%0 Thesis %1 noauthororeditor %A Götz, Raphael %A Krauß, Torsten %A Dmitrienko, Alexandra %D 2023 %K myown raphaelgoetz sss-group thesis_supervised_by_sss_member %T Ensuring Integrity of NVMe Offloaded Data in Large-Scale Machine Learning %X Machine learning is increasingly used in security-critical domains and therefore has become an attractive target for attackers. In a targeted poisoning attack, the machine learning model is trained to behave normally on benign input, however, when a certain trigger is present in the input, an attacker-chosen misbehavior is triggered. At the same time, neural networks are constantly increasing in size, especially in the natural language processing domain, because more parameters can achieve higher accuracy. In recent years, there have been impressive innovations that have led to networks such as the Megatron-Turing NLG 530B with 530 billion parameters. DeepSpeed is an open-source deep learning optimization library that enables the training of such large networks. One of many innovations it implements is a Non-Volatile Memory Express (NVMe) offload that increases memory efficiency by moving data from expensive GPU and CPU memory to cheap NVMe memory. However, this mechanism opens a potential attack surface that could be exploited to perform poisoning attacks. Therefore, this thesis investigates the security of the NVMe offload mechanism and improves it. To achieve this, first, untargeted poisoning attack scenarios are tested to show that the NVMe offload is actually vulnerable. Then a security extension, able to guarantee the integrity and freshness of the data offloaded to the NVMe is designed and extensively evaluated. During this process, various trade-offs between security and performance impact are carefully considered through the implementation and benchmarking of several different versions of the extension. Based on the experimental results, the security extension is then further improved. Furthermore, this thesis also investigates if multithreading and the use of previously generated hash tables can reduce the performance impact.

@mastersthesis{noauthororeditor, abstract = {Machine learning is increasingly used in security-critical domains and therefore has become an attractive target for attackers. In a targeted poisoning attack, the machine learning model is trained to behave normally on benign input, however, when a certain trigger is present in the input, an attacker-chosen misbehavior is triggered. At the same time, neural networks are constantly increasing in size, especially in the natural language processing domain, because more parameters can achieve higher accuracy. In recent years, there have been impressive innovations that have led to networks such as the Megatron-Turing NLG 530B with 530 billion parameters. DeepSpeed is an open-source deep learning optimization library that enables the training of such large networks. One of many innovations it implements is a Non-Volatile Memory Express (NVMe) offload that increases memory efficiency by moving data from expensive GPU and CPU memory to cheap NVMe memory. However, this mechanism opens a potential attack surface that could be exploited to perform poisoning attacks. Therefore, this thesis investigates the security of the NVMe offload mechanism and improves it. To achieve this, first, untargeted poisoning attack scenarios are tested to show that the NVMe offload is actually vulnerable. Then a security extension, able to guarantee the integrity and freshness of the data offloaded to the NVMe is designed and extensively evaluated. During this process, various trade-offs between security and performance impact are carefully considered through the implementation and benchmarking of several different versions of the extension. Based on the experimental results, the security extension is then further improved. Furthermore, this thesis also investigates if multithreading and the use of previously generated hash tables can reduce the performance impact.}, added-at = {2023-08-29T15:28:12.000+0200}, author = {Götz, Raphael and Krauß, Torsten and Dmitrienko, Alexandra}, biburl = {https://www.bibsonomy.org/bibtex/23883b85a842f1e1f990080252bcf1825/raphael.goetz}, interhash = {5e3faf8335c0545a4558fc585d7bfa91}, intrahash = {3883b85a842f1e1f990080252bcf1825}, keywords = {myown raphaelgoetz sss-group thesis_supervised_by_sss_member}, timestamp = {2023-08-29T15:54:22.000+0200}, title = {Ensuring Integrity of NVMe Offloaded Data in Large-Scale Machine Learning}, year = 2023 }