One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

Buhren, Robert; Jacob, Hans Niklas; Krachenfels, Thilo; Seifert, Jean-Pierre

doi:10.48550/arxiv.2108.04575

Cited by 2 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A TEE leverages a root of trust from the hardware to shield the execution of sensitive computation and its data from the rest of the node, including higher privileged software layers. While TEEs have been proposed to make ML computation trustworthy [42,65,79,80], past TEE implementations have been shown to exhibit exploitable security vulnerabilities [12,78,84,111].…”

Section: Establishing Trustworthinessmentioning

confidence: 99%

See 1 more Smart Citation

Dropbear: Machine Learning Marketplaces made Trustworthy with Byzantine Model Agreement

Shamis¹,

Pietzuch²,

Delignat-Lavaud³

et al. 2022

Preprint

View full text Add to dashboard Cite

Marketplaces for machine learning (ML) models are emerging as a way for organizations to monetize models. They allow model owners to retain control over hosted models by using cloud resources to execute ML inference requests for a fee, preserving model confidentiality. Clients that rely on hosted models require trustworthy inference results, even when models are managed by third parties. While the resilience and robustness of inference results can be improved by combining multiple independent models, such support is unavailable in today's marketplaces.We describe Dropbear, the first ML model marketplace that provides clients with strong integrity guarantees by combining results from multiple models in a trustworthy fashion. Dropbear replicates inference computation across a model group, which consists of multiple cloud-based GPU nodes belonging to different model owners. Clients receive inference certificates that prove agreement using a Byzantine consensus protocol, even under model heterogeneity and concurrent model updates. To improve performance, Dropbear batches inference and consensus operations separately: it first performs the inference computation across a model group, before ordering requests and model updates. Despite its strong integrity guarantees, Dropbear's performance matches that of state-ofthe-art ML inference systems: deployed across 3 cloud sites, it handles 800 requests/s with ImageNet models.

show abstract

Section: Establishing Trustworthinessmentioning

confidence: 99%

“…Slalom [109] and Privado [42] use trusted execution environment (TEEs) [22] to produce trustworthy inference. They rely on the security of TEEs, which have suffered from successful attacks [12,78,84,111]. These solutions are restricted to CPU-based inference, which increases latencies by several orders of magnitude compared to GPUs.…”

Section: Related Workmentioning

confidence: 99%

Dropbear: Machine Learning Marketplaces made Trustworthy with Byzantine Model Agreement

Shamis¹,

Pietzuch²,

Delignat-Lavaud³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…While virtualization can hinder some exploits by abstracting away details of the hardware and restricting access to some hardware-dependent interfaces, it does not necessarily provide full protection. For instance, if the adversary has hardware access, attacks which bypass the virtualization remain feasible [30]. The situation is not very different when the attacker has software access (e.g., RowHammer remains feasible [180]).…”

Section: Implications For Heterogeneous Systemsmentioning

confidence: 99%

Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous Era

Mahmoud

Lenders²,

Stojilović

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

Given the need for efficient high-performance computing, computer architectures combining central processing units (CPUs), graphics processing units (GPUs), and field-programmable gate arrays (FPGAs) are currently prevalent. However, each of these components suffers from electrical-level security risks. Moving to heterogeneous systems, with the potential of multitenancy, it is essential to understand and investigate how the security vulnerabilities of individual components may affect the system as a whole. In this work, we provide a survey on the electrical-level attacks on CPUs, FPGAs, and GPUs. Additionally, we discuss whether these attacks can extend to heterogeneous systems and highlight open research directions for ensuring the security of heterogeneous computing systems in the future.

show abstract

One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization

Cited by 2 publications

References 13 publications

Dropbear: Machine Learning Marketplaces made Trustworthy with Byzantine Model Agreement

Dropbear: Machine Learning Marketplaces made Trustworthy with Byzantine Model Agreement

Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous Era

Contact Info

Product

Resources

About