Hafizul Islam Chowdhuryy

Hafizul Islam Chowdhuryy

Post-doctoral Researcher at Computer Architecture and Systems Research (CASR) Lab

Posts by Collection

portfolio

publications

BranchSpec: Information Leakage Attacks Exploiting Speculative Branch Instruction Executions

Published in IEEE International Conference on Computer Design (ICCD), 2020

Recent studies on attacks exploiting processor hardware vulnerabilities have raised significant concern for information security. Particularly, transient execution attacks such as Spectre augment microarchitectural side channels with speculative executions that lead to exfiltration of secretive data not intended to be accessed. Many prior works have demonstrated the manipulation of branch predictors for triggering speculative executions, and thereafter leaking sensitive information through …

Recommended citation: M. H. I. Chowdhuryy, H. Liu, and F. Yao, “BranchSpec: Information Leakage Attacks Exploiting Speculative Branch Instruction Executions,” in IEEE ICCD, 2020.
Download Paper | Download Slides

NMT-Stroke: Diverting Neural Machine Translation through Hardware-based Faults

Published in International Symposium on Secure and Private Execution Environment Design (SEED), 2021

The rapid development of deep learning has significantly bolstered the performance of natural language processing (NLP) in the form of language modeling. Recent advances in hardware security studies have demonstrated that hardware-based threats can severely jeopardize the integrity of computing systems (e.g., fault attacks for data at rest). Internal adversaries exploiting such hardware vulnerabilities are becoming a major security concern. Yet the impact of hardware faults on systems running …

Recommended citation: K. Cai, M. H. I. Chowdhuryy, Z. Zheng, and F. Yao, “NMT-Stroke: Diverting Neural Machine Translation through Hardware-based Faults,” in IEEE SEED, 2021.
Download Paper

R-SAW: New Side Channels Exploiting Read Asymmetry in MLC Phase Change Memories

Published in International Symposium on Secure and Private Execution Environment Design (SEED), 2021

Phase Change Memory (PCM) is a promising contender for future main memory solutions. While many architecture-level performance optimizations have been studied for PCM, the security implications of these designs are not well understood. This work demonstrates the first investigation of information leakage threats in PCM-based main memories. Notably, we find state-of-the-art read techniques leveraging access latency asymmetry in Multi-level Cell (MLC) PCM introduce new timing variations. To …

Recommended citation: M. H. I. Chowdhuryy, R. Ewetz, A. Awad, and F. Yao, “R-saw: New side channels exploiting read asymmetry in mlc phase change memories,” in IEEE SEED, 2021.
Download Paper | Download Slides

Leaking Secrets Through Modern Branch Predictors in the Speculative World

Published in IEEE Transactions on Computers (TC), 2021

Transient execution attacks that exploit speculation have raised significant concerns in computer systems. Typically, branch predictors are leveraged to trigger mis-speculation in transient execution attacks. In this work, we demonstrate a new class of speculation-based attacks that targets the branch prediction unit (BPU). We find that speculative resolution of conditional branches (i.e., in nested speculation) alter the states of pattern history table (PHT) in modern processors, which are not …

Recommended citation: M. H. I. Chowdhuryy and F. Yao, “Leaking secrets through modern branch predictor in the speculative world,” IEEE TC, 2021.
Download Paper

LADDER: Architecting Content and Location-aware Writes for Crossbar Resistive Memories

Published in IEEE/ACM International Symposium on Microarchitecture (MICRO), 2022

Resistive memories (ReRAM) organized in the form of crossbars are promising for main memory integration. While offering high cell density, crossbar-based ReRAMs suffer from variable write latency requirement for RESET operations due to the varying impact of IR drop, which jointly depends on the data pattern of the crossbar and the location of target cells being RESET. The exacerbated worst-case RESET latencies can significantly limit system performance. In this paper, we propose LADDER, an …

Recommended citation: M. H. I. Chowdhuryy, M. R. H. Rashed, A. Awad, R. Ewetz, and F. Yao, “Ladder: Architecting content and location-aware writes for crossbar resistive memories,” in IEEE MICRO, 2021.
Download Paper | Download Slides

DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories

Published in IEEE Symposium on Security and Privacy (SP), 2022

Recent advancements in Deep Neural Networks (DNNs) have enabled widespread deployment in multiple security-sensitive domains. The need for resource-intensive training and the use of valuable domain-specific training data have made these models the top intellectual property (IP) for model owners. One of the major threats to DNN privacy is model extraction attacks where adversaries attempt to steal sensitive information in DNN models. In this work, we propose an advanced model extraction …

Recommended citation: M. H. I. Chowdhuryy, A. S. Rakin, F. Yao, and D. Fan, “Deepsteal: Advanced model extractions leveraging efficient weight stealing in memories,” 2022.
Download Paper | Download Slides

Understanding and Characterizing Side Channels Exploiting Phase-Change Memories

Published in IEEE Micro, 2023

Recent advances in nonvolatile memory (NVM), together with their performance-optimized architectural schemes, position NVMs as promising building blocks for future main memory. However, the security of such techniques has not been explored. This article performs the first study on information leakage threats in phase-change memories (PCM). We propose an attack framework, read-saw (R-SAW), that systematically investigates side channel vulnerabilities in representative read techniques under …

Recommended citation: M. H. I. Chowdhuryy, R. Ewetz, A. Awad, and F. Yao, “Understanding and characterizing side channels exploiting phase-change memories,” IEEE Micro, 2023.
Download Paper

BeKnight: Guarding Against Information Leakage in Speculatively Updated Branch Predictors

Published in IEEE/ACM International Conference on Computer Aided Design (ICCAD), 2023

Information leakage through processor microarchi-tectural components exploiting speculative execution is raising significant security concerns. Modern commercial processors incorporate branch predictor designs where internal states of branch predictor structures are speculatively updated. Recent studies have shown that speculatively updated branch predictors allow side channel exploitation in the speculative domain, extending branch predictors to be another source of transmitting medium in …

Recommended citation: M. H. I. Chowdhuryy, Z. Zhang, and F. Yao, “Beknight: Guarding against information leakage in speculatively updated branch predictors,” in IEEE ICCAD, 2023.
Download Paper | Download Slides

D-Shield: Enabling Processor-side Encryption and Integrity Verification for Secure NVMe Drives

Published in IEEE International Symposium on High-Performance Computer Architecture (HPCA), 2023

Ensuring the confidentiality and integrity of data stored in storage disks is essential to protect users’ sensitive and private data. Recent developments of hardware-based attacks have motivated the need to secure storage data not only at rest but also in transit. Unfortunately, existing techniques such as software-based disk encryption and hardware-based self-encrypting disks fail to offer such comprehensive protection in today’s adversarial settings. With the advances of NVMe SSDs promising …

Recommended citation: M. H. I. Chowdhuryy, M. Jung, F. Yao, and A. Awad, “D-shield: Enabling processor-side encryption and integrity verification for secure nvme drives,” in IEEE HPCA, 2023.
Download Paper | Download Slides

PowSpectre: Powering Up Speculation Attacks with TSX-based Replay

Published in ACM Asia Conference on Computer and Communications Security (ASIACCS), 2024

Trusted execution environment (TEE) offers data protection against malicious system software. However, the TEE (e.g., Intel SGX) threat model exacerbates information leakage as attackers can enhance and denoise the observations from hardware-based side channels through controlled victim execution (i.e., replay). The replay mechanism is especially critical for side channels from physical traces (e.g., power consumption) that not only vary instantaneously but also necessitate successive …

Recommended citation: M. H. I. Chowdhuryy, Z. Zhang, and F. Yao, “Powspectre: Powering up speculation attacks with tsx-based replay,” in ACM ASIACCS, 2024.
Download Paper | Download Slides

DeepVenom: Persistent DNN Backdoors Exploiting Transient Weight Perturbations in Memories

Published in IEEE Symposium on Security and Privacy (SP), 2024

Backdoor attacks have raised significant concerns in machine learning (ML) systems. Mainstream ML backdoor attacks typically involve either poisoning the victim’s training samples or pre-training poisoned models for use by victim users. Meanwhile, recent advances in hardware-based threats reveal that ML model integrity at inference-time can be seriously tampered by inducing transient faults in model weights. However, the adversarial impacts of such hardware fault attacks at training time have …

Recommended citation: K. Cai, M. H. I. Chowdhuryy, Z. Zhang, and F. Yao, “Deepvenom: Persistent dnn backdoors exploiting transient weight perturbations,” in IEEE S&P, 2024
Download Paper | Download Slides

MetaLeak: Uncovering Side Channels in Secure Processor Architectures Exploiting Metadata

Published in IEEE/ACM Annual International Symposium on Computer Architecture (ISCA), 2024

Microarchitectural side channels raise severe security concerns. Recent studies indicate that microarchitecture security should be examined holistically (rather than separately) in systems. Although the effects of performance optimizations on side channels are widely studied, the impacts of integrating security mechanisms intended for other threats on microarchitecture security are not well explored. In this paper, we perform the first side channel exploration in secure processor architectures …

Recommended citation: M. H. I. Chowdhuryy, H. Zheng, and F. Yao, “Metaleak: Uncovering side channels in secure memory architectures exploiting metadata,” in IEEE ISCA, 2024.
Download Paper | Download Slides

IvLeague: Side Channel-resistant Secure Architectures Using Isolated Domains of Dynamic Integrity Trees

Published in IEEE/ACM International Symposium on Microarchitecture (MICRO), 2024

Modern secure processors rely on hardware-assisted encryption and tree-based integrity verification to protect off-chip data. However, despite extensive research on performance optimization, there is a significant lack of emphasis on side channel vulnerabilities in secure architectures. Given the strong focus on data security, it is critical to ensure that the integration of new design elements into secure architectures does not inadvertently introduce additional vulnerabilities. Existing …

Recommended citation: M. H. I. Chowdhuryy and F. Yao, “IvLeague: Side Channel-resistant Secure Architectures Using Isolated Domains of Dynamic Integrity Trees,” IEEE MICRO, 2024.
Download Paper | Download Slides

Phantom: Privacy-Preserving Deep Neural Network Model Obfuscation in Heterogeneous TEE and GPU System

Published in USENIX Security Symposium (USENIX Security), 2025

Privacy-preserving deep neural network (DNN) model inference is critical in many real-world applications. Trusted Execution Environments (TEEs) provide hardware-based security guarantees but suffer from performance bottlenecks due to limited computational resources. While GPU acceleration is essential for DNN workloads, integrating GPUs with TEEs introduces new challenges in maintaining model privacy. In this work, we present Phantom, a privacy-preserving DNN model obfuscation framework that operates in heterogeneous TEE and GPU systems…

Recommended citation: J. Bai, M. H. I. Chowdhuryy, J. Li, F. Yao, C. Chakrabarti, and D. Fan, "Phantom: Privacy-Preserving Deep Neural Network Model Obfuscation in Heterogeneous TEE and GPU System," in USENIX Security, 2025.
Download Paper

talks

teaching

Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.