October 22, 2021
1-4 pm


Ramesh Karri; Professor of ECE, New York University, rkarri@nyu.edu
Farinaz Koushanfar; Professor of ECE, University of California San Diego, fkoushanfar@eng.ucsd.edu
Ankur Srivastava; Professor of ECE, University of Maryland, ankurs@umd.edu

About the tutorial

The objective of this tutorial is to make the architecture community aware of substantial recent advances in the field of hardware security thereby motivating a new line of architectural innovations targeting more secure and safe computing systems.

The fundamental advances in AI has led to new innovations in computing platforms capable for substantial speedup on such data hungry computational structures compared to conventional von-neumann computing architectures. AI algorithms, due to their inherent characteristics are subject to a host of attacks including poisoning during modeling, adversarial inputs and HW/SW backdoors (to name a few). AI based systems are also subject to a host of additional requirement including data privacy and bias correction.

Koushanfar has done substantial pioneering work in the area of fundamentally secure AI systems with implications to how novel AI hardware is designed and optimized. To enable ubiquitous deployment of deep learning approaches across various intelligent applications, Koushanfar will present her work on architectural support for hardware implementation of secure and robust deep learning. These methods include “Federated Learning” approaches which are fundamentally privacy preserving in distributed learning protocols, design methods for circuit level garbling which allows secure two party computation protocols to be efficiently executed in hardware, fully homomorphic encryption methods and other related security considerations in AI systems which have implications to how these systems are architected and built.

Srivastava will focus on a related yet significant challenge posed by use of untrusted supply chains to design and fabricate future AI systems. Particular attention will be paid to the “design obfuscation” challenge which is highly problematic in AI hardware. Many microelectronics companies, including the Defense Industrial Base (DIB) corporations routinely outsource the fabrication of their designs to off-shore foundries in order to get access to advanced process nodes and to reduce high fabrication cost. This trend has increasingly raised security concerns related to reverse-engineering, Intellectual Property (IP) piracy, over-production, unauthorized access, Trojan insertion and supply chain integrity. To mitigate these threats, a substantial body of research has resulted in the development of various techniques for locking or obfuscating the design’s functional/structural and timing characteristics and guard against the incorporation of Trojans in the designs. Srivastava will focus on how futuristic AI systems are particularly susceptible to stealing of critical deep learning model details from untrusted semiconductor supply chain. He will also present new design methods which build upon strong mathematical guarantees such that these design details remain secure and secret.

Karri will build upon such design methods and present new advances in architecture level solutions to building designs which do not expose critical details to untrusted fabs. The architecture level approach has three advantages: (i) it allows designers to obfuscate IP cores generated with many different methods (e.g., hardware generators, high-level synthesis tools, and pre-existing IPs); (ii) it obfuscates the semantics of an IC before synthesis; (iii) it does not require modifications to EDA flows. Such a tool called ASSURE has already been released and is being used by the defense design community. ASSURE is a technology-independent tool and operates on the RT/architecture level after system integration but before logic synthesis. ASSURE obfuscates existing IPs and those generated with commercial HLS tools. Even if logic locking is a hardware approach, obfuscating RTL code has analogies with program obfuscation to protect the software IP.

Schedule for Oct. 22

1:00–4:00 pm

About the organizers

Ramesh Karri, NYURamesh Karri is a Professor of Electrical and Computer Engineering at New York University. He co-founded and co-directs the NYU Center for Cyber Security. He co-founded the Trust-Hub and organizes the Embedded Security Challenge, the annual red team blue team event. Ramesh Karri has a Ph.D. in Computer Science and Engineering, from the University of California at San Diego and a B.E in ECE from Andhra University. His research and education activities in hardware cybersecurity include trustworthy integrated circuits, processors and cyber-physical systems; security-aware computer-aided design, test, verification, validation, and reliability; nano meets security; hardware security competitions, benchmarks and metrics; biochip security; additive manufacturing security. He has published over 275 articles in leading journals and conference proceedings. He is a Fellow of the IEEE. He is the Editor-in-Chief of ACM Journal of Emerging Technologies in Computing. Besides, he served/s as the Associate Editor of IEEE Transactions on Information Forensics and Security (2010-2014), IEEE Transactions on CAD (2014-), ACM Journal of Emerging Computing Technologies (2007-), ACM Transactions on Design Automation of Electronic Systems (2014-), IEEE Access (2015-), IEEE Transactions on Emerging Technologies in Computing (2015-), IEEE Design and Test (2015-) and IEEE Embedded Systems Letters (2016-). He served as an IEEE Computer Society Distinguished Visitor (2013-2015). He served on the Executive Committee of the IEEE/ACM Design Automation Conference leading the Security@DAC initiative (2014-2017).

Farinaz Koushanfar, UCSDFarinaz Koushanfar is a professor and Henry Booker Faculty Scholar in the Electrical and Computer Engineering (ECE) department at University of California San Diego (UCSD), where she directs the Adaptive Computing and Embedded Systems (ACES) Lab. She is the co-founder and co-director of the UCSD Center for Machine-Integrated Computing & Security (MICS) which launched in 2018. Prof. Koushanfar received her Ph.D. in Electrical Engineering and Computer Science as well as her M.A. in Statistics from UC Berkeley in December 2005. Her research addresses several aspects of efficient computing and embedded systems, with a focus on hardware and system security, real-time/energy-efficient big data analytics under resource constraints, design automation and synthesis for emerging applications, as well as practical privacy-preserving computing.

Ankur Srivastava, UMDAnkur Srivastava is a Professor of ECE and Director of the Institute for Systems Research at the University of Maryland College Park. He received his bachelors in technology from the Indian Institute of Technology Delhi in May 1998 with Electrical Engineering major, Masters in Computer Engineering in June 2000 from department of ECE Northwestern University and PhD from CS department of University of California Los Angeles in September 2002. His main area of interest is design methods and runtime control policies for high performance, low energy and secure multi-core processors and other VLSI circuits. He is the recipient of the “Outstanding PhD Award” from the Computer Science Department of UCLA and the George Corcoran Memorial Outstanding Teaching Award by the ECE department of University of Maryland.