{"id":148,"date":"2025-09-02T08:55:26","date_gmt":"2025-09-02T08:55:26","guid":{"rendered":"https:\/\/haco.club\/?p=148"},"modified":"2025-09-03T08:56:18","modified_gmt":"2025-09-03T08:56:18","slug":"the-devil-is-in-the-micro-architectures-uncovering-new-side-channel-and-bit-flip-attack-surfaces","status":"publish","type":"post","link":"https:\/\/haco.club\/?p=148","title":{"rendered":"The Devil is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces"},"content":{"rendered":"\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"The Devil is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/ywm5krs1GEs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Jolio and Yenzo discusses new attack vectors on Deep Neural Network (DNN) executables, specifically focusing on side-channel and bit-flip vulnerabilities.<\/p>\n\n\n\n<p>Here&#8217;s a summary of the key points:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNN Executables and Vulnerabilities:<\/strong> The talk begins by explaining that cloud service providers deploy machine learning models as valuable services. Attackers can exploit side-channels to learn about the architecture of these models, which then opens the door for other attacks. The speakers investigate if DNN executables, created through deep learning compilation for performance, are also vulnerable.<\/li>\n\n\n\n<li><strong>Deep Compilation and Side-Channels:<\/strong> Deep learning compilers optimize models for specific hardware, creating standalone executables. While traditional side-channel attacks might not work directly, the researchers found that compiler optimizations leave &#8220;fingerprints&#8221; in the cache access patterns. These patterns can be analyzed to infer the model&#8217;s architecture.<\/li>\n\n\n\n<li><strong>Bit-Flip Attacks:<\/strong> The second part of the talk focuses on bit-flip attacks, where the goal is to corrupt the model&#8217;s intelligence by flipping bits in the compiled machine code. The researchers found that by identifying &#8220;super bits&#8221; \u2013 vulnerable bits that are consistent across different models \u2013 they could achieve a high success rate in disabling the model&#8217;s functionality. This method proved to be significantly more effective than previous attacks that targeted the model&#8217;s weights.<\/li>\n\n\n\n<li><strong>Key Takeaways:<\/strong> The presentation concludes that deep learning compiler optimizations can inadvertently leak model architecture information through side-channels. Furthermore, DNN executables are more susceptible to bit-flip attacks than the model weights themselves. The speakers call for more security research in this area to develop both offensive and defensive strategies.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-ndss-symposium wp-block-embed-ndss-symposium\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"yRnWO607Xa\"><a href=\"https:\/\/www.ndss-symposium.org\/ndss-paper\/compiled-models-built-in-exploits-uncovering-pervasive-bit-flip-attack-surfaces-in-dnn-executables\/\">Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables&#8221; &#8212; NDSS Symposium\" src=\"https:\/\/www.ndss-symposium.org\/ndss-paper\/compiled-models-built-in-exploits-uncovering-pervasive-bit-flip-attack-surfaces-in-dnn-executables\/embed\/#?secret=G2UKC0K4so#?secret=yRnWO607Xa\" data-secret=\"yRnWO607Xa\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Jolio and Yenzo discusses new attack vectors on Deep Neural [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[28,27,5,26],"class_list":["post-148","post","type-post","status-publish","format-standard","hentry","category-black-hat","tag-dnn","tag-microarchitecture","tag-security","tag-side-channel-2"],"_links":{"self":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=148"}],"version-history":[{"count":3,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/148\/revisions"}],"predecessor-version":[{"id":173,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/148\/revisions\/173"}],"wp:attachment":[{"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}