GGrantIndex
← Search

CAREER: Dependable and Secure Machine Learning Acceleration from Untrusted Hardware

$105,583FY2023CSENSF

Lehigh University, Bethlehem PA

Investigators

Abstract

Fueled by the advancements of machine learning (ML) models and computing hardware, intelligence is becoming a household brand from cloud to edge, transforming every walk of life. For intelligent systems with safety and security as their primary requirements, such as autonomous vehicles and doctorless clinics, ensuring inference dependability is essential. Unfortunately, current hardware cannot provide such a promise. The inference execution can be disturbed by either passive faults or active physical fault attacks on hardware components like memory, logic. While there have been relevant studies from the perspective of data, the problem in the context of hardware is different and far less explored. This CAREER project aims to create a new paradigm of safeguarding ML execution against both passive hardware faults and active fault attacks, with a focus on proactively rooting inference dependability into ML processing by design. Unlike prior reactive hardware bug repair or hardware security-based solutions, which do not closely embrace ML's distinct properties, the project's novelties lie in the new capability development inside ML processing, namely "Multi-Purposed Neuron", and the cross-layer exploration of ML algorithm, hardware architecture and hardware security centered around this. The project's broader significance and importance are: 1) yield practical solutions for ensuring the root of trust of accelerated artificial intelligence (AI) services in security, healthcare, automated systems, and other domains; 2) advance the state-of-the-art on the interactions among AI algorithm, hardware, and security design; 3) provide abundant educational opportunities and outreach activities to nurture and attract students. The project seeks to develop "Multi-Purposed Neuron"-centered ML inference protection methodologies for hardware accelerators through algorithm-hardware-security co-design, with guarantees of generality, scalability, feasibility, and durability. The project consists of three thrusts: 1) Improve fault tolerance offline through "Coded Neurons" and hardware optimization without assuming a fixed attack available prior (Generality); 2) Mitigate multiple faults online via "Guarded Neurons", dedicated training methods and hardware design (Scalability); 3) Defend against strong and adaptive attacks by real time proactive solutions built upon "Honey Neurons" and Trust Execution Environment (Durability). The impact on inference accuracy, latency and hardware overhead will be minimized across all thrusts (Feasibility). This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →