A Self Aware Security Approach for Real Time Neural Network Applications from Row Hammer Attacks in Multi FPGA Multi User Environment

The present era has witnessed the wide deployment of reconfigurable hardware or field programmable gate arrays (FPGAs) in several critical infrastructures. Designers deploy multiple FPGAs in such critical infrastructures and utilize the dynamic partial reconfiguration property of FPGAs to divide its fabric into multiple virtual partitions and offer them to users to host their custom applications. Users may develop smart neural network (NN) based applications and host them in such environments. Building and training such applications need knowledge, resource and time. Hence, their architecture and working need significant protection and security. Malicious co-users in an FPGA platform may try to steal or modify the secret information, which in the present case are the NN weights and biases that are stored in the local DRAM. Secret information stealing can take place via side-channels, while attacks like the row hammer can modify them at runtime. Existing works essentially focus on how stealing such information via side channels is possible and propose their related security techniques. To the best of our knowledge, none focus on attacks that modify this information and lead to erroneous result, which may ultimately cause fatal consequences. In this work, we depict how row hammer attacks can modify the information and propose a runtime security strategy to mitigate it. In this mechanism, we develop runtime agents (RAs) that monitors the memory access and on detecting any anomalous behaviour, communicates with other RAs to outsource the application and complete them within time. The malicious application is isolated, to prevent any future malfunction. Low overhead of the RAs and high success rate depict the effectiveness of our strategy for practical scenarios.