Loading...
Extracting neural network models via contention-based side channel attacks on shared memory system-on-chips
Cieslewicz, Alexander W.
Cieslewicz, Alexander W.
Citations
Altmetric:
Advisor
Editor
Date
Date Issued
2022
Date Submitted
Keywords
Collections
Research Projects
Organizational Units
Journal Issue
Embargo Expires
Abstract
Shared Memory System-on-Chip (SM-SoC) devices are used in a multitude of environments in order to
execute sensitive and critical operations. Some of these operations include the execution of deep neural
networks (DNN). Several side-channel attacks that extract neural network information have previously
been proposed. However the side-channel vector used by these attacks assumes a high level of access to the
target system.
In this work, we propose a novel side-channel attack for SM-SoCs used in mobile platforms. Our attack
relies on a unique memory contention leakage detection (MCLD) mechanism that minimizes the level of
privilege an attacker requires to execute a DNN extraction attack. MCLD generates an artificial memory
traffic on the CPU and observes the contention exerted on the shared memory bus in order to gather
information about a target process. MCLD’s implementation requires no physical access or elevated
permissions on the target system. Using MCLD, the paper further implements and end-to-end DNN model
used to extract the information from the victim DNN. Our experimental results performed on a
state-of-the-art mobile/edge SM-SoC and popular neural networks showed that our proposed scheme can
predict the neural network topology of critical workloads with average layer error rate, i.e. percentage of
mispredicted layers, of 5%.
Associated Publications
Rights
Copyright of the original work is retained by the author.