TY - GEN
T1 - Compiler-Based Memory Encryption for Machine Learning on Commodity Low-Power Devices
AU - Maeng, Kiwan
AU - Lucia, Brandon
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/2/17
Y1 - 2024/2/17
N2 - Running machine learning (ML) on low-power IoT devices exposes unique security concerns. Attackers can easily steal or manipulate sensitive user data or proprietary ML models from the devices’ off-chip memory by leveraging their simple hardware structure and the lack of memory encryption hardware. To protect against these real-world threats, we propose a lightweight compiler-based memory encryption scheme, Spitz. Spitz achieves full off-chip memory encryption only with common architectural components on commodity devices, such as programmable on-chip SRAM, AES hardware, and Direct-Memory Access (DMA). Our evaluation on real hardware shows that Spitz maintains competitive performance while realizing full off-chip memory encryption. Spitz is only 1.16–1.73× slower than our best-effort non-secure baseline, and is even faster by 1.5–2.23× compared to a non-secure popular vendor library. Our work is the first to show that we can run ML workloads with full off-chip memory encryption on commodity low-power hardware.
AB - Running machine learning (ML) on low-power IoT devices exposes unique security concerns. Attackers can easily steal or manipulate sensitive user data or proprietary ML models from the devices’ off-chip memory by leveraging their simple hardware structure and the lack of memory encryption hardware. To protect against these real-world threats, we propose a lightweight compiler-based memory encryption scheme, Spitz. Spitz achieves full off-chip memory encryption only with common architectural components on commodity devices, such as programmable on-chip SRAM, AES hardware, and Direct-Memory Access (DMA). Our evaluation on real hardware shows that Spitz maintains competitive performance while realizing full off-chip memory encryption. Spitz is only 1.16–1.73× slower than our best-effort non-secure baseline, and is even faster by 1.5–2.23× compared to a non-secure popular vendor library. Our work is the first to show that we can run ML workloads with full off-chip memory encryption on commodity low-power hardware.
UR - http://www.scopus.com/inward/record.url?scp=85187218917&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85187218917&partnerID=8YFLogxK
U2 - 10.1145/3640537.3641564
DO - 10.1145/3640537.3641564
M3 - Conference contribution
AN - SCOPUS:85187218917
T3 - CC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction
SP - 198
EP - 211
BT - CC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction
A2 - Rodriguez, Gabriel
A2 - Sadayappan, P.
A2 - Sukumaran-Rajam, Aravind
PB - Association for Computing Machinery, Inc
T2 - 33rd ACM SIGPLAN International Conference on Compiler Construction, CC 2024
Y2 - 2 March 2024 through 3 March 2024
ER -