CAREER: Towards the Security of Heterogeneous CPU-FPGA Systems

职业：实现异构 CPU-FPGA 系统的安全性

• 批准号: 1912593
• 负责人: Sheng Wei
• 金额: $ 43.66万
• 依托单位: Rutgers University New Brunswick
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-11 至 2024-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1912593&HistoricalAwards=false
• 关键词: CAREER; Towards; Security; Heterogeneous; CPU

With the rapidly growing demand of high performance computations, the traditional central processing unit (CPU)-based computing systems have been deployed with field programmable gate array (FPGA) components for hardware acceleration, such as in the emerging CPU-FPGA cloud systems. Despite the significant performance benefits, the CPU-FPGA architecture introduces new attack surfaces through the communications between the two heterogeneous components. This project develops a hardware isolation-based security framework to eliminate the new attack surfaces, a programming toolkit to facilitate the development of secure CPU-FPGA systems, as well as a set of CPU-FPGA benchmark applications for evaluation purposes. The project involves three research activities. First, it develops a hardware security framework that achieves FPGA-compatible containers enabled by bus-level hardware isolation, together with efficient security verification policies leveraging approximate computing and side channel analysis. Second, it delivers a programming toolkit that automatically partitions the CPU and FPGA jobs into the hardware isolation environment using dynamic program slicing, as well as a performance and resource optimization scheme employing dynamic scheduling. Third, it generates a representative set of CPU-FPGA benchmarks spanning secure multimedia systems, financial security, and privacy-preserving scientific computing to evaluate the security and performance of the CPU-FPGA systems. The project will generate broader impacts from several aspects. First, it will enable comprehensive education activities such as new curriculum design and summer internship programs attracting undergraduate students to cybersecurity research. Second, it will benefit many fields of studies with strong security guarantees and short learning curves given the growing popularity of CPU-FPGA cloud. Third, the CPU-FPGA benchmarks have the potential of enabling industrial outreach and generating real world impacts. Furthermore, the project will transform the fields of hardware security, software engineering, and scientific computing to the new frontier of jointly supporting heterogeneous architectures, motivating interdisciplinary cybersecurity research. The project repository will be stored on a publicly accessible server at the University of Nebraska-Lincoln (http://cse.unl.edu/~swei/projects/hisa). All the project data will be maintained for at least 5 years following the end of the grant period.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着高性能计算需求的快速增长，传统的基于中央处理器（CPU）的计算系统已部署现场可编程门阵列（FPGA）组件进行硬件加速，例如在新兴的CPU-FPGA云系统中。尽管有显著的性能优势，但CPU-FPGA架构通过两个异构组件之间的通信引入了新的攻击面。 该项目开发了一个基于硬件隔离的安全框架，以消除新的攻击面，一个编程工具包，以促进安全的CPU-FPGA系统的开发，以及一套CPU-FPGA基准测试应用程序的评估目的。该项目包括三项研究活动。首先，它开发了一个硬件安全框架，该框架通过总线级硬件隔离实现了FPGA兼容的容器，以及利用近似计算和侧通道分析的高效安全验证策略。其次，它提供了一个编程工具包，自动分区的CPU和FPGA的工作到硬件隔离环境中使用动态程序切片，以及采用动态调度的性能和资源优化方案。第三，它生成了一组具有代表性的CPU-FPGA基准测试，涵盖安全多媒体系统，金融安全和隐私保护科学计算，以评估CPU-FPGA系统的安全性和性能。该项目将从几个方面产生更广泛的影响。首先，它将使全面的教育活动，如新的课程设计和暑期实习计划吸引本科生到网络安全研究。其次，由于CPU-FPGA云的日益普及，它将有利于许多具有强大安全保证和短学习曲线的研究领域。第三，CPU-FPGA基准具有实现工业推广和产生真实的世界影响的潜力。此外，该项目将把硬件安全、软件工程和科学计算领域转变为共同支持异构架构的新前沿，推动跨学科的网络安全研究。项目资料库将储存在内布拉斯加-林肯大学的一个可供公众查阅的服务器上（http：//cse.unl.edu/crosswei/projects/hisa）。所有项目数据将在资助期结束后至少保留5年。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Privacy-preserving Reflection Rendering for Augmented Reality

• DOI: 10.1145/3503161.3548386
• 发表时间: 2022-07
• 期刊: Proceedings of the 30th ACM International Conference on Multimedia
• 作者: Yiqin Zhao;Sheng Wei;Tian Guo

EvoIsolator: Evolving Program Slices for Hardware Isolation Based Security

EvoIsolator：不断发展的程序切片以实现基于硬件隔离的安全性

• DOI: 10.1007/978-3-319-99241-9_24
• 发表时间: 2018
• 期刊: International Symposium on Search Based Software Engineering SSBSE 2018
• 作者: Mengmei Ye, Myra B.

VVSec: Securing Volumetric Video Streaming via Benign Use of Adversarial Perturbation

VVSec：通过善意地使用对抗性扰动来保护体积视频流

• DOI: 10.1145/3394171.3413639
• 发表时间: 2020
• 期刊: ACM International Conference on Multimedia
• 作者: Tang, Zhongze;Feng, Xianglong;Xie, Yi;Phan, Huy;Guo, Tian;Yuan, Bo;Wei, Sheng
• 通讯作者: Wei, Sheng

Runtime Hardware Security Verification Using Approximate Computing: A Case Study on Video Motion Detection

使用近似计算的运行时硬件安全验证：视频运动检测案例研究

• DOI: 10.1109/asianhost47458.2019.9006675
• 发表时间: 2019
• 期刊: 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST
• 作者: Ye, Mengmei;Feng, Xianglong;Wei, Sheng
• 通讯作者: Wei, Sheng

QuRate: power-efficient mobile immersive video streaming

• DOI: 10.1145/3339825.3391863
• 发表时间: 2020-05
• 期刊: Proceedings of the 11th ACM Multimedia Systems Conference
• 作者: Nan Jiang;Yao Liu;Tian Guo;Wenyao Xu;Viswanathan Swaminathan;Lisong Xu;Sheng Wei