Efficient Integrity-Tree Structure for Convolutional Neural Networks through Frequent Counter Overflow Prevention in Secure Memories

Advancements in convolutional neural network (CNN) have resulted in remarkable success in various computing fields. However, the need to protect data against external security attacks has become increasingly important because inference process in CNNs exploit sensitive data. Secure Memory is a hardware-based protection technique that can protect the sensitive data of CNNs. However, naively applying secure memory to a CNN application causes significant performance and energy overhead. Furthermore, ensuring secure memory becomes more difficult in environments that require area efficiency and low-power execution, such as the Internet of Things (IoT). In this paper, we investigated memory access patterns for CNN workloads and analyzed their effects on secure memory performance. According to our observations, most CNN workloads intensively write to narrow memory regions, which can cause a considerable number of counter overflows. On average, 87.6% of total writes occur in 6.8% of the allocated memory space; in the extreme case, 93.9% of total writes occur in 1.4% of the allocated memory space. Based on our observations, we propose an efficient integrity-tree structure called Countermark-tree that is suitable for CNN workloads. The proposed technique reduces overall energy consumption by 48%, shows a performance improvement of 11.2% compared to VAULT-128, and requires a similar integrity-tree size to VAULT-64, a state-of-the-art technique.

[1]  Jinpeng Han,et al.  A Survey on Attack Detection and Resilience for Connected and Automated Vehicles: From Vehicle Dynamics and Control Perspective , 2022, IEEE Transactions on Intelligent Vehicles.

[2]  Lei Zhang,et al.  A Feature Space-Restricted Attention Attack on Medical Deep Learning Systems , 2022, IEEE Transactions on Cybernetics.

[3]  C. Zou,et al.  On Security of TrustZone-M-Based IoT Systems , 2022, IEEE Internet of Things Journal.

[4]  Jaehyuk Huh,et al.  TNPU: Supporting Trusted Execution with Tree-less Integrity Protection for Neural Processing Unit , 2022, 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA).

[5]  Ardhi Wiratama Baskara Yudha,et al.  Adaptive Security Support for Heterogeneous Memory on GPUs , 2022, 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA).

[6]  Jesung Kim,et al.  ENCORE Compression: Exploiting Narrow-width Values for Quantized Deep Neural Networks , 2022, 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  David Mohaisen,et al.  Phoenix: Towards Ultra-Low Overhead, Recoverable, and Persistently Secure NVM , 2022, IEEE Transactions on Dependable and Secure Computing.

[8]  Rakin Muhammad Shadab,et al.  ARES: Persistently Secure Non-Volatile Memory with Processor-transparent and Hardware-friendly Integrity Verification and Metadata Recovery , 2022, ACM Trans. Embed. Comput. Syst..

[9]  D. Feng,et al.  SecNVM: An Efficient and Write-Friendly Metadata Crash Consistency Scheme for Secure NVM , 2021, ACM Trans. Archit. Code Optim..

[10]  Kemal Akkaya,et al.  Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective , 2021, Ad Hoc Networks.

[11]  Naofumi Homma,et al.  ELM: A Low-Latency and Scalable Memory Encryption Scheme , 2022, IEEE Transactions on Information Forensics and Security.

[12]  Yan Solihin,et al.  Bonsai Merkle Forests: Efficiently Achieving Crash Consistency in Secure Persistent Memory , 2021, MICRO.

[13]  Nong Xiao,et al.  CacheTree: Reducing Integrity Verification Overhead of Secure Nonvolatile Memories , 2021, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[14]  Jaehyuk Huh,et al.  Common Counters: Compressed Encryption Counters for Secure GPU Memory , 2021, 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA).

[15]  Antonio de la Piedra,et al.  Protection Profile Bricks for Secure IoT Devices , 2021, 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS).

[16]  Youyou Lu,et al.  ShieldNVM: An Efficient and Fast Recoverable System for Secure Non-Volatile Memory , 2020, ACM Trans. Storage.

[17]  Josep Torrellas,et al.  Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures , 2018, USENIX Security Symposium.

[18]  Jun Zhang,et al.  NPUFort: a secure architecture of DNN accelerator against model inversion attack , 2019, CF.

[19]  Salessawi Ferede Yitbarek,et al.  Reducing the Overhead of Authenticated Memory Encryption Using Delta Encoding and ECC Memory , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[20]  Zhiru Zhang,et al.  Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[21]  Rajeev Balasubramonian,et al.  VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures , 2018, ASPLOS.

[22]  Gururaj Saileshwar,et al.  SYNERGY: Rethinking Secure-Memory Design for Error-Correcting Memories , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[23]  Joseph Redmon,et al.  YOLOv3: An Incremental Improvement , 2018, ArXiv.

[24]  Zhuowen Tu,et al.  Aggregated Residual Transformations for Deep Neural Networks , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[25]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[26]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[27]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[28]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[29]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[30]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[31]  Ninghui Sun,et al.  DianNao: a small-footprint high-throughput accelerator for ubiquitous machine-learning , 2014, ASPLOS.

[32]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[33]  Seth H. Pugsley,et al.  USIMM : the Utah SImulated Memory Module , 2012 .

[34]  Lieven Eeckhout,et al.  Sniper: Exploring the level of abstraction for scalable and accurate parallel multi-core simulation , 2011, 2011 International Conference for High Performance Computing, Networking, Storage and Analysis (SC).

[35]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[36]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[37]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[38]  Marten van Dijk,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS '03.

[39]  Charanjit S. Jutla,et al.  Parallelizable Authentication Trees , 2005, IACR Cryptol. ePrint Arch..