GGrantIndex
← Search

CAREER: Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses

$599,000FY2023CSENSF

Northeastern University, Boston MA

Investigators

Abstract

The proliferation of Machine Learning (ML)-enabled applications has fueled a pressing demand for high-performance computing hardware. As a reconfigurable device offering high power efficiency and low overhead, the field programmable gate array (FPGA)-based ML acceleration systems (FPGA-ML) have become the workhorse of ML computing and inference to support many applications in critical domains, including aerospace, defense, and autonomous driving. Although promising, the growing trend of FPGA-ML accelerators also presents new targets for adversaries to attack. This CAREER project will holistically investigate the FPGA-ML system security and integrate the scientific outcomes with educational activities. The research outcome of this project will generate new security components to the emerging FPGA-ML development toolchains and metrics to evaluate the security of real-world products built on these systems, as well as enable technology transfer of research results to the industry practice. This project contains a significant educational component and will attract K-12 students to pursue a STEM education and nurture and cultivate students to engage in this open research field. This CAREER project systematically investigates the threats and defenses of the FPGA-ML systems. The scientific outcomes will significantly enrich the traditional works that mainly consider ML security from an algorithm aspect and neglect implementation peculiarities. There are three complementary research thrusts to investigate: (1) Run-time FPGA-ML integrity by studying the impacts of run-time disruption on FPGA-ML acceleration engine for different malicious objectives; (2) Design-time confidentiality by attacking state-of-the-art FPGA-ML systems to explore the potential attack surface; (3) Efficient and scalable defense solutions by characterizing the root causes of both run-time and design-time vulnerabilities of the FPGA-ML systems and developing cross-layer defense strategies at the circuit- and system-level to suit different application scenarios. The proof-of-principles will be applied in designing and prototyping secure FPGA-ML acceleration systems, and the cross-domain knowledge learned from this project will complement the broader AI-enabled cyberspace. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →