// edge_ai_security_lab — recon view · v0.2 + ZYNQ

Architecture, Software Attacks & Hardware Attacks

Live topology of the GPU / Jetson / Z7-7020 FPGA / Raspberry Pi gateway lab. Click red markers for software attacks, orange markers for hardware/silicon attacks, green for defenses, and any device for its role and trust level. Attack notes are scoped to owned, isolated lab validation.

← Back to site
SESSION ACTIVE
v0.2 // ZYNQ-7020 ADDED
OPERATOR: research_node_01
12
Software Attacks
6
Hardware Attacks
11
Defense Points
4
Trust Zones
6
Devices Online
Traffic Filter
Click any device, attack marker, or defense marker to open details below.
REMOTE MODEL + BITSTREAM BUILD CLIENT PUBLIC SIDE GATEWAY / DMZ TRUST BOUNDARY PRIVATE BACKEND INFERENCE LAN2 PHYSICAL SURFACE SILICON + BOARD ACCESS PROBE TARGETS A13 power traces A14 EM near-field A15 voltage/clock faults Contact point: Zynq board SILICON DEFENSES D10 masking/schedule D11 XADC anomaly log D9 bitstream auth Measured overhead + alerts RTX 5080 • REMOTE GPU Workstation Model + Bitstream Factory PyTorch · CUDA · Vivado → exports model.onnx → exports cnn.bit ▲ TRAINING + HLS BUILD CONTROL + ATTACKER MacBook / ThinkPad 192.168.10.100 SSH · curl · Burp · ZAP Wireshark · ChipWhisperer PHYSICAL TOOLING Side-Channel Rig ChipWhisperer / scope EM probe · shunt resistor USB → MacBook ▲ NO NETWORK PATH L2 MANAGED TP-Link SG108PE VLAN · port mirror 8 ports · PoE tap point for capture DUAL-LAN GATEWAY Raspberry Pi CM4 Trust Boundary LAN1: 192.168.10.2 Nginx + FastAPI :8000 JWT · rate limit · WAF accelerator dispatcher LAN2: 192.168.30.1 → Jetson 192.168.30.10 → Zynq 192.168.30.20 PRIVATE INFERENCE • GPU Jetson Orin Nano TensorRT Backend 192.168.30.10:8001 FP16 / INT8 engine /infer · /health no public IP ▲ NEVER FACES CLIENT PRIVATE INFERENCE • FPGA Zynq-7020 (Z7-7020) PS + PL · Hardware Accelerator 192.168.30.20:8002 PS · CORTEX-A9 PetaLinux + DPDK REST shim → AXI DMA engine bitstream loader eFUSE / PUF keys XADC monitor PL · 7-SERIES FPGA CNN MAC array INT8 systolic 85k LUTs · 220 DSPs on-chip BRAM bitstream auth check masked datapath ? AXI4 PHYSICAL ACCESS: TRUST MODEL CHANGE FUTURE Camera / IoT Client phase 5+ · PoE MODEL.ONNX SIGNED CNN.BIT HTTPS :8000 LAN2 / GPU LAN2 / FPGA PHYSICAL PROBE A1 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15 A16 A17 A18 D1 D2 D3 D4 D5 D6 D7 D8 D9 D10 D11
Model transfer
Bitstream transfer
Public client
Gateway-mediated
Private backend
Physical / EM probe
SW attack
HW attack
Defense
Physical zone
// Threat Library

Attack Deep-Dive Index

Completed attack pages open in the local Threat_library folder. Upcoming entries open the live inspector until their full technical articles are generated.

A1Deep dive

Unauthenticated Inference Endpoint

Public inference route accepts requests without an identity boundary at the Raspberry Pi gateway.

Pi gateway / public API / CIA
A2Deep dive

Resource Exhaustion / DoS

Request bursts, oversized payloads, or slow clients saturate the gateway queue and accelerator path.

Ingress queue / rate limit / availability
A3Deep dive

Broken Object Authorization

Prediction records, jobs, or model artifacts are accessed by ID without tenant ownership checks.

API object IDs / result store / STRIDE
A4Deep dive

Model Update Tampering

Unsigned or weakly verified model transfers allow a poisoned artifact to reach Jetson or FPGA flows.

GPU factory / artifact signing / integrity
A5Deep dive

Direct Backend Exposure

Jetson or Zynq backend services become reachable from paths that should only reach the Pi gateway.

LAN2 / firewall / backend isolation
A6Deep dive

Model Extraction by Querying

Repeated black-box queries approximate decision boundaries or recover sensitive model behavior.

Query telemetry / anomaly detection / D5
A7Deep dive

Adversarial Input Perturbation

Small input changes manipulate model output while preserving plausible human-level appearance.

Client input / validation / robustness
A8Deep dive

Unsafe / Sensitive Logging

Prompts, frames, tokens, or labels leak into logs that are easier to copy than the protected service.

Jetson logs / privacy / evidence trails
// Defense Matrix

Control Index

Defense cards open the atlas inspector for now. Their dedicated Defense_matrix articles can be linked here after the attack pages are completed.

[200] POST /api/v1/infer · accel=jetson · 47ms · class=cat 0.91 [200] POST /api/v1/infer · accel=zynq · 38ms · class=cat 0.89 [429] rate-limit 18 req/s [401] jwt expired [413] payload 412MB rejected [xadc] zynq core voltage 0.94V (nominal 1.00V) — glitch suspected [bitstream] cnn.bit signature OK · sha256=4f9a...c2 [bitstream] cnn.bit signature INVALID — load refused [trace] capturing 50k power traces · DPA correlation ρ=0.31 on round 3 [blocked] direct connect 192.168.30.10:8001 · firewall drop [blocked] direct connect 192.168.30.20:8002 · firewall drop [xadc] zynq die temperature 78°C — fault-injection thermal anomaly [anomaly] 412 queries / 60s — extraction signal [200] POST /api/v1/infer · accel=jetson · 47ms · class=cat 0.91 [200] POST /api/v1/infer · accel=zynq · 38ms · class=cat 0.89 [429] rate-limit 18 req/s [401] jwt expired [413] payload 412MB rejected [xadc] zynq core voltage 0.94V (nominal 1.00V) — glitch suspected [bitstream] cnn.bit signature OK · sha256=4f9a...c2 [bitstream] cnn.bit signature INVALID — load refused [trace] capturing 50k power traces · DPA correlation ρ=0.31 on round 3 [blocked] direct connect 192.168.30.10:8001 · firewall drop [blocked] direct connect 192.168.30.20:8002 · firewall drop [xadc] zynq die temperature 78°C — fault-injection thermal anomaly [anomaly] 412 queries / 60s — extraction signal