Extracting neural network models via contention-based side channel attacks on shared memory system-on-chips

Abstract

Shared Memory System-on-Chip (SM-SoC) devices are used in a multitude of environments in order to execute sensitive and critical operations. Some of these operations include the execution of deep neural networks (DNN). Several side-channel attacks that extract neural network information have previously been proposed. However the side-channel vector used by these attacks assumes a high level of access to the target system.

In this work, we propose a novel side-channel attack for SM-SoCs used in mobile platforms. Our attack relies on a unique memory contention leakage detection (MCLD) mechanism that minimizes the level of privilege an attacker requires to execute a DNN extraction attack. MCLD generates an artificial memory traffic on the CPU and observes the contention exerted on the shared memory bus in order to gather information about a target process. MCLD’s implementation requires no physical access or elevated permissions on the target system. Using MCLD, the paper further implements and end-to-end DNN model used to extract the information from the victim DNN. Our experimental results performed on a state-of-the-art mobile/edge SM-SoC and popular neural networks showed that our proposed scheme can predict the neural network topology of critical workloads with average layer error rate, i.e. percentage of mispredicted layers, of 5%.