Conference proceeding
Preserving Privacy of Neuromorphic Hardware From PCIe Congestion Side-Channel Attack
2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC), pp 689-698
Jun 2023
Abstract
Neuromorphic systems are equipped with software-managed scratchpad to cache intermediate results and synaptic weights of a machine learning model. PCIe (Peripheral Component Interconnect Express) is the de facto protocol to interface between scratchpad and main memory. Congestion happens when PCIe traffic overwhelms the PCIe link capacity. This introduces transmission delay, which not only impacts model performance but also leaks sensitive information about a user (the victim).In this paper, we show that inefficient data placement in scratchpad using state-of-the-art compilers may trigger significant data movement over PCIe. An attacker can measure the PCIe congestion to indirectly infer the victim's model. Therefore, the delay from PCIe congestion can be exploited as a side-channel.We propose a compiler extension to intelligently manage scratchpad in order to improve model privacy. First, we formulate a design metric to assess the vulnerability of a model to PCIe congestion side-channel attack. Next, we propose an optimization strategy integrated within the compiler to identify contents that should be retained inside scratchpad to minimize this design metric. Finally, we propose a Hill Climbing heuristic to allocate model operations to neuromorphic tiles and improve privacy by efficiently utilizing their on-chip scratchpad capacity.We evaluate our privacy-preserving model execution (PrivacyX) to mitigate PCIe congestion side-channel attack using one attack scenario and 16 image, object, and language-based machine learning models. We show that PrivacyX significantly reduces the vulnerability of a model to PCIe congestion side-channel attack compared to baseline compilers. We also show that PrivacyX, which is managed entirely in software, is complementary to several hardware-based privacy preserving solutions.
Metrics
Details
- Title
- Preserving Privacy of Neuromorphic Hardware From PCIe Congestion Side-Channel Attack
- Creators
- Anup Das - Drexel University
- Publication Details
- 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC), pp 689-698
- Publisher
- IEEE
- Grant note
- U.S. Department of Energy (10.13039/100000015) National Science Foundation (10.13039/100000001)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Electrical and Computer Engineering
- Web of Science ID
- WOS:001046484100084
- Scopus ID
- 2-s2.0-85168878991
- Other Identifier
- 991021016786904721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Web of Science research areas
- Computer Science, Interdisciplinary Applications
- Computer Science, Software Engineering