Yicheng(亦成) Zhang

I am a Ph.D. at UC Riverside, where I am fortunately advised by Prof. Nael Abu-Ghazaleh.

Prior to that, I received my M.Sc. from UC Irvine, and my B.S. from Sichuan University. I worked with Prof. Mohammad Abdullah Al Faruque and Prof. Zhou Li in the past.

My interest lies in computer security and computer architecture.

Email /  CV  /  Scholar  /  Github  /  LinkedIn  /  Twitter

Recent News

– November 2022: One paper accepted by [Usenix Security 2023]. My 1st Security Big 4!

– May 2022: Got acceptance to attend [gem5 Bootcamp'22].

– July 2021: Received student travel grant from [Usenix Security 2021].

– July 2021: One paper accepted by [IEEE TIFS].

– May 2021: Received student travel grant from [S&P’21].

Ph.D. in Electrical Engineering 2021-2025
University of California, Riverside | Riverside, California
M.Sc. in Computer Engineering 2018-2020
University of California, Irvine | Irvine, California
B.S. in Electrical Engineering and Automation 2014-2018
Sichuan University | Chengdu, Sichuan

Stealing Neural Network Structure through Remote FPGA Side-channel Analysis
Yicheng Zhang, Rozhin Yasaei, Hao Chen, Zhou Li, Mohammad Abdullah Al Faruque
Accepted by IEEE Transactions on Information Forensics and Security (TIFS), August, 2021.
PDF / Slides / Poster / BibTex

We explore whether the structural secret (layers and hyper-parameters) of a victim DNN model can be inferred by a remote attacker who shares the same FPGA board. We show by implementing on-chip RO-based power monitors, the power consumption of the victim DNN can be sampled at high resolution, which guarantees all layers and hyper-parameters can be reconstructed at high accuracy.


Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel
Junyi Wei*, Yicheng Zhang*, Zhe Zhou, Zhou Li, Mohammad Abdullah Al Faruque
*Junyi Wei and Yicheng Zhang are both first author.
Accepted by Proceedings of the 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Valencia, Spain, June, 2020.
(48/291=16.5% acceptance rate) 
PDF / Slides / Video / Code / BibTex

We exploit the GPU side-channel based on context-switching penalties. This side-channel allows us to extract the fine-grained structural secret of a DNN model, including its layer composition and hyper-parameters. Leveraging this side-channel, we developed an attack prototype named MosConS, which applies LSTM-based inference models to identify the structural secret.

Honors and Awards
Student Travel Grant | 30th USENIX Security Symposium 2021
Student Travel Grant | 42nd IEEE Symposium on Security and Privacy 2021
Dean's Distinguished Fellowship Award | UC Riverside 2021
Sichuan University Scholarship | Sichuan University 2014-2018
Outstanding Students Leader | Sichuan University 2016

While at UC Irvine, I was a teaching assistant for the following courses:

Continuous-Time Signals and Systems
TA for EECS150 - Winter 2020

Sytem Software
TA for EECS111 - Spring 2020

Object Oriented System Programming
TA for EECS40 - Fall 2020

Next Generation Search Systems
TA for CS125 - Winter 2021

Organization of Digital Computers
TA for EECS112 - Spring 2021

Professional Service

Reviewer: ICPS' 20, CYBER' 21, CYBER' 22

Sub-reviewer: DATE'19/'20, CODES+ISSS'20, NDSS'20, DSN'20, RTSS'21, MICRO'22, HPCA'22

Artifact Evaluation: MICRO'22

About me

In my free time, I love to ride road bikes. In the summer of 2018, I cycled around Taiwan Province with my friends. I was a member of University of California Irvine Cycling Club and was the leader of Sichuan University Cycling Club.

Also, I like to capture the beautiful moments of our life stories with my wife, Jinrun.

Subscribe our bilibili channel and watch our Vlog! (๑•̀ㅂ•́)و✧

A road to be a good researcher in computer architecture & security.

Awesome webpage from Jon Barron.