Jose Rodrigo Sanchez Vicarte
Benjamin Schreiber
Riccardo Paccagnella
Christopher W. Fletcher
2020-01-19
<p>This artifact describes the frameworks used for our evaluation. The frameworks consist of two main components: A Pytorch Component, and an SGX Proof of Concept. The Pytorch Component can be used to replicate the machine learning results from Section 7. These results can be replicated on any machine which can run Python, although errors may be encountered if CUDA is not available.<br>
The code of this component allows for training a baseline, simulating or executing a full OS-managed attack for the variants described in Sections 4.1 & 4.2, and simulating the variant from Section 4.3. The SGX PoC consists of an SGX application and a kernel module, which can be used to replicate the results from Section 6. This artifact was validated on a bare-metal machine with Ubuntu Linux, using a Intel i7-6700K CPU with Intel SGX (albeit this requirement could be relaxed by using SGX in simulation mode). The SGX Application does not fully train a network; it loads the CIFAR-10 data set into enclave memory, and spawns multiple threads which asynchronously sample batches and accumulate data into shared memory. The kernel module contains the logic to perform a controlled-channel attack [74], which monitors data sampling, and the code to halt and release the worker threads of the SGX application for the attack.</p>
https://doi.org/10.5281/zenodo.3628042
oai:zenodo.org:3628042
eng
Zenodo
https://doi.org/10.5281/zenodo.3598008
info:eu-repo/semantics/openAccess
University of Illinois/NCSA Open Source License
http://otm.illinois.edu/uiuc_openSource
ASPLOS, Architectural Support for Programming Languages and Operating Systems, Lousanne, March 16-20, 2020
machine learning, poisoning attacks, SGX, adversarial machine learning
Game of Threads: Enabling Asynchronous Poisoning Attacks
info:eu-repo/semantics/other