Reliability and Security Assessment of Modern Embedded Devices

L'abstract è presente nell'allegato / the abstract is in the attachmen

On the Reliability Assessment of Artificial Neural Networks Running on AI-Oriented MPSoCs

Nowadays, the usage of electronic devices running artificial neural networks (ANNs)-based applications is spreading in our everyday life. Due to their outstanding computational capabilities, ANNs have become appealing solutions for safety-critical systems as well. Frequently, they are considered intrinsically robust and fault tolerant for being brain-inspired and redundant computing models. However, when ANNs are deployed on resource-constrained hardware devices, single physical faults may compromise the activity of multiple neurons. Therefore, it is crucial to assess the reliability of the entire neural computing system, including both the software and the hardware components. This article systematically addresses reliability concerns for ANNs running on multiprocessor system-on-a-chips (MPSoCs). It presents a methodology to assign resilience scores to individual neurons and, based on that, schedule the workload of an ANN on the target MPSoC so that critical neurons are neatly distributed among the available processing elements. This reliability-oriented methodology exploits an integer linear programming solver to find the optimal solution. Experimental results are given for three different convolutional neural networks trained on MNIST, SVHN, and CIFAR-10. We carried out a comprehensive assessment on an open-source artificial intelligence-based RISC-V MPSoC. The results show the reliability improvements of the proposed methodology against the traditional scheduling

Evaluation and mitigation of faults affecting Swin Transformers

In the last decade, a huge effort has been spent on assessing the reliability of Convolutional Neural networks (CNNs), probably the most popular architecture for image classification tasks. However, modern Deep Neural Networks (DNNs) are rapidly overtaking CNNs, as state-of-the-art results for many tasks are achieved with the Transformers, innovative DNN models. Transformers' architecture introduces the concept of attention as an alternative to the classical convolution operation. The aim of this work is to propose a reliability analysis of the Swin Transformer, one of the most accurate DNN used for Image Classification, that greatly improves the results obtained by traditional CNNs. In particular, this paper shows that, similar to CNNs, Transformers are susceptible to single faults affecting weights and neurons. Furthermore, it is shown how output ranging, a well-known technique to reduce the impact of a fault in CNNs, is not as effective for the Transformer. The alternative solution proposed by this work is to introduce a ranging not only on the output, but also on the input and on the weight of the fully connected layers. Results show that, on average, the number of critical faults (i.e., that modify the network's output) affecting neurons decreases by a factor of 1.91, while for faults affecting the network's weights this value decreases by a factor of 1 * 10 ^ 5

Evaluating Convolutional Neural Networks Reliability depending on their Data Representation

Safety-critical applications are frequently based on deep learning algorithms. In particular, Convolutional Neural Networks (CNNs) are commonly deployed in autonomous driving applications to fulfil complex tasks such as object recognition and image classification. Ensuring the reliability of CNNs is thus becoming an urgent requirement since they constantly behave in human environments. A common and recent trend is to replace the full-precision CNNs to make way for more optimized models exploiting approximation paradigms such as reduced bit-width data type. If from one hand this is poised to become a sound solution for reducing the memory footprint as well as the computing requirements, it may negatively affect the CNNs resilience. The intent of this work is to assess the reliability of a CNN-based system when reduced bit-widths are used for the network parameters (i.e., synaptic weights). The approach evaluates the impact of permanent faults in CNNs by adopting several bit-width schemes and data types, i.e., floating-point and fixed-point. This determines the trade-off between the CNN accuracy and the bits required to represent network weights. The characterization is performed through a fault injection environment built on the darknet open source framework. Experimental results show the effects of permanent fault injections on the weights of LeNet-5 CNN

Open-Set Recognition: an Inexpensive Strategy to Increase DNN Reliability

Deep Neural Networks (DNNs) are nowadays widely used in low-cost accelerators, characterized by limited computational resources. These models, and in particular DNNs for image classification, are becoming increasingly popular in safety-critical applications, where they are required to be highly reliable. Unfortunately, increasing DNNs reliability without computational overheads, which might not be affordable in low-power devices, is a non-trivial task. Our intuition is to detect network executions affected by faults as outliers with respect to the distribution of normal network's output. To this purpose, we propose to exploit Open-Set Recognition (OSR) techniques to perform Fault Detection in an extremely low-cost manner. In particuar, we analyze the Maximum Logit Score (MLS), which is an established Open-Set Recognition technique, and compare it against other well-known OSR methods, namely OpenMax, energy-based out-of-distribution detection and ODIN. Our experiments, performed on a ResNet-20 classifier trained on CIFAR-10 and SVHN datasets, demonstrate that MLS guarantees satisfactory detection performance while adding a negligible computational overhead. Most remarkably, MLS is extremely convenient to configure and deploy, as it does not require any modification or re-training of the existing network. A discussion of the advantages and limitations of the analysed solutions concludes the paper

A Model-Based Framework to Assess the Reliability of Safety-Critical Applications

Solutions based on artificial intelligence and brain-inspired computations like Artificial Neural Networks (ANNs) are suited to deal with the growing computational complexity required by state-of-the-art electronic devices. Many applications that are being deployed using these computational models are considered safety-critical (e.g., self-driving cars), producing a pressing need to evaluate their reliability. Besides, state-of-the-art ANNs require significant memory resources to store their parameters (e.g., weights, activation values), which goes outside the possibility of many resource-constrained embedded systems. In this light, Approximate Computing (AxC) has become a significant field of research to improve memory footprint, speed, and energy consumption in embedded and high-performance systems. The use of AxC can significantly reduce the cost of ANN implementations, but it may also reduce the inherent resiliency of this kind of application. On this scope, reliability assessments are carried out by performing fault injection test campaigns. The intent of the paper is to propose a framework that, relying on the results of radiation tests in Commercial-Off-The-Shelf (COTS) devices, is able to assess the reliability of a given application. To this end, a set of different radiation-induced errors in COTS memories is presented. Upon these, specific fault models are extracted to drive emulation-based fault injections

Selective Hardening of Critical Neurons in Deep Neural Networks

In the literature, it is argued that Deep Neural Networks (DNNs) possess a certain degree of robustness mainly for two reasons: their distributed and parallel architecture, and their redundancy introduced due to over provisioning. Indeed, they are made, as a matter of fact, of more neurons with respect to the minimal number required to perform the computations. It means that they could withstand errors in a bounded number of neurons and continue to function properly. However, it is also known that different neurons in DNNs have divergent fault tolerance capabilities. Neurons that contribute the least to the final prediction accuracy are less sensitive to errors. Conversely, the neurons that contribute most are considered critical because errors within them could seriously compromise the correct functionality of the DNN. This paper presents a software methodology based on a Triple Modular Redundancy technique, which aims at improving the overall reliability of the DNN, by selectively protecting a reduced set of critical neurons. Our findings indicate that the robustness of the DNNs can be enhanced, clearly, at the cost of a larger memory footprint and a small increase in the total execution time. The trade-offs as well as the improvements are discussed in the work by exploiting two DNN architectures: ResNet and DenseNet trained and tested on CIFAR-10

Simulation and Formal: The Best of Both Domains for Instruction Set Verification of RISC-V Based Processors

The instruction set architecture (ISA) specifies a contract between hardware and software; it covers all possible operations that have to be performed by a processor, regardless of the implemented architecture. Verifying the instruction execution against a golden execution model following the ISA is becoming a common practice to verify processors. Despite many potential applications, existing verification frameworks require an extensive test set to cover most of the processor states. In this paper, we suggest a verification scheme combining two different domains, simulation- and formal-verification, establishing a methodology for exclusive error detection. The first approach drives automatic program generation using genetic algorithms to maximize coverage of the test and the contrast against an instruction set simulator. The second is a formal verification approach, where an interface carries specific processor states according to the ISA specification. By combining these two, we present a reliable way to perform more accurate instruction verification by increasing processor state coverage and formal assertions to detect different kinds of errors. Compared to extensive torture test sets, this approach reaches a more significant number of internal states by taking advantage of the exercised abstractions. Among remarkable results to highlight, the proposed approach detected a RISC-V ISA specification gap revealing ambiguity from two different verification perspectives

A Decentralized Scheduler for On-line Self-test Routines in Multi-core Automotive System-on-Chips

Modern System-on-Chips (SoCs) deployed for safety-critical applications typically embed one or more processing cores along with a variable number of peripherals. The compliance of such designs with functional safety standards is achieved by a combination of different techniques based on hardware redundancy and in-field test mechanisms. Among these, Software Test Libraries (STLs) are rapidly becoming adopted for testing the CPU and peripherals modules. The STL is usually composed of two sets of self-test procedures: boot-time and run-time tests. The former set is typically executed during the boot or power-on phase of the SoC since it requires full access to the available hardware (e.g., these programs need to manipulate the Interrupt Vector Table and to access the system RAM). The latter set instead, is designed to coexist with the user application and can be executed without requiring special constraints. When the STL is intended for testing the different cores within a multi-core SoC, the concurrent execution of the boot-time self-tests becomes an issue since this could lead to a longer power-up phase and excessive utilization of system resources. The main intent of this work is to present the architecture of a decentralized software scheduler, conceived for the concurrent execution of the STL on the available cores. The proposed solution considers the typical constraints of an STL in a multi-core scenario when deployed in field, namely minimum system resources usage (i.e., code and data memory). The effectiveness of the proposed scheduler was experimentally evaluated on an industrial STL developed for a multi-core SoC manufactured by STMicroelectronics