Machine Learning IP Protection

Machine learning, specifically deep learning is becoming a key technology component in application domains such as identity management, finance, automotive, and healthcare, to name a few. Proprietary machine learning models - Machine Learning IP - are developed and deployed at the network edge, end devices and in the cloud, to maximize user experience. With the proliferation of applications embedding Machine Learning IPs, machine learning models and hyper-parameters become attractive to attackers, and require protection. Major players in the semiconductor industry provide mechanisms on device to protect the IP at rest and during execution from being copied, altered, reverse engineered, and abused by attackers. In this work we explore system security architecture mechanisms and their applications to Machine Learning IP protection.

[1]  David A. Patterson,et al.  A domain-specific architecture for deep neural networks , 2018, Commun. ACM.

[2]  Daniel Martin,et al.  TrustZone Explained: Architectural Features and Use Cases , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[3]  Sergey Ioffe,et al.  Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning , 2016, AAAI.

[4]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[5]  Milos Doroslovacki,et al.  Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[6]  Hamed Haddadi,et al.  Deep Learning in Mobile and Wireless Networking: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[7]  Vivienne Sze,et al.  Efficient Processing of Deep Neural Networks: A Tutorial and Survey , 2017, Proceedings of the IEEE.

[8]  David R. Kaeli,et al.  Side-channel power analysis of a GPU AES implementation , 2015, 2015 33rd IEEE International Conference on Computer Design (ICCD).

[9]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[10]  Paul Kocher Complexity and the challenges of securing SoCs , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[11]  Zhiru Zhang,et al.  Reverse Engineering Convolutional Neural Networks Through Side-channel Information Leaks , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).