Business as Usual? Computing Security in the Age of AI
Many existing foundational security technologies and standards will be more relevant and important than ever in the age of AI.
By
Richard Grisenthwaite, EVP, Chief Architect & Fellow, Arm
Artificial Intelligence (AI)Security
Share
As with any technology revolution, AI presents both opportunities and challenges to people’s digital experiences. Alongside its potentially transformative impact, AI also presents unique security threats, with a vast amount of sensitive data being collected, held, and then used to provide highly personalized technology experiences to the end-user. The focus on security is driving industry and government discussions as we work on solutions to maximize AI’s benefits and minimize any potential societal impact.
Security has always been in Arm’s DNA. Addressing security challenges is fundamental to Arm being the
technology foundation for AI everywhere. While AI is accelerating technology innovation on an unprecedent scale, Arm’s foundational security technologies deployed in our industry-leading IP and paired with standards will continue to play a significant role managing fresh security threats in the ongoing evolution of AI.
Security’s role in AI at the edge
As AI becomes more ubiquitous, we expect significant growth in AI inference workloads being run at the edge of the network – on the devices. Inference requires less compute power as it uses an already trained model, with this supporting the broader drive for more efficient AI computing at the edge. This provides quicker user experiences with less delays, as the processing of AI workloads happens closer to where the data is captured.
From a security perspective, this distribution of AI to the edge brings benefits to businesses and users. A key security benefit is that sensitive user data can be handled and processed on the actual device, rather than being sent to third parties to process. This allows both businesses and consumers to have more control of their data.
There are plenty of great AI-based security use cases currently, but a good example that really showcases the benefits of AI at the edge is smart vision. Intelligent cameras are being developed and deployed in homes, care homes and hospitals as a way of monitoring elderly relatives in case they fall. Being able to process the image and scene recognition on the actual device creates an inherently more secure system, removing the risk that comes from sending sensitive information to a third-party for processing. This also makes it far more acceptable to have these cameras in environments where they are most needed, which is often where significant privacy concerns exist.
Trusting the hardware
However, businesses need to be able to trust this hardware, especially in the age of AI where they want to protect their expensively generated AI models from attacks. The demand for secure hardware was reflected in the recent
PSA Certified 2023 Security report, which showed that 69 percent of technology decision makers are willing to pay a premium to secure devices, with 65 percent specifically looking for security credentials during purchasing decisions. It is fundamental that edge devices are effectively secured against malicious attackers who wish to steal the intellectual property of AI and machine learning (ML) based models.
Processor security
The move towards AI at the edge is taking place on the CPU, whether it is handling workloads in their entirety or in combination with a co-processor like a GPU or NPU. With a significant amount of AI computing happening on the CPU, security in the age of AI depends on how secure the CPU is. This is why securing AI is very much dependent on the basics of securing compute.
Deploying code using AI and ML tools and frameworks helps identify security vulnerabilities, but the same technologies can be used by attackers to identify areas to exploit in millions of lines of code. This means that computer architects need to continue their efforts to improve the security of computing systems. This is something that Arm has done for years, where we continuously develop and invest in new security architecture features.
Memory Tagging Extension
One of these features is
Arm’s Memory Tagging Extension (MTE), which is built into the Arm architecture across Arm’s latest v9 CPUs. MTE allows for the dynamic identification of both spatial and temporal memory safety issues, with these accounting for 70 percent of all serious security bugs. These security threats will continue to persist as AI evolves.
MTE is already being embraced by the mobile market. MediaTek has implemented the technology on its
Arm-based Dimensity 9300 system-on-chip (SoC) for flagship smartphones, while
Google has enabled MTE in Android 14. Vivo, which is adopting Dimensity 9300 in its new X100 and X100 Pro flagship smartphones, recently announced a memory safety developer program which makes MTE available to its developer community. These commitments to enabling MTE across the mobile ecosystem will deliver better, more secure user experiences and a quicker time-to-market for millions of developers worldwide. It is likely that we will see MTE used beyond mobile in high-performance IoT markets that feature devices using Arm’s A-profile processors.
Arm security technologies
As part of the Armv9 architecture, we announced
Realm Management Extensions, which is the basis of the of
Arm Confidential Compute architecture. This helps to secure the data running virtual machines from attacks arising from the hypervisor being compromised. There is a clear need for this technology in data centers that are being used to train advanced ML models, but it will also be important to secure edge computing systems across IoT markets where trained ML models will be deployed.
We have also introduced
Pointer Authentication (PAC) and Branch Target Identification (BTI) as security technologies that are built into the Armv9 architecture to provide far stronger protections against code reuse attacks like Return-Orientated Programming (ROP) and Jump-Orientated Programming (JOP). This is important in the age of AI because attackers will be able to use AI and ML-based tools to develop sophisticated ways of reusing code that already exists. PAC and BTI are being deployed across the A-profile and M-profile Arm architectures that are used in consumer technology and IoT markets.
Finally, Arm continues to work in partnership with the industry on our security framework and certification scheme,
PSA Certified, with a mission to create a baseline of best practice for all connected devices. Built in from the core, this helps to improve the basic security hygiene of systems and fulfil the consumer expectation that if devices scale then they should be secure, with this targeting IoT devices built on the A-profile and M-profile Arm architectures.
The future of security with Morello
Alongside these existing security features, Arm is always looking at new technologies, standards, and collaborations to advance security.
Morello is one great example, with this program focusing on new ways to design CPU architecture that make processors more robust and deter certain key security breaches. In collaboration with the University of Cambridge and SRI International, this has led to a prototype technology that, if successful, could be implemented in future hardware.
Accelerating security in age of AI
AI and ML-based technologies are becoming more pervasive across every corner of computing. This will bring opportunities and challenges for security, especially as more AI workloads move to the edge.
Alongside the fast-paced AI-based innovation, the fundamental hygiene principle of security will still be required. In fact, many Arm foundational security technologies that are already in place today will be more relevant than ever in the age of AI.
This is why we are fully committed to advancing the security of our architecture, IP and processors and supporting technology components and standards that it generates. This will continue to accelerate as we add more AI and ML capabilities, with Arm being the secure compute platform for the world’s AI-based experiences.
