FPGA Pentimenti: Transistors Leak Previous FPGA Cloud User Data

Cloud service providers offer Field Programmable Gate Arrays (FPGAs) as a time-shared service for accelerating various workloads. With the current temporal sharing model, there is generally believed to be no information leakage between subsequent users since the FPGA is entirely digitally erased between each tenant.

Our results show that conventional wisdom is flawed: data from previous users of an FPGA can be extracted by measuring analog burn-in effects without physical access to the FPGA. We call these “FPGA pentimenti,” i.e., analog remnants of a previous user’s information that reflect themselves due to bias temperature instability (BTI) effects that change transistor timing behavior. Pentimenti arise when BTI causes are reversed and transistor characteristics recover, enabling a subsequent FPGA user to observe previous logical values applied to FPGA elements.

Much like infrared imaging can expose artwork pentimenti — early paint strokes since painted over by an artist whose remnants remain but are not visible to the naked eye — an FPGA pentimento can be extracted by a subsequent FPGA user even though the data was cleared, and thus no longer digitally exists on the device.

Our ASPLOS paper describes the results in more detail. Or listen to Colin’s lightning talk below.

Open-Source Parallel Computing Curriculum

We are working to redevelop UCSD CSE 160 “Introduction to Parallel Programming” to make it more open and accessible. A major effort is moving from CUDA and nVidia GPUs to OpenCL. That will enable us to target a much broader set of hardware accelerators like vector processing units, tensor processing units, field-programmable gate arrays, multi-core processors, and other emerging architectures. The video presented at the Qualcomm University Platforms Symposium describes the efforts that we are undertaking. The intended outcome is making the curriculum – the slides, the programming assignments, the classroom materials, etc. all open-source. I hope this will make it easier for other educators to adopt and students outside of UCSD to learn more about parallel computing. Many thanks to Qualcomm and Intel for supporting these curriculum changes.

FishSense Nets Multiple Awards

FishSense has been on a tear recently. FishSense won the inaugural Transdisciplinary Collaboration Award at the 2024 Jacobs School of Engineering Research Expo. This comes on the heels of other accolades including a CA CARES research award and finalist at the Triton Innovation Challenge.

FishSense is a collaboration between Engineers for Exploration, Scripps Institution of Oceanography Semmens Lab, and REEF citizen scientists. FishSense provides simple yet effect tool for fisheries assessment. FishSense couples a commercial dive camera with an underwater laser and adds a bit of optics and machine learning to automatically determine fish length and biomass. Congrats Chris, Kyle, Avik, and the entire FishSense team!

Tailoring Skip Connections for More Efficient ResNet Hardware

Skip connections are valuable for training Residual Neural Networks (ResNets), helping them converge to a better solution faster. But skip connections add overhead to the hardware implementation; they require additional on-chip memory and other resources and larger memory bandwidths. Skip connections are like training wheels on a bicycle – they are helpful for learning but get in the way once the learning process is completed.

Tailor is a hardware-software codesign technique that modifies skip connections to be more hardware efficient while maintaining overall accuracy. Tailor gradually transforms a ResNet to remove or shorten the skip connections while iteratively retraining the network. Tailor can remove skip connections on smaller networks. As the network gets larger, removing the skip connections reduces accuracy. In these cases, Tailor makes the skip connections shorter. Perhaps non-intuitively, this reduces resources as the hardware synthesis tool (hls4ml in this case) will implement these shortened skip connections on local memories, which incurs very little additional overhead.

An original ResNet with skip connections in place. The same ResNet model with removed and shortened skip connections.

Tailor started in CSE 237C class in Fall 2020. That was during the height of the pandemic, so the class was totally online. Co-authors Olivia “Liv” Weng, Gabriel Marcano, and Nojan Sheybani were students in this class. Co-author Alireza “Ali” Khodamoradi and Ryan Kastner were course instructors. Ali came up with the idea and pitched it as a potential class project. The project went through several submissions and many rejections, but each time Liv and other co-authors took the reviewer’s comments, added more experiments, and polished the writing. The paper improved and picked up a few other co-authors along the way. Rejections are frustrating but a common (and rarely talked about) aspect of publishing in top venues. It was a journey that resulted in a very strong set of research results.

Links: The Tailor paper in the ACM Transactions on Reconfigurable Technology and Systems, “Davis” summarizes the work nicely, Edge Impulse highlights the project

NSF CSGrad4US Fellowship

Andres (Andy) Meza was awarded a 2022 National Science Foundation Computer and Information Science and Engineering (CISE) Graduate Fellowship (CSGrad4US). CSGrad4US “aims to increase the number and diversity of domestic graduate students pursuing research and innovation careers.”

Andy is a Research and Development Staff in our group working on hardware security and ML hardware acceleration. He plays a critical role in much of our group’s research. These include hardware security verification projects with industry (Intel, Cycuity, OpenTitan, Leidos, the Semiconductor Research Corporation) and academia (Cynthia Sturton’s group and Calvin Deutschbein). As if this isn’t enough, he also works on the hls4ml project on topics related MLPerf Tiny benchmarks and fault tolerance. To date, he has seven(!) publications at top venues with several more in submission.

Andy started with our group as an undergraduate. After graduation, he continued working on research projects and moved into his R&D staff role. Andy is applying for Ph.D. programs and will undoubtedly continue his research career as a Ph.D. student starting next academic year. We hope he stays at UCSD!

Congrats Andy on this well-deserved honor!

Engineering a Smarter Surfboard

The Smartfin project was highlighted in a ThisWeek@UCSD article. The Smartfin holds a microcontroller, temperature sensor, inertial measurement unit, and wireless radio — all embedded into a surfboard fin. This allows surfers to opportunistically gather oceanographic data in the near-shore environment, which is otherwise challenging for more traditionally sensors on buoys and moorings. Engineers for Exploration students are working this summer as part of the NSF-funded REU Site to solidify the data collection process, and develop in-house ability to manufacture Smartfins in a low-cost and open-source manner.

Exploiting the AMBA AXI Protocol for Denial of Service Attacks

Francesco Restuccia was invited to give a talk at the June 2022 edition of hardware.io — a conference dedicated towards showcasing novel hardware attacks and training the security community to defend against those attacks. Francesco’s talk details how the popular on-chip communication protocol is prone to attacks against the security and safety of on-chip resources. The attacks take advantage of inadequacies in the protocol, which was developed for high-speed communications, and not necessarily designed with safety and security in mind. For more details, check out his talk in its entiretly.

Scaling Hardware Security Property Generation

One of the biggest challenges in hardware security verification is developing formal properties that can subsequently be verified by automated tools. This is a difficult and time-consuming task typically assigned to security verification engineers that must manually sort through hundreds of thousands of lines of a hardware description.

Isadora Duncan By Arnold Genthe - http://snap361.net/ig-tag/arnoldgenthe/, Public Domain, https://commons.wikimedia.org/w/index.php?curid=76948922

Our recent article in IEEE Security & Privacy Special Issue on Formal Methods at Scale describes our research on developing Isadora – a tool that automates the property generation process for information-flow properties that are critical to the security of hardware designs. Isadora combines information flow tracking with specification mining to help automate the challenging security verification process. Congrats to the authors: Calvin Deutschbein, Andy Meza, Francesco Restuccia, Ryan Kastner, and Cynthia Sturton.

Olivia Weng Named NSF Graduate Research Fellow

Congratulations to Olivia Weng for being awarded a National Science Foundation Graduate Research Fellowship. The NSF GRF is one of the most prestigious graduate fellowships in the US. The fellowship will fund Liv for the remainder of her PhD allowing her to continue her research on the co-design of efficient, fault-tolerant computer architectures for applications in high-energy physics. One example is the Large Hadron Collider, where physicists need hardware that will process millions of particle collisions per second. Her research will allow their hardware, and the machine learning software that runs on it, to meet these intense computing demands while handing faults that are inherent in such sensors.

Smartfin turns Surfers into Citizen Scientists

Smartfin is an oceanographic sensor–equipped surfboard fin and citizen science program aimed to provide an increase of coastal ocean observations. Smartfins are used by surfers and paddlers in surf zone and nearshore regions to provide valuable oceanographic data in these challenging to sample ecosystems. Smartfin measures temperature, motion, and wet/dry sensing, GPS location, and cellular data transmission capabilities for the near-real-time monitoring of coastal physics and environmental parameters.

Over 300 Smartfins have been distributed around the world and have been in use for up to five years. The technology has been proven to be a useful scientific research tool in the coastal ocean—especially for observing spatiotemporal variability, validating remotely sensed data, and characterizing surface water depth profiles when combined with other tools—and the project has yielded promising results in terms of formal and informal education and community engagement in coastal health issues with broad international reach.

Our recent research article in the Continental Shelf Research journal describes the technology, the citizen science project design, and the results in terms of natural and social science analyses. We also discuss progress toward our outreach, education, and scientific goals. Congrats to Phil Bresnahan and all the authors!