Loading [MathJax]/extensions/MathZoom.js
Preserving Privacy of Neuromorphic Hardware From PCIe Congestion Side-Channel Attack | IEEE Conference Publication | IEEE Xplore

Preserving Privacy of Neuromorphic Hardware From PCIe Congestion Side-Channel Attack


Abstract:

Neuromorphic systems are equipped with software-managed scratchpad to cache intermediate results and synaptic weights of a machine learning model. PCIe (Peripheral Compon...Show More

Abstract:

Neuromorphic systems are equipped with software-managed scratchpad to cache intermediate results and synaptic weights of a machine learning model. PCIe (Peripheral Component Interconnect Express) is the de facto protocol to interface between scratchpad and main memory. Congestion happens when PCIe traffic overwhelms the PCIe link capacity. This introduces transmission delay, which not only impacts model performance but also leaks sensitive information about a user (the victim).In this paper, we show that inefficient data placement in scratchpad using state-of-the-art compilers may trigger significant data movement over PCIe. An attacker can measure the PCIe congestion to indirectly infer the victim’s model. Therefore, the delay from PCIe congestion can be exploited as a side-channel.We propose a compiler extension to intelligently manage scratchpad in order to improve model privacy. First, we formulate a design metric to assess the vulnerability of a model to PCIe congestion side-channel attack. Next, we propose an optimization strategy integrated within the compiler to identify contents that should be retained inside scratchpad to minimize this design metric. Finally, we propose a Hill Climbing heuristic to allocate model operations to neuromorphic tiles and improve privacy by efficiently utilizing their on-chip scratchpad capacity.We evaluate our privacy-preserving model execution (PrivacyX) to mitigate PCIe congestion side-channel attack using one attack scenario and 16 image, object, and language-based machine learning models. We show that PrivacyX significantly reduces the vulnerability of a model to PCIe congestion side-channel attack compared to baseline compilers. We also show that PrivacyX, which is managed entirely in software, is complementary to several hardware-based privacy preserving solutions.
Date of Conference: 26-30 June 2023
Date Added to IEEE Xplore: 02 August 2023
ISBN Information:
Print on Demand(PoD) ISSN: 0730-3157
Conference Location: Torino, Italy

Funding Agency:


I. Introduction

Neuromorphic systems are nowadays used in mobile and embedded systems to accelerate machine learning operations under constrained energy budgets [1]. These devices are located outside CPU cores and interface with the main memory via Peripheral Component Interconnect Express (PCIe) [3].

References

References is not available for this document.