiaolin Xu
• 金额: $ 59.9万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2028-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2239672&HistoricalAwards=false
• 关键词: CAREER; Securing; Reconfigurable; Hardware; Accelerator

The proliferation of Machine Learning (ML)-enabled applications has fueled a pressing demand for high-performance computing hardware. As a reconfigurable device offering high power efficiency and low overhead, the field programmable gate array (FPGA)-based ML acceleration systems (FPGA-ML) have become the workhorse of ML computing and inference to support many applications in critical domains, including aerospace, defense, and autonomous driving. Although promising, the growing trend of FPGA-ML accelerators also presents new targets for adversaries to attack. This CAREER project will holistically investigate the FPGA-ML system security and integrate the scientific outcomes with educational activities. The research outcome of this project will generate new security components to the emerging FPGA-ML development toolchains and metrics to evaluate the security of real-world products built on these systems, as well as enable technology transfer of research results to the industry practice. This project contains a significant educational component and will attract K-12 students to pursue a STEM education and nurture and cultivate undergraduate and graduate students from underrepresented groups to engage in this open research field. This CAREER project systematically investigates the threats and defenses of the FPGA-ML systems. The scientific outcomes will significantly enrich the traditional works that mainly consider ML security from an algorithm aspect and neglect implementation peculiarities. There are three complementary research thrusts to investigate: (1) Run-time FPGA-ML integrity by studying the impacts of run-time disruption on FPGA-ML acceleration engine for different malicious objectives; (2) Design-time confidentiality by attacking state-of-the-art FPGA-ML systems to explore the potential attack surface; (3) Efficient and scalable defense solutions by characterizing the root causes of both run-time and design-time vulnerabilities of the FPGA-ML systems and developing cross-layer defense strategies at the circuit- and system-level to suit different application scenarios. The proof-of-principles will be applied in designing and prototyping secure FPGA-ML acceleration systems, and the cross-domain knowledge learned from this project will complement the broader AI-enabled cyberspace.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

支持机器学习 (ML) 的应用程序的激增推动了对高性能计算硬件的迫切需求。作为一种具有高功效和低开销的可重构设备，基于现场可编程门阵列 (FPGA) 的机器学习加速系统 (FPGA-ML) 已成为机器学习计算和推理的主力，支持关键领域的许多应用，包括航空航天、国防、自动驾驶。尽管前景光明，但 FPGA-ML 加速器的增长趋势也为对手提供了新的攻击目标。该职业项目将全面研究 FPGA-ML 系统安全性，并将科学成果与教育活动相结合。该项目的研究成果将为新兴的 FPGA-ML 开发工具链和指标生成新的安全组件，以评估基于这些系统构建的实际产品的安全性，并实现研究成果向行业实践的技术转移。该项目包含重要的教育内容，将吸引 K-12 学生接受 STEM 教育，并培育和培养来自弱势群体的本科生和研究生参与这一开放研究领域。该职业项目系统地研究了 FPGA-ML 系统的威胁和防御。这些科学成果将极大地丰富主要从算法方面考虑机器学习安全性而忽视实现特性的传统工作。需要研究三个互补的研究重点：（1）运行时 FPGA-ML 完整性，通过研究运行时中断对针对不同恶意目标的 FPGA-ML 加速引擎的影响； (2) 通过攻击最先进的 FPGA-ML 系统来探索潜在的攻击面，从而实现设计时机密性； (3) 高效且可扩展的防御解决方案，通过表征 FPGA-ML 系统运行时和设计时漏洞的根本原因，并在电路和系统级别开发跨层防御策略以适应不同的应用场景。原理验证将应用于安全 FPGA-ML 加速系统的设计和原型设计，从该项目中学到的跨领域知识将补充更广泛的人工智能网络空间。该奖项反映了 NSF 的法定使命，并被认为是值得的通过使用基金会的智力优势和更广泛的影响审查标准进行评估来获得支持。

项目成果

MirrorNet: A TEE-Friendly Framework for Secure On-Device DNN Inference

• DOI: 10.1109/iccad57390.2023.10323746
• 发表时间: 2023-10
• 期刊: 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)
• 作者: Ziyu Liu;Yukui Luo;Shijin Duan;Tong Zhou;Xiaolin Xu

AutoReP: Automatic ReLU Replacement for Fast Private Network Inference

• DOI: 10.1109/iccv51070.2023.00478
• 发表时间: 2023-08
• 期刊: 2023 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Hongwu Peng;Shaoyi Huang;Tong Zhou;Yukui Luo;Chenghong Wang;Zigeng Wang;Jiahui Zhao;Xiaowei Xie;Ang Li;Tony Geng;Kaleel Mahmood;Wujie Wen;Xiaolin Xu;Caiwen Ding

HammerDodger: A Lightweight Defense Framework against RowHammer Attack on DNNs

• DOI: 10.1109/dac56929.2023.10247671
• 发表时间: 2023-07
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Gongye Cheng;Yukui Luo;Xiaolin Xu;Yunsi Fei

PASNet: Polynomial Architecture Search Framework for Two-party Computation-based Secure Neural Network Deployment

• DOI: 10.1109/dac56929.2023.10247663
• 发表时间: 2023-06
• 期刊: 2023 60th ACM/IEEE Design Automation Conference (DAC)
• 作者: Hongwu Peng;Shangli Zhou;Yukui Luo;Nuo Xu;Shijin Duan;Ran Ran-Ran;Jiahui Zhao;Chenghong Wang;Tong Geng;Wujie Wen;Xiaolin Xu;Caiwen Ding

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation

NNSplitter：通过自动权重混淆的 DNN 模型主动防御解决方案

• 发表时间: 2023
• 期刊: 40th International Conference on Machine Learning (ICML 2023
• 作者: Zhou, Tong;Ren, Shaolei;Xu, Xiaolin
• 通讯作者: Xu, Xiaolin