Publications

@inproceedings{10.1145/3373376.3378462,
author = {Sanchez Vicarte, Jose Rodrigo and Schreiber, Benjamin and Paccagnella, Riccardo and Fletcher, Christopher W.},
title = {Game of Threads: Enabling Asynchronous Poisoning Attacks},
year = {2020},
isbn = {9781450371025},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3373376.3378462},
doi = {10.1145/3373376.3378462},
booktitle = {Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems},
pages = {35–52},
numpages = {18},
keywords = {adversarial machine learning, trusted execution environment, asynchronous stochastic gradient descent},
location = {Lausanne, Switzerland},
series = {ASPLOS ’20}
}
Jose Rodrigo Sanchez Vicarte, Benjamin Schreiber, Riccardo Paccagnella, and Christopher W. Fletcher. 2020. Game of Threads: Enabling Asynchronous Poisoning Attacks. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’20). Association for Computing Machinery, New York, NY, USA, 35–52. DOI:https://doi.org/10.1145/3373376.3378462
@inproceedings{inproceedings,
author = {Mahmoud, Abdulrahman and Aggarwal, Neeraj and Nobbe, Alex and Vicarte, Jose and Adve, Sarita and Fletcher, Christopher and Frosio, Iuri and Hari, Siva},
year = {2020},
month = {06},
pages = {25-31},
title = {PyTorchFI: A Runtime Perturbation Tool for DNNs},
doi = {10.1109/DSN-W50199.2020.00014}
}
Mahmoud, Abdulrahman & Aggarwal, Neeraj & Nobbe, Alex & Vicarte, Jose & Adve, Sarita & Fletcher, Christopher & Frosio, Iuri & Hari, Siva. (2020). PyTorchFI: A Runtime Perturbation Tool for DNNs.
@inproceedings{10.1109/ISCA.2018.00053,
author = {Choi, Woo-Seok and Tomei, Matthew and Vicarte, Jose Rodrigo Sanchez and Hanumolu, Pavan Kumar and Kumar, Rakesh},
title = {Guaranteeing Local Differential Privacy on Ultra-Low-Power Systems},
year = {2018},
isbn = {9781538659847},
publisher = {IEEE Press},
url = {https://doi.org/10.1109/ISCA.2018.00053},
doi = {10.1109/ISCA.2018.00053},
booktitle = {Proceedings of the 45th Annual International Symposium on Computer Architecture},
pages = {561–574},
numpages = {14},
keywords = {microcontrollers, randomized response, IoT, low-power systems, RAPPOR, differential privacy},
location = {Los Angeles, California},
series = {ISCA ’18}
}
Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, and Rakesh Kumar. 2018. Guaranteeing local differential privacy on ultra-low-power systems. In Proceedings of the 45th Annual International Symposium on Computer Architecture (ISCA ’18). IEEE Press, 561–574. DOI:https://doi.org/10.1109/ISCA.2018.00053

Game of Threads: Enabling Asynchronous Poisoning Attacks

Published in ASPLOS, 2020 (Full Paper | bibtex | Plain Text)

Our attack influences training outcome—e.g., degrades model accuracy or biases the model towards an adversary-specified label—purely by scheduling asynchronous training threads in a malicious fashion. Since thread scheduling is outside the protections of modern trusted execution environments (TEEs), e.g., Intel SGX, our attack bypasses these protections even when the training set can be verified as correct.