Session Chair: Chris Clark, Georgia Tech Research Institute

Wednesday, June 29, 2022 | Time: 09:50 - 11:10

Location: Int'l Ballroom C

• ^**31. Cross-VM Information Leaks in FPGA-Accelerated Cloud Environments
  Ilias Giechaskiel, Shanquan Tian and Jakub Szefer
  Abstract: The availability of FPGAs in cloud data centers offers rapid, on-demand access to hardware compute resources that users can configure to their own needs. However, the low-level access to the hardware FPGA and associated resources such as PCIe, SSD, or DRAM also opens up threats of malicious attackers uploading designs that are able to infer information about other users or about the cloud infrastructure itself. In particular, this work presents a new, fast PCIe-contention-based channel that is able to transmit data between different FPGA-accelerated virtual machines with bandwidths reaching 2 kbps with 97% accuracy. This paper further demonstrates that the PCIe receiver circuits are able to not just receive covert transmissions, but can also perform fine-grained monitoring of the PCIe bus or detect different types of activities from other users’ FPGA-accelerated virtual machines based on their PCIe traffic signatures. Beyond leaking information across different virtual machines, the ability to monitor the PCIe bandwidth over hours or days can be used to estimate the data center utilization and map the behavior of the other users. The paper also introduces further novel threats in FPGA-accelerated instances, including contention due to shared NVMe SSDs as well as thermal monitoring to identify FPGA co-location using the DRAM modules attached to the FPGA boards. This is the first work to demonstrate that it is possible to break the separation of privilege in FPGA-accelerated cloud environments and highlights that defenses for public clouds using FPGAs need to consider PCIe, SSD, and DRAM resources as part of the attack surface that should be protected.


• 32. Time Series-based Malware Detection using Hardware Performance Counters
  Abraham Kuruvila, Sayar Karmakar and Kanad Basu
  Abstract: With the advent of Internet-of-Things (IoT), Malware has been exponentially proliferating across a plethora of platforms including PC, mobile, and other embedded devices. Software-based solutions, such as AntiVirus Software (AVS), are ineffective against modern Malware and incur an abundance of computational overhead. This has motivated researchers to develop Hardware assisted Malware Detection techniques utilizing Hardware Performance Counters (HPCs). However, traditional HPC based Malware detection does not account for the temporal order of the data. Consequently, false positives, i.e., benign application being classified as Malware, become a major predicament. Furthermore, some devices are extremely limited in their hardware profiling capabilities, resulting in a limited feature space. To address these issues, we propose employing HPC data in conjunction with time seriesbased classifiers. Additionally, we introduce a Sequential Time Series-based Detection (SEQ-TSD) framework for identifying Malware. The proposed methodology uses only a single HPC, thereby reducing the profiling overhead. Our experimental results prove that the proposed framework can bolster the performance using only a single HPC to detect Malware with up to 95% accuracy, while incurring only a 5.56% false positive rate. Furthermore, we demonstrate that combining multiple HPCs in conjunction with SEQ-TSD boosts the average detection accuracy up to 97.91%.


• 63. SynCirc: Efficient Synthesis of Depth-Optimized Circuits for Secure Computation
  Arpita Patra, Thomas Schneider, Ajith Suresh and Hossein Yalame
  Abstract: Secure Multi-party Computation (MPC) allows to securely compute on private data. To make MPC practical, logic synthesis can be used to automatically translate a description of the function to be computed securely into optimized and error-free boolean circuits. The work of Demmler et al. (CCS’15) used industry-grade hardware synthesis tools (DC, Yosys) to generate depth-optimized circuits for MPC. To evaluate their optimized circuits, they used the ABY framework (Demmler et al., NDSS’15) for secure two-party computation. The recent ABY2.0 framework (Patra et al., USENIX Security’21) presented round-efficient constructions using multi-input AND gates and improved over ABY by at least 6× in online communication. In this work, we propose SynCirc, an efficient hardware synthesis framework designed for MPC applications. Our framework is based on Verilog and the open-source tool Yosys-ABC. It provides custom libraries and new constraints that accommodate multiinput AND gates. With this, we improve over the work of Demmler et al. by up to 3× in multiplicative depth with a corresponding improvement in online round complexity. Moreover, we provide efficient realizations of several new building blocks including comparison, multiplexers, and equality check. For these building blocks, we achieve improvements in multiplicative depth/online rounds between 22.3% and 66.7%. With these improvements, our framework makes multi-round MPC better-suited for high-latency networks such as the Internet.


• 74. Using Undervolting as an On-Device Defense Against Adversarial Machine Learning Attacks
  Saikat Majumdar, Mohammad Samavatian, Kristin Barber and Radu Teodorescu
  Abstract: Deep neural network (DNN) classifiers are powerful tools that drive a broad spectrum of important applications, from image recognition to autonomous vehicles. Unfortunately, DNNs are known to be vulnerable to adversarial attacks that affect virtually all state-of-the-art models. These attacks make small imperceptible modifications to inputs that are sufficient to induce the DNNs to produce the wrong classification. In this paper we propose a novel, lightweight adversarial correction and/or detection mechanism for image classifiers that relies on undervolting (running a chip at a voltage that is slightly below its safe margin). We propose using controlled undervolting of the chip running the inference process in order to introduce a limited number of compute errors. We show that these errors disrupt the adversarial input in a way that can be used either to correct the classification or detect the input as adversarial. We evaluate the proposed solution in an FPGA design and through software simulation. We evaluate 10 attacks and show average detection rates of 77% and 90% on two popular DNNs.

^** HOST 2022 Best Paper Nominee