Towards Robust Deep Learning on GPUs

This is a project home page of NSF Collaborative Research: SHF: Small:: Torwards Robust Deep Learning Computing on GPUs (CU Boulder site, WVU site)

Project Managers

Hyeran Jeon (University of California Merced) - Lead PI

Tamara Lehman (University of Colorado Boulder)

Nima Karimian (West Virginia University)

Graduate Students

Mujahid Al Rafi (UC Merced)

Yuan Feng (UC Merced)

Ange Thierry Ishimwe (CU Boulder)

Undergraduate Students

Aishwaria Rangasamy (UC Merced)

Xavier Ybarra (UC Merced)

Alexander Juenemann (CU Boulder)

Goals and Achievements

Graphics processing units (GPU) have become one of the most promising computing engines in many application domains such as scientific simulations and deep learning. With the massive parallel processing power provided by GPUs, most of the state-of-the-art server and edge systems employ GPUs as the core computing engines for deep-learning model training and inference. As the performance of deep learning models becomes one of the most important delimiters that determines market revenue of the model creators and the convenience of daily lives of model consumers, it is critical to enforce reliable and robust deep-learning computation. This project aims to explore the challenges and opportunities to address the reliability and privacy implications of GPU computing as a deep-learning accelerator and design lightweight protection schemes.

The technical aims of this project are divided into three thrusts.

1) Exploration of vulnerabilities and their impact on GPU-based deep-learning computing.

• Mujahid Al Rafi, Yuan Feng, and Hyeran Jeon, "Too Noisy To Extract: Pitfalls of Model Extraction Attacks," Workshop on Negative results, Opportunities, Perspectives, and Experiences In conjunction with ASPLOS-27 (NOPE), Feb 2022

• Mujahid Al Rafi*, Yuan Feng,* and Hyeran Jeon, "Revealing Secrets From Pre-trained Models," arXiv Preprint, July 2022

2) Tackling the vulnerabilities at the compute-unit level by redesigning GPU building blocks.

3) Designing selective integrity protection mechanisms without imposing significant performance overhead.

Educational Activities

• UC Merced

  • Topics of "Security and Reliability" and "GPU and Accelerators" are newly added in EECS253 (Computer Architecture and Design) in Fall 2021

  • With supplemental REU support, two undergrad students have been recruited and are doing research in Summer 2022.

• University of Colorado Boulder

  • An REU student and a PhD student have been recruited. The students are exploring impact of rowhammer attack on DNN computing.

  • "Secure Deep Learning Computing on GPUs - Analysis on Rowhammer Implementation," presented at CU Boulder SPUR Final Presentation Workshop.

• West Virginia University