GGrantIndex
← Search

SaTC: CORE: Small: Security of FPGA-as-a-Service Reconfigurable Systems

$498,003FY2023CSENSF

Arizona State University, Scottsdale AZ

Investigators

Abstract

Commercial cloud computing services are widely used today. Advances in cloud computing have enabled integration of field-programmable gate-arrays (FPGAs) in high-end platforms for domain-specific customization. However, such FPGA-as-a-service systems are vulnerable to malicious attacks and countermeasures are needed to ensure that these systems can be deployed with high assurance. Today's security solutions are not sufficient for next-generation platforms in which intellectual property (IP) blocks from different providers are integrated on the same FPGA fabric; they access shared computational resources and incorporate applications from potentially untrusted sources. This research is based on a combination of authentication methods, information flow tracking, shadow logic, formal methods, and the monitoring of on-chip sensors. Machine learning is utilized to detect malicious FPGA bitstreams. Authentication methods are being used to secure FPGAs against denial-of-service attacks due to greedy tenants, task-redirection, task-hiding, and temporal-instance attacks. Shadow logic and information flow tracking are used to secure the FPGA and other IPs against data-sniffing and data-modification attacks. Evaluation is being carried out using a Digilent Genesys 2 board with an embedded Xilinx Kintex-7 FPGA, and a ZedBoard Zynq-7000 development board. Threat modeling, attack prediction, and proactive countermeasures will contribute to trust assurance in FPGA-as-a-Service systems. Benchmarks of malicious FPGA bitstreams are being developed for the evaluation of countermeasures. A web-based countermeasure-effectiveness assessment platform is being designed to assist researchers in evaluating the effectiveness of countermeasures and compare between different solutions. Collaborations are underway with partners in Intel and IBM. Research findings are being integrated in a new hardware security course and a new cybersecurity curriculum at the graduate level. High-school students from the North Carolina School of Science and Mathematics are being engaged in the ongoing research. All data related to this project are being disseminated through the DukeSpace repository, https://dukespace.lib.duke.edu/dspace/. DukeSpace is a digital collection that captures and preserve Duke’s intellectual output on a server operated by the University’s Library. Source code for testing, input/output files, and documentation will be released as the project matures. All data and software will be available in a Duke website (http://people.ee.duke.edu/~krish/), and this data will be available for 5 years after the project is completed. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →