GR-06 - ELECTRONIC DESIGN AUTOMATION - EDA
Secure Enclave for private ML IP execution
Reference persons EDOARDO PATTI
External reference persons Luca Barbierato(email@example.com)
Thesis type EXPERIMENTAL
Description Secure Enclave is a hardware-based security technology that provides a trusted execution environment (TEE) for executing sensitive code and data. It is often used to protect private ML IPs, such as ML models and algorithms, from unauthorised access and tampering.
Secure Enclave is typically implemented as a dedicated hardware module within a CPU or SoC (System-on-Chip). This module has its own memory and processing resources and is isolated from the rest of the system by a hardware security boundary. This makes it very difficult for attackers to access or modify the code and data that is being executed within the Secure Enclave.
There are a number of benefits to using Secure Enclave for private ML IP execution:
- **Confidentiality:** Secure Enclave can protect the confidentiality of private ML IPs by encrypting them at rest and in transit. This prevents unauthorised users from accessing the ML IP, even if they can compromise the rest of the system.
- **Integrity:** Secure Enclave can protect the integrity of private ML IPs by ensuring that it is not modified without authorisation. This is done by using digital signatures to verify the authenticity of the ML IP before it is executed.
- **Attestation:** Secure Enclave can be used to attest to the authenticity of private ML IPs. This can be useful for proving to third parties that the ML IP is genuine and has not been tampered with.
Here are some examples of how Secure Enclave is being used to protect private ML IP in the real world:
- **Google Pixel phones:** Google uses Secure Enclave to protect the Face Unlock feature on Pixel phones. The facial recognition model is stored and executed within the Secure Enclave, which prevents it from being accessed by unauthorised apps.
- **Apple iPhone:** Apple uses Secure Enclave to protect various sensitive data on the iPhone, including the user's fingerprint and facial recognition data and the data used by Apple Pay.
- **Qualcomm Snapdragon SoCs:** Qualcomm integrates Secure Enclave into its Snapdragon SoCs, which are used in a wide range of devices, including smartphones, tablets, and wearables. This allows developers to use Secure Enclave to protect their ML IP on Qualcomm-powered devices.
The main objective of the thesis is to develop a Secure Enclave system for private Machine Learning Intellectual Property (ML IP) execution within a System-on-Chip (SoC) designed at the University of Bologna. Specifically, it involves a GAP8 core developed by GreenWave Technology featuring a cluster of 8 RISC-V cores capable of accelerating the execution of specific deep-learning model kernels.
Currently, the system is programmed using DORY, a toolchain that compiles a neural network and accelerates its execution on the cluster. The thesis aims to enhance DORY by integrating steps for decoding and verifying the deep learning model, assuming that the cluster resides within a Secure Enclave.
Deadline 03/11/2024 PROPONI LA TUA CANDIDATURA