Page 175 - 《软件学报》2021年第8期

P. 175

软件学报 ISSN 1000-9825, CODEN RUXUEW E-mail: jos@iscas.ac.cn
Journal of Software,2021,32(8):2457−2468 [doi: 10.13328/j.cnki.jos.006193] http://www.jos.org.cn
©中国科学院软件研究所版权所有. Tel: +86-10-62562563

∗
基于木马的方式增强 RRAM 计算系统的安全性

1
1
1
邹敏辉 , 周俊龙 , 孙晋 , 汪成亮 2
1
(南京理工大学计算机科学与工程学院,江苏南京 210094)
2
(重庆大学计算机学院,重庆 400044)
通讯作者: 周俊龙, E-mail: jlzhou@njust.edu.cn; 汪成亮, E-mail: wangcl@cqu.edu.cn

摘要: 基于新型存储器件 RRAM 的计算系统因为能够在内存中执行矩阵点乘向量运算而受到广泛的关注.然
而,RRAM 计算系统的安全性却未受到足够的重视.攻击者通过访问未授权的 RRAM 计算系统,进而以黑盒攻击的
方式来获取存储于 RRAM 计算系统中的神经网络模型.以阻止此种攻击为目标,所提出的防御方法是基于良性木
马,即当 RRAM 计算系统未授权时,系统中的木马极容易被激活,进而影响系统的输出预测准确性,从而保证系统不
能正常运行;当 RRAM 计算系统被授权时,系统中的木马极难被误激活,从而系统能够正常运行.实验结果表明,该方
法能够使未授权的 RRAM 计算系统的输出预测准确性降低至 15%以下,并且硬件开销小于系统中 RRAM 硬件的
4.5%.
关键词: RRAM 计算系统;木马;安全
中图法分类号: TP309

中文引用格式: 邹敏辉,周俊龙,孙晋,汪成亮.基于木马的方式增强 RRAM 计算系统的安全性.软件学报,2021,32(8):
2457−2468. http://www.jos.org.cn/1000-9825/6193.htm
英文引用格式: Zou MH, Zhou JL, Sun J, Wang CL. Enhancing security of RRAM computing system based on Trojans. Ruan
Jian Xue Bao/Journal of Software, 2021,32(8):2457−2468 (in Chinese). http://www.jos.org.cn/1000-9825/6193.htm

Enhancing Security of RRAM Computing System Based on Trojans

1
1
1
ZOU Min-Hui , ZHOU Jun-Long , SUN Jin , WANG Cheng-Liang 2
1
(School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China)
2
(College of Computer Science, Chongqing University, Chongqing 400044, China)
Abstract: Computing systems based on the emerging device resistive random-access memory (RRAM) have received a lot of attention
due to its capability of performing matrix-vector-multiplications operations in memory. However, the security of the RRAM computing
system has not been paid enough attention. An attacker can gain access to the neural network models stored in the RRAM computing
system by illegally accessing an unauthorized RRAM computing system and then carrying on a black-box attack. The goal of this study is
to thwart such attacks. The defense method proposed in this study is based on benign Trojan, which means that when the RRAM
computing system is not authorized, the Trojan in the system are extremely easy to be activated, which in turn affects the prediction
accuracy of the system's output, thus ensuring that the system is not able to operate normally; when the RRAM computing system is
authorized, the Trojan in the system are extremely difficult to be activated accidently, thus enabling the system to operate normally. It is

∗ 基金项目: 国家自然科学基金(61672115, 61802185, 61872185); 江苏省自然科学基金(BK20190447, BK20180470); 教育部中
央高校基本科研业务费专项资金(30919011233, 30919011402); 中国博士后科学基金(2020M680068)
Foundation item: National Natural Science Foundation of China (61672115, 61802185, 61872185); Natural Science Foundation of
Jiangsu Province (BK20190447, BK20180470); Fundamental Research Funds for the Central Universities of China (30919011233,
30919011402); China Postdoctoral Science Foundation (2020M680068)
本文由“泛在嵌入式智能系统”专题特约编辑郭兵教授、王泉教授、邓庆绪教授、陈铭松教授、张凯龙副教授推荐.
收稿时间: 2020-07-25; 修改时间: 2020-09-07; 采用时间: 2020-11-02; jos 在线出版时间: 2021-02-07

170 171 172 173 174 175 176 177 178 179 180