{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:09:16Z","timestamp":1750219756754,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,29]],"date-time":"2023-10-29T00:00:00Z","timestamp":1698537600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,29]]},"DOI":"10.1145\/3623652.3623665","type":"proceedings-article","created":{"date-parts":[[2023,10,27]],"date-time":"2023-10-27T23:00:42Z","timestamp":1698447642000},"page":"38-46","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["DINAR: Enabling Distribution Agnostic Noise Injection in Machine Learning Hardware"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2541-1549","authenticated-orcid":false,"given":"Karthik","family":"Ganesan","sequence":"first","affiliation":[{"name":"The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1892-7802","authenticated-orcid":false,"given":"Viktor","family":"Karyofyllis","sequence":"additional","affiliation":[{"name":"The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9998-6936","authenticated-orcid":false,"given":"Julianne","family":"Attai","sequence":"additional","affiliation":[{"name":"The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8605-1393","authenticated-orcid":false,"given":"Ahmed","family":"Hamoda","sequence":"additional","affiliation":[{"name":"The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0526-2080","authenticated-orcid":false,"given":"Natalie","family":"Enright Jerger","sequence":"additional","affiliation":[{"name":"The Edward S. Rogers Sr. Department of Electrical and Computer Engineering, University of Toronto, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,10,29]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3226070"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ETECTE55893.2022.10007322"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3015432"},{"key":"e_1_3_2_1_5_1","unstructured":"Apple. 2017. Learning with Privacy at Scale. https:\/\/docs-assets.developer.apple.com\/ml-research\/papers\/learning-with-privacy-at-scale.pdf."},{"key":"e_1_3_2_1_6_1","volume-title":"Near-DRAM acceleration with single-ISA heterogeneous processing in standard memory modules","author":"Hadi","year":"2016","unstructured":"Hadi Asghari-Moghaddam 2016. Near-DRAM acceleration with single-ISA heterogeneous processing in standard memory modules. IEEE Micro 36, 1 (2016)."},{"key":"e_1_3_2_1_7_1","volume-title":"On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses. https:\/\/arxiv.org\/abs\/1804","author":"Athalye Anish","year":"2018","unstructured":"Anish Athalye and Nicholas Carlini. 2018. On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses. https:\/\/arxiv.org\/abs\/1804.03286"},{"key":"e_1_3_2_1_8_1","unstructured":"Anish Athalye Nicholas Carlini and David Wagner. 2018. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. https:\/\/arxiv.org\/abs\/1802.00420"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2815985"},{"key":"e_1_3_2_1_10_1","volume-title":"A Survey on Differential Privacy with Machine Learning and Future Outlook. arXiv preprint arXiv:2211.10708","author":"Baraheem Samah","year":"2022","unstructured":"Samah Baraheem and Zhongmei Yao. 2022. A Survey on Differential Privacy with Machine Learning and Future Outlook. arXiv preprint arXiv:2211.10708 (2022)."},{"key":"e_1_3_2_1_11_1","volume-title":"A Survey on Machine Learning Accelerators and Evolutionary Hardware Platforms","author":"Sathwika Bavikadi","year":"2022","unstructured":"Sathwika Bavikadi 2022. A Survey on Machine Learning Accelerators and Evolutionary Hardware Platforms. IEEE Design and Test 39, 3 (2022)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9474001"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177706645"},{"key":"e_1_3_2_1_14_1","unstructured":"Anirban Chakraborty 2018. Adversarial Attacks and Defences: A Survey. https:\/\/arxiv.org\/abs\/1810.00069"},{"key":"e_1_3_2_1_15_1","volume-title":"Eyeriss: An energy-efficient reconfigurable accelerator for deep convolutional neural networks","author":"Yu-Hsin","year":"2016","unstructured":"Yu-Hsin Chen 2016. Eyeriss: An energy-efficient reconfigurable accelerator for deep convolutional neural networks. IEEE journal of solid-state circuits 52, 1 (2016), 127\u2013138."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00053"},{"key":"e_1_3_2_1_17_1","volume-title":"Empowering Data Centers for Next Generation Trusted Computing. arXiv preprint arXiv:2211.00306","author":"Dhar Aritra","year":"2022","unstructured":"Aritra Dhar, Supraja Sridhara, Shweta Shinde, Srdjan Capkun, and Renzo Andri. 2022. Empowering Data Centers for Next Generation Trusted Computing. arXiv preprint arXiv:2211.00306 (2022)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/11787006_1"},{"key":"e_1_3_2_1_19_1","unstructured":"Hassan Edrees 2009. Hardware-Optimized Ziggurat Algorithm for High-Speed Gaussian Random Number Generators. In ERSA. 254\u2013260."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 38th International Conference on Machine Learning. PMLR.","author":"Eustratiadis Panagiotis","year":"2021","unstructured":"Panagiotis Eustratiadis, Henry Gouk, Da Li, and Timothy Hospedales. 2021. Weight-covariance alignment for adversarially robust neural networks. In Proceedings of the 38th International Conference on Machine Learning. PMLR."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056040"},{"key":"e_1_3_2_1_22_1","volume-title":"Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In 23rd USENIX Security Symposium.","author":"Fredrikson Matthew","year":"2014","unstructured":"Matthew Fredrikson 2014. Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing. In 23rd USENIX Security Symposium."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480082"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2015.2504972"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA52012.2021.00084"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Ian\u00a0J. Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and Harnessing Adversarial Examples. https:\/\/doi.org\/10.48550\/ARXIV.1412.6572","DOI":"10.48550\/ARXIV.1412.6572"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCSII.2012.2204119"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00068"},{"key":"e_1_3_2_1_29_1","volume-title":"GuardNN: Secure DNN accelerator for privacy-preserving deep learning. arXiv preprint arXiv:2008.11632","author":"Hua Weizhe","year":"2020","unstructured":"Weizhe Hua, Muhammad Umar, Zhiru Zhang, and G.\u00a0Edward Suh. 2020. GuardNN: Secure DNN accelerator for privacy-preserving deep learning. arXiv preprint arXiv:2008.11632 (2020)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3195970.3196105"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/HOST55118.2023.10133266"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD51958.2021.9643551"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00132"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833672"},{"key":"e_1_3_2_1_35_1","volume-title":"Torchattacks: A pytorch repository for adversarial attacks. https:\/\/arxiv.org\/abs\/2010.01950","author":"Kim Hoki","year":"2020","unstructured":"Hoki Kim. 2020. Torchattacks: A pytorch repository for adversarial attacks. https:\/\/arxiv.org\/abs\/2010.01950"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3173176"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00044"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/FPT.2006.270388"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2006.81"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.5555\/2051002.2051032"},{"key":"e_1_3_2_1_41_1","unstructured":"Aleksander Madry 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. https:\/\/arxiv.org\/abs\/1706.06083"},{"key":"e_1_3_2_1_42_1","volume-title":"International Conference on Learning Representations.","author":"Madry Aleksander","year":"2018","unstructured":"Aleksander Madry 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/HOST49136.2021.9702287"},{"key":"e_1_3_2_1_44_1","volume-title":"Gaussian random number generation: A survey on hardware architectures. ACM Computing Surveys (CSUR) 49, 3","author":"Malik Jamshaid\u00a0Sarwar","year":"2016","unstructured":"Jamshaid\u00a0Sarwar Malik and Ahmed Hemani. 2016. Gaussian random number generation: A survey on hardware architectures. ACM Computing Surveys (CSUR) 49, 3 (2016)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378522"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3449965"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382264"},{"key":"e_1_3_2_1_48_1","unstructured":"Chaya Nayak. 2020. New privacy-protected Facebook data for independent research on social media\u2019s impact on democracy. https:\/\/research.facebook.com\/blog\/2020\/2\/new-privacy-protected-facebook-data-for-independent-research-on-social-medias-impact-on-democracy\/."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.41"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO56248.2022.00084"},{"key":"e_1_3_2_1_51_1","first-page":"8024","article-title":"PyTorch: An Imperative Style, High-Performance Deep Learning Library","volume":"32","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In Advances in Neural Information Processing Systems 32. 8024\u20138035. http:\/\/papers.neurips.cc\/paper\/9015-pytorch-an-imperative-style-high-performance-deep-learning-library.pdf","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_52_1","volume-title":"On the Intrinsic Robustness of NVM Crossbars Against Adversarial Attacks. In 2021 58th ACM\/IEEE Design Automation Conference (DAC).","author":"Roy Deboleena","year":"2021","unstructured":"Deboleena Roy, Indranil Chakraborty, Timur Ibrayev, and Kaushik Roy. 2021. On the Intrinsic Robustness of NVM Crossbars Against Adversarial Attacks. In 2021 58th ACM\/IEEE Design Automation Conference (DAC)."},{"key":"e_1_3_2_1_53_1","unstructured":"Deboleena Roy Chun Tao Indranil Chakraborty and Kaushik Roy. 2021. On the Noise Stability and Robustness of Adversarially Trained Networks on NVM Crossbars. https:\/\/arxiv.org\/abs\/2109.09060"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/12.295858"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354211"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the Workshop on Distributed and Private Machine Learning (DPML) co-located with ICLR.","author":"Titcombe Tom","year":"2021","unstructured":"Tom Titcombe 2021. Practical defences against model inversion attacks for split neural networks. In Proceedings of the Workshop on Distributed and Private Machine Learning (DPML) co-located with ICLR."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3310273.3323070"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274696"},{"key":"e_1_3_2_1_59_1","volume-title":"Accelergy: An Architecture-Level Energy Estimation Methodology for Accelerator Designs. In IEEE\/ACM International Conference On Computer Aided Design (ICCAD).","author":"Wu N.","year":"2019","unstructured":"Yannan\u00a0N. Wu, Joel\u00a0S. Emer, and Vivienne Sze. 2019. Accelergy: An Architecture-Level Energy Estimation Methodology for Accelerator Designs. In IEEE\/ACM International Conference On Computer Aided Design (ICCAD)."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3575693.3575738"},{"key":"e_1_3_2_1_61_1","volume-title":"Rethinking feature uncertainty in stochastic neural networks for adversarial robustness. arXiv preprint arXiv:2201.00148","author":"Hao Yang","year":"2022","unstructured":"Hao Yang 2022. Rethinking feature uncertainty in stochastic neural networks for adversarial robustness. arXiv preprint arXiv:2201.00148 (2022)."},{"key":"e_1_3_2_1_62_1","volume-title":"Opacus: User-Friendly Differential Privacy Library in PyTorch. arXiv preprint arXiv:2109.12298","author":"Ashkan Yousefpour","year":"2021","unstructured":"Ashkan Yousefpour 2021. Opacus: User-Friendly Differential Privacy Library in PyTorch. arXiv preprint arXiv:2109.12298 (2021)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1712.07107"},{"key":"e_1_3_2_1_64_1","volume-title":"Proceedings of the IEEE International Conference on Field Programmable Logic and Applications.","author":"Zhang Guanglie","year":"2005","unstructured":"Guanglie Zhang 2005. Ziggurat-based hardware Gaussian random number generator. In Proceedings of the IEEE International Conference on Field Programmable Logic and Applications."},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the International Conference on Learning Representations.","author":"Zhang Huan","year":"2019","unstructured":"Huan Zhang 2019. The Limitations of Adversarial Training and the Blind-Spot Attack. In Proceedings of the International Conference on Learning Representations."}],"event":{"name":"HASP '23: Hardware and Architectural Support for Security and Privacy 2023","acronym":"HASP '23","location":"Toronto Canada"},"container-title":["Proceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623652.3623665","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3623652.3623665","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:00Z","timestamp":1750178220000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623652.3623665"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,29]]},"references-count":65,"alternative-id":["10.1145\/3623652.3623665","10.1145\/3623652"],"URL":"https:\/\/doi.org\/10.1145\/3623652.3623665","relation":{},"subject":[],"published":{"date-parts":[[2023,10,29]]},"assertion":[{"value":"2023-10-29","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}