Security Challenges and Opportunities of Cloud FPGAs

Field-programmable gate arrays (FPGAs) have assumed a critical role within numerous cloud computing platforms, owing to their possession of intricate parallelism and specialization capabilities, which are instrumental in accelerating a wide array of applications spanning from machine learning and networking to signal processing, among various others. The shared FPGA platform in the cloud is based on the concept that the FPGA real estate can be shared among various users, probably event at different privilege levels.

However, such multi-tenancy comes with security challenges, in which one user, while being completely logically isolated from another, can cause security breaches to another user on the same FPGA. A substantial portion of these security challenges faced by FPGAs stem from the shared power distribution network present in these devices. Such electrical-level attacks leverage the electrical coupling between the adversary and a victim. An effective way to achieve such coupling in datacenter FPGAs is via the shared power delivery network (PDN). In addition, such a hardware security vulnerability does not require physical access to the hardware, meaning that a malicious user is able to execute a variety of remotely-controlled attacks: denial-of-service, fault injection, and power side-channel. Fine-grained control over the low-level FPGA hardware is, as it turns out, at the source of a number of electrical-level security issues. This enables the adversary to design and embed various legitimate and even benign-looking constructs in their designs to perform several attacks, evading many detection mechanisms.

Addressing the potential threat of remote electrical-level attacks on FPGAs involves a multifaceted approach encompassing various levels of abstraction, extending from pre-deployment measures to real-time monitoring. One strategy is the implementation of offline checks at the hypervisor or cloud provider level, where tenant designs undergo thorough scrutiny for any potentially malicious elements before they are loaded onto the FPGA. This can be done by simply looking for knownmalicious constructs in the design, or using machine learning approaches to generalize them for better coverage of formerlyunseen malicious designs. This proactive approach aims to prevent the introduction of vulnerable or malicious configurations in the first place.

Another line of defense involves the construction of active fences around security-sensitive FPGA designs. These fences essentially act as protective logic wrappers, detecting electrical-level leakage from the FPGA block and implementing compensation mechanisms to counterbalance PDN noise, as a hiding mechanism against remote side channel attacks. Furthermore, runtime monitoring systems can be integrated into multi-tenant FPGA environments. These systems continuously monitor voltage fluctuations on the PDN and can promptly disable any configurations exhibiting suspicious behavior. This real-time intervention serves as a safeguard against potential fault injection attacks or denial of service incidents, ensuring the integrity and reliability of the FPGA within the cloud infrastructure.