NSF CAREER Award to Enhance the Security of Machine Learning Hardware Accelerators
ECE Assistant Professor Xiaolin Xu was awarded a $600,000 NSF CAREER Award for “Securing Reconfigurable Hardware Accelerator for Machine Learning: Threats and Defenses.”
Xiaolin Xu, assistant professor, electrical and computer engineering (ECE), has been awarded a $600,000 National Science Foundation (NSF) CAREER grant to secure high-efficiency machine learning hardware accelerators.
With artificial intelligence (AI) being used in modalities from image recognition to self-driving cars, researchers are seeking ways to make these technologies even faster. In many cases, hardware can be used to increase the speed and efficiency of machine learning, but along with this solution comes inherent security risks—risks that Xu seeks to mitigate with his research.
“No matter how efficient and robust your machine learning software is, it has to be deployed on hardware platforms,” says Xu. “Field programmable gate array-based ML acceleration systems (FPGA-ML) have become commonly used as high-performance computing hardware thanks to their high-power efficiency and low overhead. However, there is a tradeoff between performance and security. This CAREER project seeks to systematically investigate the threats and defenses of the FPGA-ML systems so that we can increase performance without compromising on security.”
Information security often centers on the classic CIA triad, which stands for Confidentiality, Integrity, and Availability. In general, the CIA triad seeks to ensure that no unauthorized users can access or modify your system’s data, that the data is up-to-date, and that the data is accessible to the right users when they need it. While much research has been done to examine the CIA principles of software, Xu’s is one of the first projects to focus instead on the AI hardware piece of the puzzle.
To holistically investigate the FPGA-ML system security, Xu’s research will adopt the roles of both attacker and defender.
“First, we have to think about the capabilities of potential adversaries—or threat models,” says Xu. “For example, what will happen if someone was able to break into the system for an autonomous vehicle and swap the labeling on the green and red traffic light? Next, we can think about what we can do about these possible attacks by introducing different methods for protecting our system. To achieve this ambitious goal, we must assume that the potential attackers are very smart, and they will always target the most critical system vulnerabilities.”
Over this five-year project, Xu’s proposal intends to investigate both run-time FPGA-ML integrity and design-time FPGA-ML confidentiality. Based on insights gained, Xu then seeks to characterize the root causes of these vulnerabilities and explore systematic defense strategies at the circuit- and system-level to suit different application scenarios.
As a CAREER grant, Xu’s project also contains a significant educational component that will reach from high school through graduate students and beyond.
“Because this research domain is a little far away from what the average high school student can accomplish, we will be building a modular learning system to help them stack knowledge, from coding with Python through hardware security fundamentals,” says Xu. He has already collaborated with several students from local high schools on his research through Northeastern’s Young Scholars’ Program and will continue developing an Interactive Learning Session for additional students over the summer.
Xu will also leverage this interdisciplinary research direction to recruit undergraduate underrepresented and minority researchers through the Summer Bridge program and the NSF Center for Hardware and Embedded System Security and Trust (CHEST) at Northeastern.
In order to further broaden knowledge and cultivate interest in this open research field, Xu will host panels and workshops to share the cross-domain knowledge learned and complement the broader AI-enabled cyberspace.
Abstract: NSF