Research on security of GPU memory in deep learning systems딥러닝 시스템에서의 GPU 메모리 보안에 관한 연구
Modern deep learning frameworks rely heavily on GPUs to accelerate the computation. However, the security implication of GPU device memory exploitation on deep learning frameworks has been largely neglected. In this dissertation, we argue that GPU device memory manipulation is a novel attack vector against deep learning systems. We present a novel attack method leveraging the attack vector, which makes deep learning predictions no longer different from random guessing by degrading the accuracy of the predictions. To manipulate GPU device memory, we also propose a novel exploit technique that can execute arbitrary code by exploiting a vulnerability of a GPU function. To the best of our knowledge, we are the first to show a practical attack that directly exploits deep learning frameworks through GPU memory manipulation. We demonstrate the attack against DjiNN, a DL inference server, in a realistic environment to present the practicality. We confirmed that our attack works on three popular deep learning frameworks. TensorFlow, CNTK, and Caffe, running on CUDA. Finally, we propose defense mechanisms against our attack, and discuss concerns of GPU memory safety.
- Advisors
- Yoon, Hyunsooresearcher; 윤현수researcher
- Description
- 한국과학기술원 :전산학부,
- Publisher
- 한국과학기술원
- Issue Date
- 2021
- Identifier
- 325007
- Language
- eng
- Description
학위논문(박사) - 한국과학기술원 : 전산학부, 2021.8,[iv, 53 p. :]
- Keywords
Deep learning security▼aGraphics process unit security▼aGPU memory exploit▼aReverse engineering▼aCompute unified device architecture; 딥러닝 보안▼aGPU 보안▼aGPU 메모리 취약점 공격▼a역분석▼a쿠다
- Appears in Collection
- CS-Theses_Ph.D.(박사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.