Abstract
Machine learning is increasingly used in security-critical domains and therefore has become
an attractive target for attackers. In a targeted poisoning attack, the machine learning
model is trained to behave normally on benign input, however, when a certain trigger is
present in the input, an attacker-chosen misbehavior is triggered. At the same time, neural
networks are constantly increasing in size, especially in the natural language processing
domain, because more parameters can achieve higher accuracy. In recent years, there have
been impressive innovations that have led to networks such as the Megatron-Turing NLG
530B with 530 billion parameters. DeepSpeed is an open-source deep learning optimization
library that enables the training of such large networks. One of many innovations it
implements is a Non-Volatile Memory Express (NVMe) offload that increases memory
efficiency by moving data from expensive GPU and CPU memory to cheap NVMe memory.
However, this mechanism opens a potential attack surface that could be exploited to
perform poisoning attacks. Therefore, this thesis investigates the security of the NVMe
offload mechanism and improves it. To achieve this, first, untargeted poisoning attack
scenarios are tested to show that the NVMe offload is actually vulnerable. Then a security
extension, able to guarantee the integrity and freshness of the data offloaded to the NVMe
is designed and extensively evaluated. During this process, various trade-offs between
security and performance impact are carefully considered through the implementation and
benchmarking of several different versions of the extension. Based on the experimental
results, the security extension is then further improved. Furthermore, this thesis also
investigates if multithreading and the use of previously generated hash tables can reduce
the performance impact.
Users
Please
log in to take part in the discussion (add own reviews or comments).