Work-in-Progress: Towards Evaluating CNNs Against Integrity Attacks on Multi-tenant Computation

We present an infrastructure for evaluating CNN models for vulnerability against a variety of integrity attacks. Our focus is on attacks that corrupt CNN computations with an impact on prediction/classification accuracy. The attack model encompasses a variety of mechanisms including injection of faults and glitches, integrity attacks on compute resources, etc. Our tool enables users to explore a variety of attack configurations, targets, and accuracy drops tolerated by the model. Experiments with our tool on publicly available CNN models show the vulnerability between layers is different, which can be exploited to protect important parts of the computation even when deployed on untrusted accelerators.