Grant Call 1 - Awarded Projects

About the Project

As a principal competition among high technology industry sectors, deep neural network (DNN) accelerators have become an integral feature of most distributed computing architectures. Edge intelligence, where Artificial Intelligence (AI) meets edge computing, is becoming an insecurity gold mine. The fact that both robust and non-robust features exist inherently in the training dataset used by supervised learning makes it possible to add offensive noise into an input, known as adversarial example, to force a well-trained DNN classifier to produce a predication that is obviously wrong and unanticipated by a human being. Hardware-based attacks such as fault-injection and side-channel analyses further extend this attack surface across the software boundary and shatter the confidence of DNN implementation robustness. Moreover, stealing training data from compressed machine learning model has been proven possible in recent years. Precious model parameters of well-trained deep learning intellectual property can also be extracted by non-invasive attacks on the deployed DNN hardware. 

Related Thrust & Grant Call Theme 

Thrust: Thrust (iii) - ​Research For Advanced Hardware Evaluation Techniques for Modern Systems with Security and Privacy Features [ Read more ⮕]

Theme: Evaluating Modern Processors and Hardware for Security, Privacy and Assurance

The hardware attack vectors including physical-level fault attacks analysed in thrust iii and novel software-controlled fault injection method will be explored in this project. Specifically, we will propose and evaluate stealthy and practical attacks on modern edge hardware accelerators to delude a DNN hardware into misclassification or successfully extract the confidential parameters of the deep learning model. Lightweight and effective countermeasures against adversarial attacks on advanced DNN hardware will also be proposed to help with the design of more secure and robust DNN accelerators.

About the Project

NAND Flash memory is a non-volatile memory technology that is low cost, so it widely uses in mobile phones and other electronic devices. It is well known that mobile phone operating systems do not immediately remove file contents from Flash memories So, it is possible to recover file contents that have been erased.

We consider the feasibility of recovering image and video data that is either because the mobile phone Flash memory has been partially damaged so that it is no longer available for access, or because parts of the image and video contents in the Flash memory have been permanently erased.

Related Thrust & Grant Call Theme 

Thrust: Thrust (ii) - Computer Aided Data Analysis of Recovered Data [ Read more ⮕]

Theme: Rapid Recovery Forensics R&D

One of the main scopes of the thrust is data repair and augmentation for partially damaged or lost data segments. Our project focus on partially damaged image and video data repair.

About the Project

Trusted Execution Environment (TEE) is an emerging technology to protect user-space applications and virtual machines (VMs) from strong privileged adversaries (e.g., OSes, hypervisors). Modern processors are equipped with different TEE features to support trustworthy computing. However, TEE also adds tremendous difficulties and challenges for benign privileged layers to inspect and protect applications, as they cannot directly observe applications’ memory content or runtime behaviors. This dilemma brings new attack opportunities which do not exist in conventional non-TEE processors. In this project, we aim to propose novel approaches to indirectly retrieve information about the isolated applications from different aspects, which can be used together to construct the security indications and evidence.

Related Thrust & Grant Call Theme 

Thrust: Thrust (iv) - Advanced Side-Channels to Evaluate Security and Privacy Features of Modern Processors [ Read more ⮕]

Theme: Evaluating Modern Processors and Hardware for Security, Privacy and Assurance

Our project is related to Thrust (iv), which studies the possible vulnerabilities (e.g., side-channel attacks, spectre, meltdown) in modern TEE architecture. Our project aims to leverage different attack techniques to introspect the isolated environment and applications. We will also leverage side-channel techniques and memory extraction to build security tools. The project and thrust together can help us better understand the security of state-of-the-art TEEs, and apply them for more trustworthy environment.