On-chip communication protocols like ARM AXI, RISC-V TileLink, and Wishbone govern communications between processors, memories, I/O, and accelerators. These protocols were developed to maximize performance. Their focus on performance leaves the protocols vulnerable to security risks as many implementations either do not follow the standard or the standard leaves important vulnerabilities underspecified. This is dangerous as it opens the door to exploits that can snoop on on-chip communication or lead to denial of service attacks.

eXpect was developed to systematically analyze AXI implementations for functional and security violations. Testing it on seven implementations, including AMD Xilinx and RISC-V PULP, revealed 135 violations, with 10 leading to seven significant exploits. These exploits demonstrated risks like using stale data and bypassing memory operations, which went undetected by AMD Xilinx’s protocol checkers in most cases.

eXpect was a collaboration started during Ryan’s Zurich sabbatical in 2022. The research was lead by Melisande Zonta-Roudes in Prof. Shweta Shinde‘s ETH Zurich research group. KRG members Francesco Restuccia played a key role in developing the initial ideas and Andy Meza helped with the implementation and testing.

eXpect was nominated for the Best Paper Award at the IEEE/ACM International Conference on Computer-Aided Design (ICCAD) 2024. Congrats to all the authors!

After a many year hiatus, our research group retreat returned to Mammoth Lakes in late August. The days were spent hiking, swimming, and sightseeing in the Eastern Sierras and the evenings were spent discussing research plans for the upcoming year.

Ryan was named the William Nachbar endowed chair. William Nachbar was early faculty member of the UC San Diego Jacobs School of Engineering. Prof. Nachbar joined UCSD in 1965 as a professor of applied mechanics. His research focused on structural mechanics and combustion. He retired from UCSD in 1989 and passed away in 2005.

Despite the different research areas, there are some similarities. Both Prof. Nachbar and Ryan moved to UCSD as associate professors from other California universities (Stanford and UCSB, respectively). Prof. Nachbar worked on the first missile designed to be launched underwater. Ryan has done research in underwater systems for communications, robotics, and 3D vision. Prof. Nachbar “loved camping, fly fishing, snorkeling, and Mozart. And he loved his family.” Ryan similarly loves the outdoors, music, and his family.

UCSD Press Release
UCSD CSE Press Release

The great John East visited UCSD to give two lectures. John’s first lecture, “How to Succeed at Whatever You End Up Doing,” imparted knowledge that he has gained over his career to the “Embedded Systems Design Project” class. His second lecture in the Embedded Systems Seminar on “The History of Silicon and Semiconductor” was filled with stories of his long and storied career in Silicon Valley. John uniquely connects with the students and gives sage advice on business, research, and life. His nearly annual UCSD visits are always one of the highlights of my academic year.

Cloud service providers offer Field Programmable Gate Arrays (FPGAs) as a time-shared service for accelerating various workloads. With the current temporal sharing model, there is generally believed to be no information leakage between subsequent users since the FPGA is entirely digitally erased between each tenant.

Our results show that conventional wisdom is flawed: data from previous users of an FPGA can be extracted by measuring analog burn-in effects without physical access to the FPGA. We call these “FPGA pentimenti,” i.e., analog remnants of a previous user’s information that reflect themselves due to bias temperature instability (BTI) effects that change transistor timing behavior. Pentimenti arise when BTI causes are reversed and transistor characteristics recover, enabling a subsequent FPGA user to observe previous logical values applied to FPGA elements.

Much like infrared imaging can expose artwork pentimenti — early paint strokes since painted over by an artist whose remnants remain but are not visible to the naked eye — an FPGA pentimento can be extracted by a subsequent FPGA user even though the data was cleared, and thus no longer digitally exists on the device.

Our ASPLOS paper describes the results in more detail. Or listen to Colin’s lightning talk below.

We are working to redevelop UCSD CSE 160 “Introduction to Parallel Programming” to make it more open and accessible. A major effort is moving from CUDA and nVidia GPUs to OpenCL. That will enable us to target a much broader set of hardware accelerators like vector processing units, tensor processing units, field-programmable gate arrays, multi-core processors, and other emerging architectures. The video presented at the Qualcomm University Platforms Symposium describes the efforts that we are undertaking. The intended outcome is making the curriculum – the slides, the programming assignments, the classroom materials, etc. all open-source. I hope this will make it easier for other educators to adopt and students outside of UCSD to learn more about parallel computing. Many thanks to Qualcomm and Intel for supporting these curriculum changes.

FishSense has been on a tear recently. FishSense won the inaugural Transdisciplinary Collaboration Award at the 2024 Jacobs School of Engineering Research Expo. This comes on the heels of other accolades including a CA CARES research award and finalist at the Triton Innovation Challenge.

FishSense is a collaboration between Engineers for Exploration, Scripps Institution of Oceanography Semmens Lab, and REEF citizen scientists. FishSense provides simple yet effect tool for fisheries assessment. FishSense couples a commercial dive camera with an underwater laser and adds a bit of optics and machine learning to automatically determine fish length and biomass. Congrats Chris, Kyle, Avik, and the entire FishSense team!

Alireza Khodamoradi, Stephen Neuendorffer, and Kristof Denolf visited UCSD to discuss the latest and greatest at AMD. Ali, Steve, and Kristof are all part of AMD Research and Development Group. Ali discussed his research on new data types for hardware-accelerated computing. Ali is a Kastner Research Group Ph.D. alumnus who graduated two years ago and has since been working at AMD Xilinx. Steve is a long-time collaborator of our research group and co-author of the “Parallel Programming for FPGAs” with Ryan. Steve and Kristof did a tag-team presentation on the AI Engines — a new architecture that lies between a GPU and an FPGA. Kristof also has ties to our research group, having mentored Ali at Xilinx while Ali was doing an internship there during his Ph.D. and a co-author on our Streaming Spiking Neural Networks (S2N2) project. It was great to hear about their recent work and have all of them back in SD. And my apologies, but I forgot to record the AI Engine talk until a few minutes after it started!

Skip connections are valuable for training Residual Neural Networks (ResNets), helping them converge to a better solution faster. But skip connections add overhead to the hardware implementation; they require additional on-chip memory and other resources and larger memory bandwidths. Skip connections are like training wheels on a bicycle – they are helpful for learning but get in the way once the learning process is completed.

Tailor is a hardware-software codesign technique that modifies skip connections to be more hardware efficient while maintaining overall accuracy. Tailor gradually transforms a ResNet to remove or shorten the skip connections while iteratively retraining the network. Tailor can remove skip connections on smaller networks. As the network gets larger, removing the skip connections reduces accuracy. In these cases, Tailor makes the skip connections shorter. Perhaps non-intuitively, this reduces resources as the hardware synthesis tool (hls4ml in this case) will implement these shortened skip connections on local memories, which incurs very little additional overhead.

Tailor started in CSE 237C class in Fall 2020. That was during the height of the pandemic, so the class was totally online. Co-authors Olivia “Liv” Weng, Gabriel Marcano, and Nojan Sheybani were students in this class. Co-author Alireza “Ali” Khodamoradi and Ryan Kastner were course instructors. Ali came up with the idea and pitched it as a potential class project. The project went through several submissions and many rejections, but each time Liv and other co-authors took the reviewer’s comments, added more experiments, and polished the writing. The paper improved and picked up a few other co-authors along the way. Rejections are frustrating but a common (and rarely talked about) aspect of publishing in top venues. It was a journey that resulted in a very strong set of research results.

Links: The Tailor paper in the ACM Transactions on Reconfigurable Technology and Systems, “Davis” summarizes the work nicely, Edge Impulse highlights the project