SaTC: CORE: Small: Emerging Security Challenges and a Solution Framework for FPGA-accelerated Cloud Computing

SaTC：CORE：小型：新兴安全挑战和 FPGA 加速云计算的解决方案框架

• 批准号: 2247059
• 负责人: Sandip Kundu
• 金额: $ 30万
• 依托单位: University of Massachusetts Amherst
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247059&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Emerging; Security

Field programmable gate arrays (FPGAs) have been extensively used in data centers to make their tasks run faster. Unlike conventional computers, FPGAs can be configured and/or programmed differently for different tasks and shared among multiple users, adding agility to cloud environments. However, this flexibility adds security risks. For example, if many users are sharing an FPGA, a malicious user can steal or corrupt other users’ data. The project’s novelties are developing novel ways to protect FPGAs from these harmful attacks. The project's broader significance and importance are making cloud computing safer and easier to use and promoting education and research in FPGA security. This project aims to address FPGA security concerns by introducing novel approaches that prevent attacks compromising user data, causing corruption or physical damage to the data center. By implementing secure operating mechanisms, controlled sharing of FPGAs among multiple users is made possible. A security and queue management unit (SQMU) are embedded within the FPGA to maintain process isolation and allow secure sharing without sacrificing performance and energy efficiency. The proposed structure enables multiple applications to securely share the same accelerator or utilize different accelerators on the same FPGA. Access to FPGA interfaces is tightly controlled to prevent denial-of-service attacks, and memory access is isolated to authorized pages. Additionally, the project contributes to FPGA state saving to support process preemption.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现场可编程门阵列（FPGA）已广泛用于数据中心，以使其任务运行更快。与传统计算机不同，FPGA可以针对不同的任务进行不同的配置和/或编程，并在多个用户之间共享，从而为云环境增加了灵活性。然而，这种灵活性增加了安全风险。例如，如果许多用户共享一个FPGA，恶意用户可以窃取或破坏其他用户的数据。 该项目的创新之处在于开发新颖的方法来保护FPGA免受这些有害攻击。该项目更广泛的意义和重要性是使云计算更安全，更易于使用，并促进FPGA安全性的教育和研究。该项目旨在通过引入新的方法来解决FPGA安全问题，这些方法可以防止攻击损害用户数据，导致数据中心损坏或物理损坏。通过实施安全的操作机制，可以在多个用户之间控制FPGA的共享。安全和队列管理单元（SQMU）嵌入在FPGA中，以保持进程隔离，并允许安全共享，而不会牺牲性能和能效。所提出的结构使多个应用程序能够安全地共享同一个加速器或在同一个FPGA上使用不同的加速器。对FPGA接口的访问受到严格控制，以防止拒绝服务攻击，内存访问被隔离到授权页面。此外，该项目有助于FPGA状态保存以支持过程抢占。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。