research-article

HISA: Hardware Isolation-based Secure Architecture for CPU-FPGA Embedded Systems

Authors:

Xianglong Feng,

Sheng WeiAuthors Info & Claims

2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Pages 1 - 8

https://doi.org/10.1145/3240765.3240814

Published: 05 November 2018 Publication History

Abstract

Heterogeneous CPU-FPGA systems have been shown to achieve significant performance gains in domain-specific computing. However, contrary to the huge efforts invested on the performance acceleration, the community has not yet investigated the security consequences due to incorporating FPGA into the traditional CPU-based architecture. In fact, the interplay between CPU and FPGA in such a heterogeneous system may introduce brand new attack surfaces if not well controlled. We propose a hardware isolation-based secure architecture, namely HISA, to mitigate the identified new threats. HISA extends the CPU-based hardware isolation primitive to the heterogeneous FPGA components and achieves security guarantees by enforcing two types of security policies in the isolated secure environment, namely the access control policy and the output verification policy. We evaluate HISA using four reference FPGA IP cores together with a variety of reference security policies targeting representative CPU-FPGA attacks. Our implementation and experiments on real hardware prove that HISA is an effective security complement to the existing CPU-only and FPGA-only secure architectures.

References

[1]

ARM Security Technology: Building a Secure System Using TrustZone Technology. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html

[2]

ARM Trusted Firmware. https://github.com/ARM-software/arm-trusted-firmware

[3]

BitLocker Drive Encryption. https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bitlocker-drive-encryption

[4]

Custom IP Project for the MicroZed. https://github.com/fpgadeveloper/microzed-custom-ip

[5]

Developer Preview EC2 Instances (F1) with Programmable Hardware. https://aws.amazon.com/blogs/aws/developer-preview-ec2-instances-f1-with-programmable-hardware/

[6]

HISA Github Repository. https://github.com/hwsel/hisa

[7]

Microsoft Goes All in for FPGAs to Build out AI Cloud. https://www.top500.org/news/microsoft-goes-all-in-for-fpgas-to-build-out-cloud-based-ai/

[8]

OpenCores. http://opencores.org/project/basicrsa

[9]

Real-time Motion Detection in Video on Zynq FPGA. http://www.jsykora.info/2013/11/real-time-motion-detection-in-video-on-zynq-fpga/

[10]

Surveillance Video Sample. https://www.youtube.com/watch?v=Bnk6dMQFNa8&t=3s

[11]

USB Interface Adapter EVM. http://www.ti.com/tool/usb-to-gpio

[12]

The Xen Project. http://www.xenproject.org/

[13]

2011. AMD I/O Virtualization Technology (IOMMU) Specification.

[14]

2016. 7 Series FPGAs and Zynq-7000 All Programmable SoC XADC Dual 12-bit 1 MSPS Analog-to-digital Converter User Guide, UG480 (v1.8). https://github.com/fpgadeveloper/microzed-custom-ip

[15]

A.M. Azab, K. Swidowski, R. Bhutkar, J. Ma, W. Shen, R. Wang, and P. Ning. 2016. SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM. In NDSS.

[16]

Y. Chen, J. Cong, Z. Fang, J. Lei, and P. Wei. 2016. When Apache Spark Meets FPGAs: A Case Study for Next-generation DNA Sequencing Acceleration. In HotCloud. 64–70.

[17]

Y. Choi, J. Cong, Z. Fang, Y. Hao, G. Reinman, and P. Wei. 2016. A Quantitative Analysis on Microarchitectures of Modern CPU-FPGA Platforms. In DAC. 6.

[18]

V. Costan, I. Lebedev, and S. Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security.

[19]

T. El-Ghazawi, E. El-Araby, M. Huang, K. Gaj, V. Kindratenko, and D. Buell. 2008. The Promise of High-Performance Reconfigurable Computing. Computer 41, 2 (2008), 69–76.

Digital Library

[20]

Shay Gueron. 2016. A Memory Encryption Engine Suitable for General Purpose Processors. Intel Whitepaper, https://eprint.iacr.org/2016/204.pdf

[21]

N. Hu, M. Ye, and S. Wei. 2017. Surviving Information Leakage Hardware Trojan Attacks Using Hardware Isolation. IEEE TETC (2017).

[22]

M. Huang, D. Wu, C.H. Yu, Z. Fang, M. Interlandi, T. Condie, and J. Cong. 2016. Programming and Runtime Support to Blaze FPGA Accelerator Deployment at Datacenter Scale. In SOCC. 456–469.

[23]

T. Huffmire, B. Brotherton, G. Wang, T. Sherwood, R. Kastner, T. Levin, T. Nguyen, and C. Irvine. 2007. Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems. In S&P. 281–295.

[24]

N. Jacob, J. Heyszl, A. Zankl, C. Rolfes, and S. Georg. 2017. How to Break Secure Boot on FPGA SoCs through Malicious Hardware. CHES (2017).

[25]

V. Jyothi, M. Thoonoli, R. Stern, and R. Karri. 2016. FPGA Trust Zone: Incorporating Trust and Reliability into FPGA Designs. In ICCD. 600–605.

[26]

L.E. Olson, J. Power, M.D. Hill, and D.A. Wood. 2015. Border Control: Sandboxing Accelerators. In MICRO. 470–481.

[27]

E. Srikanth. 2014. Zynq-7000 AP SoC Low Power Techniques Part 2 - Measuring ZC702 Power Using TI Fusion Power Designer Tech Tip. Xilinx (2014).

[28]

C. Stauffer and W.E.L. Grimson. 1999. Adaptive Background Mixture Models for Real-time Tracking. In CVPR, Vol. 2. 246–252.

[29]

J. Stuecheli, B. Blaner, C.R. Johns, and M.S. Siegel. 2015. CAPI: A Coherent Accelerator Processor Interface. IBM Journal of Research and Development 59, 1 (2015), 7–1.

Digital Library

[30]

H. Sun, K. Sun, Y. Wang, and J. Jing. 2015. TrustOTP: Transforming Smartphones into Secure One-time Password Tokens. In CCS. 976–988.

[31]

M. Tehranipoor and F. Koushanfar. 2010. A Survey of Hardware Trojan Taxonomy and Detection. In IEEE Design & Test of Computers. 10–25.

[32]

R. Wang, Y. Shoshitaishvili, C. Kruegel, and G. Vigna. 2013. Steal this Movie: Automatically Bypassing DRM Protection in Streaming Media Services. In USENIX Security.

[33]

Xilinx Inc. 2016. Zynq-7000 All Programmable SoC Overview. In DS190.

[34]

M. Ye, N. Hu, and S. Wei. 2016. Lightweight Secure Sensing Using Hardware Isolation. IEEE SENSORS (2016).

[35]

M. Ye, M.Z. Shahrak, and S. Wei. 2017. PUFSec: Protecting Physical Unclonable Functions Using Hardware Isolation-based System Security Techniques. In AsianHOST. 7–12.

[36]

Y. Zhai and L. Yin. 2016. CQSTR: Securing Cross-tenant Applications with Cloud Containers. In SoCC. 223–236.

[37]

D. Zhang, Y. Wang, G.E. Suh, and A.C. Myers. 2015. A Hardware Design Language for Timing-sensitive Information-flow Security. In ASPLOS. 503–516.

Cited By

Madabhushi BMummidi CKundu SHolcomb D(2024)Resurrection Attack: Defeating Xilinx MPU's Memory Protection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545396(394-403)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545396
Lee DShin OCha YLee JYun TKim JOh HNicopoulos CLee S(2024)A Hardware-Based Correct Execution Environment Supporting Virtual MemoryIEEE Access10.1109/ACCESS.2024.344350912(114008-114022)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3443509
Alsuwaiyan AHabib AImoukhuede AOmar MMaruf MAlqarni MEl-Maleh ATabbakh AFelemban MAzim A(2024)A Systematic Literature Review on Vulnerabilities, Mitigation Techniques, and Attacks in Field-Programmable Gate ArraysArabian Journal for Science and Engineering10.1007/s13369-024-09562-wOnline publication date: 23-Sep-2024
https://doi.org/10.1007/s13369-024-09562-w
Show More Cited By

Index Terms

HISA: Hardware Isolation-based Secure Architecture for CPU-FPGA Embedded Systems

Index terms have been assigned to the content through auto-classification.

Recommendations

Hardware Decompression Techniques for FPGA-Based Embedded Systems

In this work, we present hardware decompression accelerators for widening the bottleneck between slow nonvolatile memories on the one side and high-speed FPGA configuration interfaces and fast softcore CPUs on the other side. We discuss different ...
Designing secure systems on reconfigurable hardware

The extremely high cost of custom ASIC fabrication makes FPGAs an attractive alternative for deployment of custom hardware. Embedded systems based on reconfigurable hardware integrate many functions onto a single device. Since embedded designers often ...
Real-time embedded systems powered by FPGA dynamic partial self-reconfiguration: a case study oriented to biometric recognition applications

This work aims to pave the way for an efficient open system architecture applied to embedded electronic applications to manage the processing of computationally complex algorithms at real-time and low-cost. The target is to define a standard ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Nov 2018

939 pages

Copyright © 2018.

Publisher

IEEE Press

Publication History

Published: 05 November 2018

Permissions

Request permissions for this article.

Request Permissions

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
369
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Madabhushi BMummidi CKundu SHolcomb D(2024)Resurrection Attack: Defeating Xilinx MPU's Memory Protection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545396(394-403)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545396
Lee DShin OCha YLee JYun TKim JOh HNicopoulos CLee S(2024)A Hardware-Based Correct Execution Environment Supporting Virtual MemoryIEEE Access10.1109/ACCESS.2024.344350912(114008-114022)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3443509
Alsuwaiyan AHabib AImoukhuede AOmar MMaruf MAlqarni MEl-Maleh ATabbakh AFelemban MAzim A(2024)A Systematic Literature Review on Vulnerabilities, Mitigation Techniques, and Attacks in Field-Programmable Gate ArraysArabian Journal for Science and Engineering10.1007/s13369-024-09562-wOnline publication date: 23-Sep-2024
https://doi.org/10.1007/s13369-024-09562-w
Xia KWei S(2023)DF-TEE: Trusted Execution Environment for Disaggregated Multi-FPGA Cloud Systems2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)10.1109/AsianHOST59942.2023.10409376(1-6)Online publication date: 13-Dec-2023
https://doi.org/10.1109/AsianHOST59942.2023.10409376
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Jun-2022
https://dl.acm.org/doi/10.1145/3544102
Ren WPan JChen D(2021)AccGuard: Secure and Trusted Computation on Remote FPGA Accelerators2021 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS)10.1109/iSES52644.2021.00093(378-383)Online publication date: Dec-2021
https://doi.org/10.1109/iSES52644.2021.00093
Xia KLuo YXu XWei S(2021)SGX-FPGA: Trusted Execution Environment for CPU-FPGA Heterogeneous Architecture2021 58th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC18074.2021.9586207(301-306)Online publication date: 5-Dec-2021
https://doi.org/10.1109/DAC18074.2021.9586207
Gangal AYe MWei S(2020)HybridTEE: Secure Mobile DNN Execution Using Hybrid Trusted Execution Environment2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)10.1109/AsianHOST51057.2020.9358260(1-6)Online publication date: 15-Dec-2020
https://doi.org/10.1109/AsianHOST51057.2020.9358260
Ye MFeng XWei S(2019)Runtime Hardware Security Verification Using Approximate Computing: A Case Study on Video Motion Detection2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)10.1109/AsianHOST47458.2019.9006675(1-6)Online publication date: Dec-2019
https://doi.org/10.1109/AsianHOST47458.2019.9006675

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents