Securing FPGA-Accelerated Cloud Infrastructures

Abstract

Cloud FPGAs have been gaining popularity in recent years due to the ability of users to request FPGA resources quickly, flexibly, and on-demand. However, as public cloud providers make FPGAs available to many, potentially mutually-untrusting users, security of these Cloud FPGA deployments needs to be analyzed, and defenses developed. This talk will discuss Cloud FPGA security from the perspective of side and covert channel attacks. It will cover our recent work on thermal channels that can be used to create covert channels between users renting same FPGA over time. These channels can create stealthy communication medium for leaking small amounts of sensitive information, e.g., cryptographic keys. The talk will also discuss our recent work on voltage-based channels that leverage custom circuits instantiated inside the FPGAs to measure voltage changes. Voltage-based channels can be used to leak sensitive information across FPGAs (in single-tenant or multi-tenant settings), or can be combined with other existing attacks to perform cross-talk leakage inside the FPGAs (in multi-tenant settings). The talk will end with overview of some defenses and open challenges in securing Cloud FPGAs.