Title: Micro-architectural Security Analysis of Deep Neural Networks


Abstract:

The recent works such as Spectre, Flush-Reload, etc. based on the
security aspects of modern processors’ micro-architectural features
are alarming in nature. There is a huge need for the security analysis
of various kinds of processors and their features and vulnerabilities.
The success in simpler terms, accuracy, and efficiency of Deep Neural
Networks for Artificial Intelligence applications, greatly realized by
the developments in the computational performance of systems, is leading
to a surge in popularity and use of DNNs.

However, some of the very recent works show that DNNs are vulnerable
to various micro-architectural attacks. The attacks, such as RowHammer
attack, can be used to degrade the performance of a DNN drastically
from as high as a 90% accuracy to almost to a random guess accuracy (10-15%).
The criticality of this kind of attack is serious, as there are considerations
of the use of DNNs in Surveillance, Defence, and other security-critical
applications. Other attacks like Flush-Reload attack can be used to do DNN
fingerprinting because of certain patterns of execution in DNNs, which
essentially is a breach of intellectual property rights.

On the other hand, there is a surge in the use of Deep Learning Accelerators
such as Neural Processing Engine on Embedded Platforms, Tensor Processing
Unit (TPU) for Computing in the Cloud, apart from the GP-GPUs, for faster,
accurate and efficient deployments of AI applications based on Deep Learning.
There is a need for attention in the security aspects of the design of these
special processor architectures, as they are in an early stage of development.
The Deep Learning community essentially needs the Systems Research community
to join hands and help in building the next generation smart applications of
computing devices, that are reliable, secure, and efficient.