skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Guarding the Gatekeepers: Ensuring the Security of Computation Hardware in Cloud Infrastructure
Physical computation devices, including CPUs, FPGAs, and GPUs, are integral to cloud computing but face unique security challenges. While cloud infrastructures are pivotal for service delivery, they are susceptible to threats. This paper introduces a novel hardware security framework to bolster cloud infrastructure resilience. Utilizing sidechannel measurements from the power distribution network (PDN), the framework detects anomalies in computational devices. Leveraging Ring Oscillators and Time-to-Digital Converters, we design PDN sensors, further enhancing security with a co-processor for real-time checks based on Neural Network analysis.  more » « less
Award ID(s):
2019310
PAR ID:
10568580
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
GOMACTech 2024
Date Published:
Format(s):
Medium: X
Location:
Charleston, SC, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, 2020 IEEE 38th International Conference on Computer Design (ICCD))
    null (Ed.)
    With the growing performance and wide application of deep neural networks (DNNs), recent years have seen enormous efforts on DNN accelerator hardware design for platforms from mobile devices to data centers. The systolic array has been a popular architectural choice for many proposed DNN accelerators with hundreds to thousands of processing elements (PEs) for parallel computing. Systolic array-based DNN accelerators for datacenter applications have high power consumption and nonuniform workload distribution, which makes power delivery network (PDN) design challenging. Server-class multicore processors have benefited from distributed on-chip voltage regulation and heterogeneous voltage regulation (HVR) for improving energy efficiency while guaranteeing power delivery integrity. This paper presents the first work on HVR-based PDN architecture and control for systolic array-based DNN accelerators. We propose to employ a PDN architecture comprising heterogeneous on-chip and off-chip voltage regulators and multiple power domains. By analyzing patterns of typical DNN workloads via a modeling framework, we propose a DNN workload-aware dynamic PDN control policy to maximize system energy efficiency while ensuring power integrity. We demonstrate significant energy efficiency improvements brought by the proposed PDN architecture, dynamic control, and power gating, which lead to a more than five-fold reduction of leakage energy and PDN energy overhead for systolic array DNN accelerators. 
    more » « less
  2. (, International Workshop on Trustworthy & Real-time Edge Computing for Cyber-Physical Systems)
    Past work has investigated intrusion detection mechanisms for real-time control devices. This work contributes a novel framework of separating security monitoring and detection from real-time control, where the former is performed on Cloud edge devices while the latter is run on embedded devices attached to the system that is controlled. We contribute a security monitoring system that validates worst-case timing bounds of the target controller and also validates its control outputs by comparing it against model-based predictions, which are derived from machine learning. 
    more » « less
  3. ; ; (, IEEE Transactions on Smart Grid)
    The electric power distribution network (PDN) and the transportation network (TN) are generally operated/coordinated by different entities. However, they are coupled through electric vehicle charging stations (EVCSs). This paper proposes to coordinate the operation of the two systems via a fully decentralized framework where the PDN and TN operators solve their own operation problems independently, with only limited information exchange. Nevertheless, the operation problems of both systems are generally mixed-integer programs (MIP), for which mature algorithms like the alternating direction method of multipliers (ADMM) may not guarantee convergence. This paper applies a novel distributed optimization algorithm called the SD-GS-AL method, which is a combination of the simplicial decomposition, gauss-seidel, and augmented Lagrangian, which can guarantee convergence and optimality for MIPs. However, the original SD-GS-AL may be computationally inefficient for solving a complex engineering problem like the PDN-TN coordinated optimization investigated in this paper. To improve the computational efficiency, an enhanced SD-GS-AL method is proposed by redesigning the inner loop of the algorithm, which can automatically and intelligently determine the iteration number of the inner loop. Simulations on the test cases show the efficiency and efficacy of the proposed framework and algorithm. 
    more » « less
  4. ; ; ; (, SEC '19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing)
    The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures. To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application. 
    more » « less
  5. ; ; (, Sensors)
    The increasing complexity and cost of manufacturing monolithic chips have driven the semiconductor industry toward chiplet-based designs, where smaller, modular chiplets are integrated onto a single interposer. While chiplet architectures offer significant advantages, such as improved yields, design flexibility, and cost efficiency, they introduce new security challenges in the horizontal hardware manufacturing supply chain. These challenges include risks of hardware Trojans, cross-die side-channel and fault injection attacks, probing of chiplet interfaces, and intellectual property theft. To address these concerns, this paper presents ChipletQuake, a novel on-chiplet framework for verifying the physical security and integrity of adjacent chiplets during the post-silicon stage. By sensing the impedance of the power delivery network (PDN) of the system, ChipletQuake detects tamper events in the interposer and neighboring chiplets without requiring any direct signal interface or additional hardware components. Fully compatible with the digital resources of FPGA-based chiplets, this framework demonstrates the ability to identify the insertion of passive and subtle malicious circuits, providing an effective solution to enhance the security of chiplet-based systems. To validate our claims, we showcase how our framework detects hardware Trojans and interposer tampering. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email