Obsidian: Cooperative State-Space Exploration for Performant Inference on Secure ML Accelerators

2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA)

A multi-neural network acceleration architecture

Eunjin Baek, Dongup Kwon, Jangwoo Kim

Published: 2020

Sesame: Software defined enclaves to secure inference accelerators with multi-tenant execution

Sarbartha Banerjee, Prakash Ramrakhyani, Shijia Wei, Mohit Tiwari

Published: 2020

arxiv

被引用数 1

Computing Research Repository (CoRR)

Bandwidth Utilization Side-Channel on ML Inference Accelerators

Sarbartha Banerjee, Shijia Wei, Prakash Ramrakhyani, Mohit Tiwari

Published: 2021.10.14

Accelerators used for machine learning (ML) inference provide great performance benefits over CPUs. Securing confidential model in inference against off-chip side-channel attacks is critical in harnessing the performance advantage in practice. Data and memory address encryption has been recently proposed to defend against off-chip attacks. In this paper, we demonstrate that bandwidth utilization on the interface between accelerators and the weight storage can serve a side-channel for leaking confidential ML model architecture. This side channel is independent of the type of interface, leaks even in the presence of data and memory address encryption and can be monitored through performance counters or through bus contention from an on-chip unprivileged process.

リソース消費分析機械学習アルゴリズム敵対的攻撃手法

Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy

Triton: Software-defined threat model for secure multi-tenant ml inference accelerators

Sarbartha Banerjee, Shijia Wei, Prakash Ramrakhyani, Mohit Tiwari

Published: 2023

Massachusetts Institute of Technology

Energy-efficient protocols and hardware architectures for transport layer security

Utsav Banerjee

Published: 2017

IEEE Journal of Solid-State Circuits

An energy-efficient reconfigurable dtls cryptographic engine for securing internet-of-things applications

Utsav Banerjee, Andrew Wright, Chiraag Juvekar, Madeleine Waller, Anantha P Chandrakasan, et al.

Published: 2019

Medical Imaging 2015: Computer-Aided Diagnosis

Deep learning with non-medical training used for chest pathology identification

Yaniv Bar, Idit Diamant, Lior Wolf, Hayit Greenspan

Published: 2015

2015 IEEE 12th international symposium on biomedical imaging (ISBI)

Chest pathology detection using deep learning with non-medical training

Yaniv Bar, Idit Diamant, Lior Wolf, Sivan Lieberman, Eli Konen, Hayit Greenspan

Published: 2015

OpenAI Technical Report

Language models are few-shot learners

T. B. Brown, B. Mann, N. Ryder, M. Subbiah, J. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell, S. Agarwal, A. Herbert-Voss, G. Krueger, T. Henighan, R. Child, A. Ramesh, D. M. Ziegler, J. Wu, C. Winter, C. Hesse, M. Chen, E. Sigler, M. Litwin, S. Gray, B. Chess, J. Clark, C. Berner, S. McCandlish, A. Radford, I. Sutskever, D. Amodei

Published: 2020

CAAI Transactions on Intelligence Technology

Side channel attacks for architecture extraction of neural networks

Hervé Chabanne, Jean-Luc Danger, Linda Guiga, Ulrich Kühne

Published: 2021

Drampower: Open-source dram power & energy estimation tool

K Chandrasekar, C Weis, Y Li, B Akesson, N Wehn, K Goossens

Published: 2017

13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)

TVM: An automated End-to-End optimizing compiler for deep learning

Tianqi Chen, Thierry Moreau, Ziheng Jiang, Lianmin Zheng, Eddie Yan, Haichen Shen, Meghan Cowan, Leyuan Wang, Yuwei Hu, Luis Ceze, Carlos Guestrin, Arvind Krishnamurthy

Published: 2018

Advances in Neural Information Processing Systems

Learning to optimize tensor programs

Tianqi Chen, Lianmin Zheng, Eddie Yan, Ziheng Jiang, Thierry Moreau, Luis Ceze, Carlos Guestrin, Arvind Krishnamurthy

Published: 2018

IEEE Journal on Emerging and Selected Topics in Circuits and Systems

Eyeriss v2: A flexible accelerator for emerging deep neural networks on mobile devices

Yu-Hsin Chen, Tien-Ju Yang, Joel Emer, Vivienne Sze

Published: 2019

2020 IEEE International Symposium on High Performance Computer Architecture (HPCA)

Prema: A predictive multi-task scheduling algorithm for preemptible neural processing units

Yujeong Choi, Minsoo Rhu

Published: 2020

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Dagguise: mitigating memory timing side channels

Peter W Deutsch, Yuheng Yang, Thomas Bourgeat, Jules Drean, Joel S Emer, Mengjia Yan

Published: 2022

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

Planaria: Dynamic architecture fission for spatial multi-tenant acceleration of deep neural networks

Soroush Ghodrati, Byung Hoon Ahn, Joon Kyung Kim, Sean Kinzer, Brahmendra Reddy Yatham, Navateja Alla, Hardik Sharma, Mohammad Alian, Eiman Ebrahimi, Nam Sung Kim, et al.

Published: 2020

International conference on machine learning

Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy

Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, John Wensing

Published: 2016

ACM SIGARCH Computer Architecture News

Eie: efficient inference engine on compressed deep neural network

Song Han, Xingyu Liu, Huizi Mao, Jing Pu, Ardavan Pedram, Mark A Horowitz, William J Dally

Published: 2016

Deep speech: Scaling up end-to-end speech recognition

Awni Hannun, Carl Case, Jared Casper, Bryan Catanzaro, Greg Diamos, Erich Elsen, Ryan Prenger, Sanjeev Satheesh, Shubho Sengupta, Adam Coates, et al.

Published: 2014

Computer Vision – ECCV 2016

Identity mappings in deep residual networks

K. He, X. Zhang, S. Ren, J. Sun

Published: 2016

Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Mind mappings: enabling efficient algorithm-accelerator mapping space search

Kartik Hegde, Po-An Tsai, Sitao Huang, Vikas Chandra, Angshuman Parashar, Christopher W Fletcher

Published: 2021

ASPLOS ’20: Architectural Support for Programming Languages and Operating Systems

Deepsniffer: A DNN model extraction framework based on learning architectural hints

Xing Hu, Ling Liang, Shuangchen Li, Lei Deng, Pengfei Zuo, Yu Ji, Xinfeng Xie, Yufei Ding, Chang Liu, Timothy Sherwood, Yuan Xie

Published: 2020

Proceedings of the 59th ACM/IEEE Design Automation Conference

Guardnn: secure accelerator architecture for privacy-preserving deep learning

Weizhe Hua, Muhammad Umar, Zhiru Zhang, G Edward Suh

Published: 2022

Proceedings of the 49th Annual International Symposium on Computer Architecture

Mgx: Near-zero overhead memory protection for data-intensive accelerators

Weizhe Hua, Muhammad Umar, Zhiru Zhang, G. Edward Suh

Published: 2022

Proceedings of the 55th Annual Design Automation Conference

Reverse engineering convolutional neural networks through side-channel information leaks

W. Hua, Z. Zhang, G. E. Suh

Published: 2018

2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)

Cosa: Scheduling by constrained optimization for spatial accelerators

Qijing Huang, Minwoo Kang, Grace Dinh, Thomas Norell, Aravind Kalaiah, James Demmel, John Wawrzynek, Yakun Sophia Shao

Published: 2021

Proceedings of the Annual International Symposium on Computer Architecture

In-datacenter performance analysis of a tensor processing unit

N. P. Jouppi

Published: 2017

Proceedings of the 39th International Conference on Computer-Aided Design

Gamma: Automating the hw mapping of dnn models on accelerators via genetic algorithm

Sheng-Chun Kao, Tushar Krishna

Published: 2020

2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)

Magma: An optimization framework for mapping multiple dnns on multiple accelerator cores

Sheng-Chun Kao, Tushar Krishna

Published: 2022

2022 Design, Automation & Test in Europe Conference & Exhibition (DATE)

Digamma: Domain-aware genetic algorithm for hw-mapping co-optimization for dnn accelerators

Sheng-Chun Kao, Michael Pellauer, Angshuman Parashar, Tushar Krishna

Published: 2022

IEEE Comput. Archit. Lett.

Ramulator: A fast and extensible dram simulator

Yoongu Kim, Weikun Yang, Onur Mutlu

Published: 2016

Commun. ACM

Imagenet classification with deep convolutional neural networks

A. Krizhevsky, I. Sutskever, G. E. Hinton

Published: 2017

Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture

Understanding reuse, performance, and hardware cost of dnn dataflow: A data-centric approach

Hyoukjun Kwon, Prasanth Chatarasi, Michael Pellauer, Angshuman Parashar, Vivek Sarkar, Tushar Krishna

Published: 2019

IEEE Micro

Maestro: A data-centric approach to understand reuse, performance, and hardware cost of dnn mappings

Hyoukjun Kwon, Prasanth Chatarasi, Vivek Sarkar, Tushar Krishna, Michael Pellauer, Angshuman Parashar

Published: 2020

ACM SIGPLAN Notices

Maeri: Enabling flexible dataflow mapping over dnn accelerators via reconfigurable interconnects

Hyoukjun Kwon, Ananda Samajdar, Tushar Krishna

Published: 2018

Mlir: A compiler infrastructure for the end of moore’s law

Chris Lattner, Mehdi Amini, Uday Bondhugula, Albert Cohen, Andy Davis, Jacques Pienaar, River Riddle, Tatiana Shpeisman, Nicolas Vasilache, Oleksandr Zinenko

Published: 2020

Keystone: A framework for architecting tees

Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, Krste Asanović

Published: 2019

MICROP’23

Secureloop: Design space exploration of secure dnn accelerators

Kyungmi Lee, Mengjia Yan, Joel S Emer, Anantha P Chandrakasan

Published: 2023

2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)

Tnpu: Supporting trusted execution with tree-less integrity protection for neural processing unit

Sunho Lee, Jungwoo Kim, Seonjin Na, Jongse Park, Jaehyuk Huh

Published: 2022

Proceedings of the 25th International Conference on World Wide Web

Cracking classifiers for evasion: a case study on the google’s phishing pages filter

Bin Liang, Miaoqiang Su, Wei You, Wenchang Shi, Gang Yang

Published: 2016

Proceedings of the Chapel Hill Conference on VLSI

A systolic array for rapid string comparison

Richard J Lipton, Daniel Lopresti

Published: 1985

Advances in Computer Vision and Pattern Recognition

Deep learning and convolutional neural networks for medical image computing

Le Lu, Yefeng Zheng, Gustavo Carneiro, Lin Yang

Published: 2017

Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP)

Secureml: A system for scalable privacy-preserving machine learning

P. Mohassel, Y. Zhang

Published: 2017

Vta: An open hardware-software stack for deep learning

Thierry Moreau, Tianqi Chen, Ziheng Jiang, Luis Ceze, Carlos Guestrin, Arvind Krishnamurthy

Published: 2018

Deep learning recommendation model for personalization and recommendation systems

M. Naumov, D. Mudigere, H.-J. M. Shi, J. Huang, N. Sundaraman, J. Park, X. Wang, U. Gupta, C.-J. Wu, A. G. Azzolini

Published: 2019

2019 IEEE international symposium on performance analysis of systems and software (ISPASS)

Timeloop: A systematic approach to dnn accelerator evaluation

Angshuman Parashar, Priyanka Raina, Yakun Sophia Shao, Yu-Hsin Chen, Victor A Ying, Anurag Mukkara, Rangharajan Venkatesan, Brucek Khailany, Stephen W Keckler, Joel Emer

Published: 2019

Advances in neural information processing systems

Faster r-cnn: Towards real-time object detection with region proposal networks

Shaoqing Ren, Kaiming He, Ross Girshick, Jian Sun

Published: 2015

2020 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS)

A systematic methodology for characterizing scalability of dnn accelerators using scale-sim

Ananda Samajdar, Jan Moritz Joseph, Yuhao Zhu, Paul Whatmough, Matthew Mattina, Tushar Krishna

Published: 2020

ACM SIGSAC Conf. Comp. Comm. Sec.

Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition

M. Sharif, S. Bhagavatula, L. Bauer, M. K. Reiter

Published: 2016

2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)

Securator: A fast and secure neural processing unit

Nivedita Shrivastava, Smruti Ranjan Sarangi

Published: 2023

Nature

Mastering the game of Go with deep neural networks and tree search

D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. Van Den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot

Published: 2016

ACM SIGARCH Computer Architecture News

Decoupled access/execute computer architectures

James E Smith

Published: 1982

Advances in neural information processing systems

Attention is all you need

Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, Łukasz Kaiser, Illia Polosukhin

Published: 2017

2023 USENIX Annual Technical Conference

Confidential computing within an ai accelerator

Kapil Vaswani, Stavros Volos, Cédric Fournet, Antonio Nino Diaz, Ken Gordon, Balaji Vembu, Sam Webster, David Chisnall, Saurabh Kulkarni, Graham Cunningham, Richard Osborne, Daniel Wilkinson

Published: 2023

Google’s neural machine translation system: Bridging the gap between human and machine translation

Yonghui Wu, Mike Schuster, Zhifeng Chen, Quoc V Le, Mohammad Norouzi, Wolfgang Macherey, Maxim Krikun, Yuan Cao, Qin Gao, Klaus Macherey, et al.

Published: 2016

Proceedings of the 15th ACM Conference on Recommender Systems

Blackbox attacks on sequential recommenders via data-free model extraction

Zhenrui Yue, Zhankui He, Huimin Zeng, Julian McAuley

Published: 2021

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Shef: Shielded enclaves for cloud fpgas

Mark Zhao, Mingyu Gao, Christos Kozyrakis

Published: 2022

Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems

Flextensor: An automatic schedule exploration and optimization framework for tensor computation on heterogeneous system

Size Zheng, Yun Liang, Shuo Wang, Renze Chen, Kaiwen Sheng

Published: 2020

2017 IEEE International Symposium on High Performance Computer Architecture (HPCA)

Camouflage: Memory traffic shaping to mitigate timing attacks

Yanqi Zhou, Sameer Wagh, Prateek Mittal, David Wentzlaff

Published: 2017