SaTC: CORE: Small: Security of FPGA-as-a-Service Reconfigurable Systems

SaTC：核心：小型：FPGA 即服务可重构系统的安全性

• 批准号: 2310142
• 负责人: Krishnendu Chakrabarty
• 金额: $ 50万
• 依托单位: Arizona State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-01-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2310142&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Security; FPGA

Commercial cloud computing services are widely used today. Advances in cloud computing have enabled integration of field-programmable gate-arrays (FPGAs) in high-end platforms for domain-specific customization. However, such FPGA-as-a-service systems are vulnerable to malicious attacks and countermeasures are needed to ensure that these systems can be deployed with high assurance. Today's security solutions are not sufficient for next-generation platforms in which intellectual property (IP) blocks from different providers are integrated on the same FPGA fabric; they access shared computational resources and incorporate applications from potentially untrusted sources. This research is based on a combination of authentication methods, information flow tracking, shadow logic, formal methods, and the monitoring of on-chip sensors. Machine learning is utilized to detect malicious FPGA bitstreams. Authentication methods are being used to secure FPGAs against denial-of-service attacks due to greedy tenants, task-redirection, task-hiding, and temporal-instance attacks. Shadow logic and information flow tracking are used to secure the FPGA and other IPs against data-sniffing and data-modification attacks. Evaluation is being carried out using a Digilent Genesys 2 board with an embedded Xilinx Kintex-7 FPGA, and a ZedBoard Zynq-7000 development board.Threat modeling, attack prediction, and proactive countermeasures will contribute to trust assurance in FPGA-as-a-Service systems. Benchmarks of malicious FPGA bitstreams are being developed for the evaluation of countermeasures. A web-based countermeasure-effectiveness assessment platform is being designed to assist researchers in evaluating the effectiveness of countermeasures and compare between different solutions. Collaborations are underway with partners in Intel and IBM. Research findings are being integrated in a new hardware security course and a new cybersecurity curriculum at the graduate level. High-school students from the North Carolina School of Science and Mathematics are being engaged in the ongoing research. All data related to this project are being disseminated through the DukeSpace repository, https://dukespace.lib.duke.edu/dspace/. DukeSpace is a digital collection that captures and preserve Duke’s intellectual output on a server operated by the University’s Library. Source code for testing, input/output files, and documentation will be released as the project matures. All data and software will be available in a Duke website (http://people.ee.duke.edu/~krish/), and this data will be available for 5 years after the project is completed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

如今，商业云计算服务得到了广泛应用，云计算的进步使得现场可编程门阵列 (FPGA) 能够集成到高端平台中，以实现特定领域的定制。但是，此类 FPGA 即服务系统很容易受到攻击。需要针对恶意攻击和对策来确保这些系统能够以高保证进行部署，而对于来自不同提供商的知识产权 (IP) 块集成在同一 FPGA 结构上的下一代平台来说，今天的安全解决方案是不够的。访问共享计算该研究结合了身份验证方法、信息流跟踪、影子逻辑、形式化方法，并利用机器学习来检测恶意 FPGA 比特流。方法用于保护 FPGA 免受由于贪婪租户、任务重定向、任务隐藏和临时实例攻击而导致的拒绝服务攻击，并且使用影子逻辑和信息流跟踪来保护 FPGA 和其他 IP 免受攻击。正在使用带有嵌入式 Xilinx Kintex-7 FPGA 的 Digilent Genesys 2 板和 ZedBoard Zynq-7000 开发板进行评估。威胁建模、攻击预测和主动对策将有助于FPGA 即服务系统中的信任保证正在开发中，用于评估基于网络的对策。对策有效性评估平台的设计目的是帮助研究人员评估对策的有效性，并与英特尔和 IBM 的合作伙伴进行合作，研究结果正在被整合到新的硬件安全课程和新的网络安全课程中。北卡罗来纳州科学与数学学院的研究生正在参与正在进行的研究，所有与该项目相关的数据都通过杜克空间存储库传播。 https://dukespace.lib.duke.edu/dspace/ 是一个数字馆藏，用于在大学图书馆运营的服务器上捕获和保存杜克大学的智力输出。随着项目成熟而发布，所有数据和软件将在杜克大学网站（http://people.ee.duke.edu/~krish/）上提供，并且该数据将在项目完成后保留 5 年。该奖项体现了通过使用基金会的智力价值和更广泛的影响审查标准进行评估，NSF 的法定使命被认为值得支持。

项目成果

Diagnosis of Malicious Bitstreams in Cloud Computing FPGAs*

云计算 FPGA 中的恶意比特流诊断*

• DOI: 10.1109/tcad.2023.3272268
• 发表时间: 2023
• 期刊: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
• 影响因子: 2.9
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu

Criticality Analysis of Ring Oscillators in FPGA Bitstreams *

FPGA 比特流中环形振荡器的关键性分析*

• DOI: 10.1109/ets56758.2023.10173861
• 发表时间: 2023
• 期刊: Prof. IEEE European Test Symposium
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu

Detection and Classification of Malicious Bitstreams for FPGAs in Cloud Computing

云计算中 FPGA 恶意比特流的检测和分类

• DOI: 10.1145/3566097.3568346
• 发表时间: 2023
• 期刊: Proc. Asia South Pacific Design Automation Conference
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu