This course explores the vulnerabilities of machine learning models to practical hardware attacks such as fault injection and side-channel attacks. The learning outcomes include understanding the impact of hardware attacks on deep neural networks, recognizing the potential damage caused by these attacks, and exploring new perspectives on the security threats posed by hardware-based attack vectors. The course teaches skills in identifying vulnerabilities in ML models, evaluating the impact of fault-injection attacks, and mitigating the risks of side-channel attacks. The teaching method involves reviewing recent research, presenting case studies, and proposing new approaches to enhance the security of ML systems. The intended audience includes cybersecurity professionals, machine learning practitioners, researchers, and anyone interested in understanding the intersection of hardware vulnerabilities and deep learning security.
A Sound Mind in a Vulnerable Body - Practical Hardware Attacks on Deep Learning
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
Recent Work on Secure Machine Learning
Conventional View on ML Models' Robustness
We Propose A New Perspective!
Hardware Attacks Can Break Mathematically-Proven Guarantees
(Weak) Hardware Attacks Can Be Exploited in the Cloud
Prior Work's Perspective on a Model's Robustness
The Worst-Case Perturbation
Threat Model - Single-Bit Adversaries
Evaluate the Weakest Attacker with Multiple Bit-flips
Our Attack: Reconstruction of DNN Architectures from the Trace
We Can Identify the Layers Accessed While Computing
Solution: Generate All Candidate Architectures
Solution: Eliminate incompatible Candidates
Taught by
USENIX Enigma Conference
