ABSTRACT
Running machine learning (ML) on low-power IoT devices exposes unique security concerns. Attackers can easily steal or manipulate sensitive user data or proprietary ML models from the devices’ off-chip memory by leveraging their simple hardware structure and the lack of memory encryption hardware. To protect against these real-world threats, we propose a lightweight compiler-based memory encryption scheme, Spitz. Spitz achieves full off-chip memory encryption only with common architectural components on commodity devices, such as programmable on-chip SRAM, AES hardware, and Direct-Memory Access (DMA). Our evaluation on real hardware shows that Spitz maintains competitive performance while realizing full off-chip memory encryption. Spitz is only 1.16–1.73× slower than our best-effort non-secure baseline, and is even faster by 1.5–2.23× compared to a non-secure popular vendor library.
- Andrew Adams, Karima Ma, Luke Anderson, Riyadh Baghdadi, Tzu-Mao Li, Michaël Gharbi, Benoit Steiner, Steven Johnson, Kayvon Fatahalian, and Frédo Durand. 2019. Learning to optimize halide with tree search and random programs. ACM Transactions on Graphics (TOG), 38, 4 (2019), 1–12. Google ScholarDigital Library
- Joshua Adkins, Bradford Campbell, Branden Ghena, Neal Jackson, Pat Pannuto, and Prabal Dutta. 2016. The Signpost Network: Demo Abstract. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM (SenSys ’16). ACM, New York, NY, USA. 320–321. isbn:978-1-4503-4263-6 https://doi.org/10.1145/2994551.2996542 Google ScholarDigital Library
- Norah N Alajlan and Dina M Ibrahim. 2022. TinyML: Enabling of Inference Deep Learning Models on Ultra-Low-Power IoT Edge Devices for AI Applications. Micromachines, 13, 6 (2022), 851. Google ScholarCross Ref
- AMD. 2023. AMD Secure Encrypted Virtualization (SEV). https://www.amd.com/en/developer/sev.html Google Scholar
- Gui Andrade, Dayeol Lee, David Kohlbrenner, Krste Asanović, and Dawn Song. 2020. Software-Based Off-Chip Memory Protection for RISC-V Trusted Execution Environments. Google Scholar
- Apache. 2020. microTVM: TVM on bare-metal. https://tvm.apache.org/docs/microtvm/index.html Google Scholar
- ARM Ltd.. 2021. Arm Cortex-M series processors. https://developer.arm.com/ip-products/processors/cortex-m Google Scholar
- ARM Ltd.. 2021. TrustZone for cortex-m. https://www.arm.com/why-arm/technologies/trustzone-for-cortex-m Google Scholar
- Arm Ltd.. 2022. CORTEX-M55. https://www.arm.com/products/silicon-ip-cpu/cortex-m/cortex-m55 Google Scholar
- Arm Ltd.. 2022. ETHOS-U55. https://www.arm.com/products/silicon-ip-cpu/ethos/ethos-u55 Google Scholar
- Riyadh Baghdadi, Massinissa Merouani, Mohamed-Hicham Leghettas, Kamel Abdous, Taha Arbaoui, and Karima Benatchba. 2021. A Deep Learning Based Cost Model for Automatic Code Optimization. Proceedings of Machine Learning and Systems, 3 (2021). Google Scholar
- Riyadh Baghdadi, Jessica Ray, Malek Ben Romdhane, Emanuele Del Sozzo, Abdurrahman Akkas, Yunming Zhang, Patricia Suriana, Shoaib Kamil, and Saman Amarasinghe. 2019. Tiramisu: A polyhedral compiler for expressing fast and portable code. In 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). 193–205. Google ScholarDigital Library
- Katelin Bailey, Luis Ceze, Steven D Gribble, and Henry M Levy. 2011. Operating System Implications of Fast, Cheap, Non-Volatile Memory.. In HotOS. 13, 2–2. Google Scholar
- Rajeshwari Banakar, Stefan Steinke, Bo-Sik Lee, Mahesh Balakrishnan, and Peter Marwedel. 2002. Scratchpad memory: A design alternative for cache on-chip memory in embedded systems. In Proceedings of the Tenth International Symposium on Hardware/Software Codesign. CODES 2002 (IEEE Cat. No. 02TH8627). 73–78. Google ScholarDigital Library
- Colby Banbury, Chuteng Zhou, Igor Fedorov, Ramon Matas, Urmish Thakker, Dibakar Gope, Vijay Janapa Reddi, Matthew Mattina, and Paul Whatmough. 2021. Micronets: Neural network architectures for deploying tinyml applications on commodity microcontrollers. Proceedings of Machine Learning and Systems, 3 (2021). Google Scholar
- Tom Bannink, Adam Hillier, Lukas Geiger, Tim de Bruin, Leon Overweel, Jelmer Neeven, and Koen Helwegen. 2020. Larq Compute Engine: Design, Benchmark, and Deploy State-of-the-Art Binarized Neural Networks. CoRR, abs/2011.09398 (2020), arxiv:2011.09398. arxiv:2011.09398 Google Scholar
- Pietro Belotti. 2009. Couenne: a user’s manual. Technical report, Lehigh University. Google Scholar
- Thomas Bourgeat, Ilia A. Lebedev, Andrew Wright, Sizhuo Zhang, Arvind, and Srinivas Devadas. 2019. MI6: Secure Enclaves in a Speculative Out-of-Order Processor. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019, Columbus, OH, USA, October 12-16, 2019. ACM, 42–56. https://doi.org/10.1145/3352460.3358310 Google ScholarDigital Library
- David Champagne and Ruby B. Lee. 2010. Scalable architectural support for trusted software. In 16th International Conference on High-Performance Computer Architecture (HPCA-16 2010), 9-14 January 2010, Bangalore, India, Matthew T. Jacob, Chita R. Das, and Pradip Bose (Eds.). IEEE Computer Society, 1–12. https://doi.org/10.1109/HPCA.2010.5416657 Google ScholarCross Ref
- Tianqi Chen, Thierry Moreau, Ziheng Jiang, Lianmin Zheng, Eddie Yan, Haichen Shen, Meghan Cowan, Leyuan Wang, Yuwei Hu, and Luis Ceze. 2018. $TVM$: An automated end-to-end optimizing compiler for deep learning. In 13th $USENIX$ Symposium on Operating Systems Design and Implementation ($OSDI$ 18). 578–594. Google Scholar
- Yu-Hsin Chen, Tushar Krishna, Joel S Emer, and Vivienne Sze. 2016. Eyeriss: An energy-efficient reconfigurable accelerator for deep convolutional neural networks. IEEE journal of solid-state circuits, 52, 1 (2016), 127–138. Google ScholarDigital Library
- Sharan Chetlur, Cliff Woolley, Philippe Vandermersch, Jonathan Cohen, John Tran, Bryan Catanzaro, and Evan Shelhamer. 2014. cudnn: Efficient primitives for deep learning. arXiv preprint arXiv:1410.0759. Google Scholar
- Siddhartha Chhabra, Brian Rogers, Yan Solihin, and Milos Prvulovic. 2011. SecureME: a hardware-software approach to full system security. In Proceedings of the 25th International Conference on Supercomputing, 2011, Tucson, AZ, USA, May 31 - June 04, 2011, David K. Lowenthal, Bronis R. de Supinski, and Sally A. McKee (Eds.). ACM, 108–119. https://doi.org/10.1145/1995896.1995914 Google ScholarDigital Library
- Derek Chiou, Prabhat Jain, Larry Rudolph, and Srinivas Devadas. 2000. Application-specific memory management for embedded systems using software-controlled caches. In Proceedings of the 37th Annual Design Automation Conference. 416–419. Google ScholarDigital Library
- Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal De Lara, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2015. Protecting data on smartphones and tablets from memory attacks. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems. 177–189. Google ScholarDigital Library
- Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2017. Secure processors part I: background, taxonomy for secure enclaves and Intel SGX architecture. Now Foundations and Trends. Google Scholar
- Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 857–874. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan Google Scholar
- Thomas Haywood Dadzie, Jiwon Lee, Jihye Kim, and Hyunok Oh. 2019. SA-SPM: An efficient compiler for security aware scratchpad memory. In Proceedings of the 20th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. 57–69. Google ScholarDigital Library
- Robert David, Jared Duke, Advait Jain, Vijay Janapa Reddi, Nat Jeffries, Jian Li, Nick Kreeger, Ian Nappier, Meghna Natraj, and Shlomi Regev. 2020. Tensorflow lite micro: Embedded machine learning on tinyml systems. arXiv preprint arXiv:2010.08678. Google Scholar
- Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry V. Ponomarev, Nael B. Abu-Ghazaleh, and Ryan Riley. 2014. Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution. In 47th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2014, Cambridge, United Kingdom, December 13-17, 2014. IEEE Computer Society, 190–202. https://doi.org/10.1109/MICRO.2014.25 Google ScholarDigital Library
- Christopher W Fletcher, Marten van Dijk, and Srinivas Devadas. 2012. A secure processor architecture for encrypted computation on untrusted programs. In Proceedings of the seventh ACM workshop on Scalable trusted computing. 3–8. Google ScholarDigital Library
- Joshua Fromm, Meghan Cowan, Matthai Philipose, Luis Ceze, and Shwetak Patel. 2020. Riptide: Fast end-to-end binarized neural networks. Proceedings of Machine Learning and Systems, 2 (2020), 379–389. Google Scholar
- Perry Gibson, José Cano, Jack Turner, Elliot J Crowley, Michael O’Boyle, and Amos Storkey. 2020. Optimizing Grouped Convolutions on Edge Devices. In 2020 IEEE 31st International Conference on Application-specific Systems, Architectures and Processors (ASAP). 189–196. Google Scholar
- Le Guan, Jingqiang Lin, Ziqiang Ma, Bo Luo, Luning Xia, and Jiwu Jing. 2016. Copker: a cryptographic engine against cold-boot attacks. IEEE Transactions on Dependable and Secure Computing, 15, 5 (2016), 742–754. Google ScholarCross Ref
- Song Han, Xingyu Liu, Huizi Mao, Jing Pu, Ardavan Pedram, Mark A Horowitz, and William J Dally. 2016. EIE: Efficient inference engine on compressed deep neural network. ACM SIGARCH Computer Architecture News, 44, 3 (2016), 243–254. Google ScholarDigital Library
- Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770–778. Google ScholarCross Ref
- Mark Hempstead, Matt Welsh, and David Brooks. 2004. TinyBench: The case for a standardized benchmark suite for TinyOS based wireless sensor network devices. In 29th Annual IEEE International Conference on Local Computer Networks. 585–586. Google ScholarDigital Library
- Forrest N. Iandola, Matthew W. Moskewicz, Khalid Ashraf, Song Han, William J. Dally, and Kurt Keutzer. 2016. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and < 1MB model size. CoRR, abs/1602.07360 (2016), arxiv:1602.07360. arxiv:1602.07360 Google Scholar
- Intel. 2013. Intel Xeon Phi Coprocessor Architecture Overview. https://www.intel.com/content/dam/develop/external/us/en/documents/intel-c2-ae-xeon-phi-e2-84-a2-coprocessor-architecture-overview.pdf Google Scholar
- Intel. 2021. Intel oneAPI Deep Neural Network Library (oneDNN). https://software.intel.com/content/dam/develop/external/us/en/documents/oneapi-programming-guide.pdf Google Scholar
- Intel. 2021. Intel® Software Guard Extensions. https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html Google Scholar
- Vikram Iyer, Rajalakshmi Nandakumar, Anran Wang, Sawyer B Fuller, and Shyamnath Gollakota. 2019. Living IoT: A flying wireless platform on live insects. In The 25th Annual International Conference on Mobile Computing and Networking. 1–15. Google ScholarDigital Library
- Zhihao Jia, Oded Padon, James Thomas, Todd Warszawski, Matei Zaharia, and Alex Aiken. 2019. TASO: optimizing deep learning computation with automatic generation of graph substitutions. In Proceedings of the 27th ACM Symposium on Operating Systems Principles. 47–62. Google ScholarDigital Library
- Zhe Jia, Blake Tillman, Marco Maggioni, and Daniele Paolo Scarpazza. 2019. Dissecting the graphcore ipu architecture via microbenchmarking. arXiv preprint arXiv:1912.03413. Google Scholar
- Zhihao Jia, Matei Zaharia, and Alex Aiken. 2018. Beyond data and model parallelism for deep neural networks. arXiv preprint arXiv:1807.05358. Google Scholar
- Norman P Jouppi, Cliff Young, Nishant Patil, David Patterson, Gaurav Agrawal, Raminder Bajwa, Sarah Bates, Suresh Bhatia, Nan Boden, and Al Borchers. 2017. In-datacenter performance analysis of a tensor processing unit. In Proceedings of the 44th annual international symposium on computer architecture. 1–12. Google ScholarDigital Library
- Philo Juang, Hidekazu Oki, Yong Wang, Margaret Martonosi, Li Shiuan Peh, and Daniel Rubenstein. 2002. Energy-efficient Computing for Wildlife Tracking: Design Tradeoffs and Early Experiences with ZebraNet. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS X). ACM, New York, NY, USA. 96–107. isbn:1-58113-574-2 https://doi.org/10.1145/605397.605408 Google ScholarDigital Library
- Mahmut Kandemir and Alok Choudhary. 2002. Compiler-directed scratch pad memory hierarchy design and management. In Proceedings 2002 Design Automation Conference (IEEE Cat. No. 02CH37324). 628–633. Google Scholar
- Mahmut Kandemir, Jagannathan Ramanujam, Mary Jane Irwin, Narayanan Vijaykrishnan, Ismail Kadayif, and Amisha Parikh. 2001. Dynamic management of scratch-pad memory space. In Proceedings of the 38th Design Automation Conference (IEEE Cat. No. 01CH37232). 690–695. Google ScholarDigital Library
- Luyi Kang, Yuqi Xue, Weiwei Jia, Xiaohao Wang, Jongryool Kim, Changhwan Youn, Myeong Joon Kang, Hyung Jin Lim, Bruce Jacob, and Jian Huang. 2021. IceClave: A Trusted Execution Environment for In-Storage Computing. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture. 199–211. Google Scholar
- Liangzhen Lai, Naveen Suda, and Vikas Chandra. 2018. Cmsis-nn: Efficient neural network kernels for arm cortex-m cpus. arXiv preprint arXiv:1801.06601. Google Scholar
- Ruby B. Lee, Peter C. S. Kwan, John Patrick McGregor, Jeffrey S. Dwoskin, and Zhenghong Wang. 2005. Architecture for Protecting Critical Secrets in Microprocessors. In 32st International Symposium on Computer Architecture (ISCA 2005), 4-8 June 2005, Madison, Wisconsin, USA. IEEE Computer Society, 2–13. https://doi.org/10.1109/ISCA.2005.14 Google ScholarDigital Library
- Lian Li, Lin Gao, and Jingling Xue. 2005. Memory coloring: A compiler approach for scratchpad memory management. In 14th International Conference on Parallel Architectures and Compilation Techniques (PACT’05). 329–338. Google Scholar
- Rui Li, Aravind Sukumaran-Rajam, Richard Veras, Tze Meng Low, Fabrice Rastello, Atanas Rountev, and Ponnuswamy Sadayappan. 2019. Analytical cache modeling and tilesize optimization for tensor contractions. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis. 1–13. Google ScholarDigital Library
- Rui Li, Yufan Xu, Aravind Sukumaran-Rajam, Atanas Rountev, and P Sadayappan. 2021. Analytical characterization and design space exploration for optimization of CNNs. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 928–942. Google ScholarDigital Library
- Edgar Liberis and Nicholas D Lane. 2019. Neural networks on microcontrollers: saving memory at inference via operator reordering. arXiv preprint arXiv:1910.05110. Google Scholar
- David Lie, John C. Mitchell, Chandramohan A. Thekkath, and Mark Horowitz. 2003. Specifying and Verifying Hardware for Tamper-Resistant Software. In 2003 IEEE Symposium on Security and Privacy (S&P 2003), 11-14 May 2003, Berkeley, CA, USA. IEEE Computer Society, 166. https://doi.org/10.1109/SECPRI.2003.1199335 Google ScholarCross Ref
- David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. Acm Sigplan Notices, 35, 11 (2000), 168–177. Google ScholarDigital Library
- Ji Lin, Wei-Ming Chen, Yujun Lin, John Cohn, Chuang Gan, and Song Han. 2020. Mcunet: Tiny deep learning on iot devices. arXiv preprint arXiv:2007.10319. Google Scholar
- Kiwan Maeng, Iskender Kushan, Brandon Lucia, and Ashish Kapoor. 2019. Enhancing Stratospheric Weather Analyses and Forecasts by Deploying Sensors from a Weather Balloon. arXiv preprint arXiv:1912.02276. Google Scholar
- Kiwan Maeng and Brandon Lucia. 2019. Supporting peripherals in intermittent systems with just-in-time checkpoints. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1101–1116. Google ScholarDigital Library
- David McGrew and John Viega. 2004. The Galois/counter mode of operation (GCM). submission to NIST Modes of Operation Process, 20 (2004), 0278–0070. Google Scholar
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In HASP 2013, The Second Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, June 23-24, 2013, Ruby B. Lee and Weidong Shi (Eds.). ACM, 10. https://doi.org/10.1145/2487726.2488368 Google ScholarDigital Library
- Microchip Technology Inc.. 2021. 8-bit AVR® MCUs. https://www.microchip.com/en-us/products/microcontrollers-and-microprocessors/8-bit-mcus/avr-mcus Google Scholar
- Ravi Teja Mullapudi, Andrew Adams, Dillon Sharlet, Jonathan Ragan-Kelley, and Kayvon Fatahalian. 2016. Automatically scheduling halide image processing pipelines. ACM Transactions on Graphics (TOG), 35, 4 (2016), 1–11. Google ScholarDigital Library
- Seonjin Na, Sunho Lee, Yeonjae Kim, Jongse Park, and Jaehyuk Huh. 2021. Common Counters: Compressed Encryption Counters for Secure GPU Memory. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA). 1–13. Google Scholar
- NVIDIA. 2022. NVIDIA CONFIDENTIAL COMPUTING. https://www.nvidia.com/en-us/data-center/solutions/confidential-computing/ Google Scholar
- Jonathan Ragan-Kelley, Connelly Barnes, Andrew Adams, Sylvain Paris, Frédo Durand, and Saman Amarasinghe. 2013. Halide: a language and compiler for optimizing parallelism, locality, and recomputation in image processing pipelines. Acm Sigplan Notices, 48, 6 (2013), 519–530. Google ScholarDigital Library
- Minsoo Rhu, Natalia Gimelshein, Jason Clemons, Arslan Zulfiqar, and Stephen W Keckler. 2016. vDNN: Virtualized deep neural networks for scalable, memory-efficient neural network design. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1–13. Google ScholarCross Ref
- Gururaj Saileshwar, Prashant J Nair, Prakash Ramrakhyani, Wendy Elsasser, Jose A Joao, and Moinuddin K Qureshi. 2018. Morphable counters: Enabling compact integrity trees for low-overhead secure memories. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 416–427. Google ScholarDigital Library
- Gururaj Saileshwar, Prashant J Nair, Prakash Ramrakhyani, Wendy Elsasser, and Moinuddin K Qureshi. 2018. Synergy: Rethinking secure-memory design for error-correcting memories. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). 454–465. Google ScholarCross Ref
- Mark Sandler, Andrew Howard, Menglong Zhu, Andrey Zhmoginov, and Liang-Chieh Chen. 2018. Mobilenetv2: Inverted residuals and linear bottlenecks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 4510–4520. Google ScholarCross Ref
- Muhammad R Soliman and Rodolfo Pellizzoni. 2017. Data Scratchpad Prefetching for Real-time Systems. Google Scholar
- ST Electronics. 2020. Discovery kit for STM32F7 Series with STM32F750N8 MCU. http://www.ti.com/lit/ds/symlink/msp430fr5994.pd://www.st.com/resource/en/user_manual/um2470-discovery-kit-for-stm32f7-series-with-stm32f750n8-mcu-stmicroelectronics.pdf 37 pages. Google Scholar
- Benoit Steiner, Chris Cummins, Horace He, and Hugh Leather. 2021. Value Learning for Throughput Optimization of Deep Learning Workloads. Proceedings of Machine Learning and Systems, 3 (2021). Google Scholar
- G Edward Suh, Charles W O’Donnell, and Srinivas Devadas. 2007. Aegis: A single-chip secure processor. IEEE Design & Test of Computers, 24, 6 (2007), 570–580. Google ScholarDigital Library
- Jakub Szefer and Ruby B Lee. 2012. Architectural support for hypervisor-secure virtualization. ACM SIGPLAN Notices, 47, 4 (2012), 437–450. Google ScholarDigital Library
- Mingxing Tan, Bo Chen, Ruoming Pang, Vijay Vasudevan, Mark Sandler, Andrew Howard, and Quoc V Le. 2019. Mnasnet: Platform-aware neural architecture search for mobile. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2820–2828. Google ScholarCross Ref
- TI Inc.. 2021. MSP430 microcontrollers (MCUs). https://www.ti.com/microcontrollers-mcus-processors/microcontrollers/msp430-micrcontrollers/overview.html Google Scholar
- Jack Turner, Elliot J Crowley, and Michael FP O’Boyle. 2021. Neural architecture search as program transformation exploration. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 915–927. Google ScholarDigital Library
- Sumesh Udayakumaran, Angel Dominguez, and Rajeev Barua. 2006. Dynamic allocation for scratch-pad memory using compile-time decisions. ACM Transactions on Embedded Computing Systems (TECS), 5, 2 (2006), 472–511. Google ScholarDigital Library
- Deepak Vasisht, Zerina Kapetanovic, Jongho Won, Xinxin Jin, Ranveer Chandra, Sudipta Sinha, Ashish Kapoor, Madhusudhan Sudarshan, and Sean Stratman. 2017. Farmbeats: An iot platform for data-driven agriculture. In 14th $USENIX$ Symposium on Networked Systems Design and Implementation ($NSDI$ 17). 515–529. Google Scholar
- Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav H. Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert M. Norton, Michael Roe, Stacey D. Son, and Munraj Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 20–37. https://doi.org/10.1109/SP.2015.9 Google ScholarDigital Library
- Jun Yang, Youtao Zhang, and Lan Gao. 2003. Fast Secure Processor for Inhibiting Software Piracy and Tampering. In Proceedings of the 36th Annual International Symposium on Microarchitecture, San Diego, CA, USA, December 3-5, 2003. IEEE Computer Society, 351–360. https://doi.org/10.1109/MICRO.2003.1253209 Google ScholarCross Ref
- Field G Van Zee, Tyler M Smith, Bryan Marker, Tze Meng Low, Robert A Van De Geijn, Francisco D Igual, Mikhail Smelyanskiy, Xianyi Zhang, Michael Kistler, and Vernon Austel. 2016. The BLIS framework: Experiments in portability. ACM Transactions on Mathematical Software (TOMS), 42, 2 (2016), 1–19. Google ScholarDigital Library
- Lianmin Zheng, Chengfan Jia, Minmin Sun, Zhao Wu, Cody Hao Yu, Ameer Haj-Ali, Yida Wang, Jun Yang, Danyang Zhuo, and Koushik Sen. 2020. Ansor: Generating high-performance tensor programs for deep learning. In 14th $USENIX$ Symposium on Operating Systems Design and Implementation ($OSDI$ 20). 863–879. Google ScholarDigital Library
Index Terms
- Compiler-Based Memory Encryption for Machine Learning on Commodity Low-Power Devices
Recommendations
A secure and authenticated host-to-memory communication interface
CF '19: Proceedings of the 16th ACM International Conference on Computing FrontiersEmerging non-volatile memories (NVMs) have the potential to change the memory-storage hierarchy in computing devices, and even to replace DRAM as main memories. In fact NVMs, beside offering byte-addressability and data persistence, promise better ...
Memory encryption for smart cards
CARDIS'11: Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced ApplicationsWith the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. ...
CrypTag: Thwarting Physical and Logical Memory Vulnerabilities using Cryptographically Colored Memory
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications SecurityMemory vulnerabilities are a major threat to many computing systems. To effectively thwart spatial and temporal memory vulnerabilities, full logical memory safety is required. However, current mitigation techniques for memory safety are either too ...
Comments