Intellectual Property Protection of Deep-Learning Systems via Hardware/Software Co-Design.

Recent advances in model piracy have uncovered a new security hole for malicious attacks endangering the Intellectual Property (IP) of Deep Learning (DL) systems. This manuscript features our research titled “DeepAttest: An End-to-End Attestation Framework for Deep Neural Networks” [1] that is selected for the 2021 Top Picks in hardware and embedded security. DeepAttest is the first end-to-end framework that achieves reliable and efficient IP protection of DL devices with hardware-bounded usage control. We leverage device-specific model fingerprinting and Trusted Execution Environment (TEE) to ensure that only DL models with the device-specific fingerprint can run inference on protected hardware.