We explore security aspects of a new computing paradigm that combines novel memristors and traditional Complimentary Metal Oxide Semiconductor (CMOS) to construct a highly efficient analog and/or digital fabric that is especially well-suited to Machine Learning (ML) inference processors for Radio Frequency (RF) signals. Memristors have different properties than traditional CMOS which can potentially be exploited by attackers. In addition, the mixed signal approximate computing model has different vulnerabilities than traditional digital implementations. However both the memristor and the ML computation can be leveraged to create security mechanisms and countermeasures ranging from lightweight cryptography, identifiers (e.g. Physically Unclonable Functions (PUFs), fingerprints, and watermarks), entropy sources, hardware obfuscation and leakage/attack detection methods. Three different threat models are proposed: 1) Supply Chain, 2) Physical Attacks, and 3) Remote Attacks. For each threat model, potential vulnerabilities and defenses are identified. This survey reviews a variety of recent work from the hardware and ML security literature and proposes open problems for both attack and defense. The survey emphasizes the growing area of RF signal analysis and identification in terms of the commercial space, as well as military applications and threat models. We differ from other other recent surveys that target ML in general, neglecting RF applications.

翻译：本文探讨了一种结合新型忆阻器与传统互补金属氧化物半导体（CMOS）的新型计算范式的安全性问题，该范式构建了特别适用于射频（RF）信号机器学习（ML）推理处理器的高效模拟和/或数字架构。忆阻器具有与传统CMOS不同的特性，攻击者可能利用这些特性。此外，混合信号近似计算模型具有与传统数字实现不同的漏洞。然而，忆阻器和ML计算均可用于创建安全机制和防御措施，涵盖轻量级密码学、标识符（如物理不可克隆函数（PUF）、指纹和水印）、熵源、硬件混淆以及泄露/攻击检测方法。本文提出了三种不同的威胁模型：1）供应链，2）物理攻击，3）远程攻击。针对每种威胁模型，识别了潜在的漏洞和防御策略。本综述回顾了硬件与ML安全领域中的多项近期研究，并提出了攻击与防御两方面的开放性问题。综述重点强调了射频信号分析与识别在商业领域以及军事应用和威胁模型中的发展空间。与其他仅关注通用ML而忽视射频应用的最新综述不同，本文着重关注射频应用领域。