10.5281/zenodo.3628039
https://zenodo.org/records/3628039
oai:zenodo.org:3628039
Jose Rodrigo Sanchez Vicarte
Jose Rodrigo Sanchez Vicarte
University of Illinois, Urbana Champaign
Benjamin Schreiber
Benjamin Schreiber
University of Illinois, Urbana Champaign
Riccardo Paccagnella
Riccardo Paccagnella
University of Illinois, Urbana Champaign
Christopher W. Fletcher
Christopher W. Fletcher
University of Illinois, Urbana Champaign
Game of Threads: Enabling Asynchronous Poisoning Attacks
Zenodo
2020
machine learning, poisoning attacks, SGX, adversarial machine learning
2020-01-19
eng
10.5281/zenodo.3598008
2
University of Illinois/NCSA Open Source License
This artifact describes the frameworks used for our evaluation. The frameworks consist of two main components: A Pytorch Component, and an SGX Proof of Concept. The Pytorch Component can be used to replicate the machine learning results from Section 7. These results can be replicated on any machine which can run Python, although errors may be encountered if CUDA is not available.
The code of this component allows for training a baseline, simulating or executing a full OS-managed attack for the variants described in Sections 4.1 & 4.2, and simulating the variant from Section 4.3. The SGX PoC consists of an SGX application and a kernel module, which can be used to replicate the results from Section 6. This artifact was validated on a bare-metal machine with Ubuntu Linux, using a Intel i7-6700K CPU with Intel SGX (albeit this requirement could be relaxed by using SGX in simulation mode). The SGX Application does not fully train a network; it loads the CIFAR-10 data set into enclave memory, and spawns multiple threads which asynchronously sample batches and accumulate data into shared memory. The kernel module contains the logic to perform a controlled-channel attack [74], which monitors data sampling, and the code to halt and release the worker threads of the SGX application for the attack.