For many IoT domains, Machine Learning and more particularly Deep Learning brings very efficient solutions to handle complex data and perform challenging and mostly critical tasks. However, the deployment of models in a large variety of devices faces several obstacles related to trust and security. The latest is particularly critical since the demonstrations of severe flaws impacting the integrity, confidentiality and accessibility of neural network models. However, the attack surface of such embedded systems cannot be reduced to abstract flaws but must encompass the physical threats related to the implementation of these models within hardware platforms (e.g., 32-bit microcontrollers). Among physical attacks, Fault Injection Analysis (FIA) are known to be very powerful with a large spectrum of attack vectors. Most importantly, highly focused FIA techniques such as laser beam injection enable very accurate evaluation of the vulnerabilities as well as the robustness of embedded systems. Here, we propose to discuss how laser injection with state-of-the-art equipment, combined with theoretical evidences from Adversarial Machine Learning, highlights worrying threats against the integrity of deep learning inference and claims that join efforts from the theoretical AI and Physical Security communities are a urgent need.

中文翻译：

---

针对嵌入式神经网络模型的激光注入概述

对于许多物联网领域，机器学习（尤其是深度学习）提供了非常有效的解决方案来处理复杂数据并执行具有挑战性且最关键的任务。但是，模型在多种设备中的部署面临与信任和安全性相关的若干障碍。由于严重缺陷的演示会影响神经网络模型的完整性，机密性和可访问性，因此最新的消息尤为重要。但是，此类嵌入式系统的攻击面不能简化为抽象缺陷，而必须包含与在硬件平台（例如32位微控制器）中实现这些模型有关的物理威胁。在物理攻击中，众所周知，故障注入分析​​（FIA）具有强大的攻击向量范围。最重要的是，高度聚焦的FIA技术（例如激光束注入）能够非常准确地评估嵌入式系统的漏洞以及鲁棒性。在这里，我们提议讨论使用最先进的设备进行激光注入，再结合对抗性机器学习的理论证据，重点介绍对深度学习推理完整性造成的令人担忧的威胁，并主张结合理论AI和物理安全性的努力社区是当务之急。