Compiler-Based Memory Encryption for Machine Learning on Commodity Low-Power Devices

Kiwan Maeng, Brandon Lucia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Running machine learning (ML) on low-power IoT devices exposes unique security concerns. Attackers can easily steal or manipulate sensitive user data or proprietary ML models from the devices’ off-chip memory by leveraging their simple hardware structure and the lack of memory encryption hardware. To protect against these real-world threats, we propose a lightweight compiler-based memory encryption scheme, Spitz. Spitz achieves full off-chip memory encryption only with common architectural components on commodity devices, such as programmable on-chip SRAM, AES hardware, and Direct-Memory Access (DMA). Our evaluation on real hardware shows that Spitz maintains competitive performance while realizing full off-chip memory encryption. Spitz is only 1.16–1.73× slower than our best-effort non-secure baseline, and is even faster by 1.5–2.23× compared to a non-secure popular vendor library. Our work is the first to show that we can run ML workloads with full off-chip memory encryption on commodity low-power hardware.

Original languageEnglish (US)
Title of host publicationCC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction
EditorsGabriel Rodriguez, P. Sadayappan, Aravind Sukumaran-Rajam
PublisherAssociation for Computing Machinery, Inc
Pages198-211
Number of pages14
ISBN (Electronic)9798400705076
DOIs
StatePublished - Feb 17 2024
Event33rd ACM SIGPLAN International Conference on Compiler Construction, CC 2024 - Edinburgh, United Kingdom
Duration: Mar 2 2024Mar 3 2024

Publication series

NameCC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction

Conference

Conference33rd ACM SIGPLAN International Conference on Compiler Construction, CC 2024
Country/TerritoryUnited Kingdom
CityEdinburgh
Period3/2/243/3/24

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Signal Processing
  • Software

Cite this