SaTC: CORE: Small: Security of FPGA-as-a-Service Reconfigurable Systems

SaTC：核心：小型：FPGA 即服务可重构系统的安全性

• 批准号: 2310142
• 负责人: Krishnendu Chakrabarty
• 金额: $ 50万
• 依托单位: Arizona State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-01-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2310142&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Security; FPGA

Commercial cloud computing services are widely used today. Advances in cloud computing have enabled integration of field-programmable gate-arrays (FPGAs) in high-end platforms for domain-specific customization. However, such FPGA-as-a-service systems are vulnerable to malicious attacks and countermeasures are needed to ensure that these systems can be deployed with high assurance. Today's security solutions are not sufficient for next-generation platforms in which intellectual property (IP) blocks from different providers are integrated on the same FPGA fabric; they access shared computational resources and incorporate applications from potentially untrusted sources. This research is based on a combination of authentication methods, information flow tracking, shadow logic, formal methods, and the monitoring of on-chip sensors. Machine learning is utilized to detect malicious FPGA bitstreams. Authentication methods are being used to secure FPGAs against denial-of-service attacks due to greedy tenants, task-redirection, task-hiding, and temporal-instance attacks. Shadow logic and information flow tracking are used to secure the FPGA and other IPs against data-sniffing and data-modification attacks. Evaluation is being carried out using a Digilent Genesys 2 board with an embedded Xilinx Kintex-7 FPGA, and a ZedBoard Zynq-7000 development board.Threat modeling, attack prediction, and proactive countermeasures will contribute to trust assurance in FPGA-as-a-Service systems. Benchmarks of malicious FPGA bitstreams are being developed for the evaluation of countermeasures. A web-based countermeasure-effectiveness assessment platform is being designed to assist researchers in evaluating the effectiveness of countermeasures and compare between different solutions. Collaborations are underway with partners in Intel and IBM. Research findings are being integrated in a new hardware security course and a new cybersecurity curriculum at the graduate level. High-school students from the North Carolina School of Science and Mathematics are being engaged in the ongoing research. All data related to this project are being disseminated through the DukeSpace repository, https://dukespace.lib.duke.edu/dspace/. DukeSpace is a digital collection that captures and preserve Duke’s intellectual output on a server operated by the University’s Library. Source code for testing, input/output files, and documentation will be released as the project matures. All data and software will be available in a Duke website (http://people.ee.duke.edu/~krish/), and this data will be available for 5 years after the project is completed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

商业云计算服务如今被广泛使用。云计算的进步使得现场可编程门阵列（FPGA）能够集成到高端平台中，以进行特定领域的定制。然而，这种FPGA即服务系统容易受到恶意攻击，需要采取对策来确保这些系统可以高保证地部署。今天的安全解决方案不足以满足下一代平台的需求，在下一代平台中，来自不同供应商的知识产权（IP）块集成在同一FPGA结构上;它们访问共享的计算资源，并合并来自潜在不可信来源的应用程序。本研究基于身份验证方法、信息流跟踪、影子逻辑、形式化方法和片上传感器监控的组合。利用机器学习检测恶意FPGA比特流。身份验证方法用于保护FPGA免受由于贪婪租户、任务重定向、任务隐藏和临时实例攻击而引起的拒绝服务攻击。影子逻辑和信息流跟踪用于保护FPGA和其他IP免受数据嗅探和数据修改攻击。评估使用的是一个带有嵌入式Xilinx Kintex-7 FPGA的Digilent Genesys 2开发板和一个ZedBoard Zynq-7000开发板。威胁建模、攻击预测和主动对策将有助于确保FPGA即服务系统的信任。正在开发恶意FPGA比特流的基准以评估对策。正在设计一个基于网络的反措施效果评估平台，以协助研究人员评估反措施的效果，并比较不同的解决方案。与英特尔和IBM的合作伙伴正在进行合作。研究结果正在被纳入一个新的硬件安全课程和一个新的网络安全课程在研究生一级。来自北卡罗来纳州科学和数学学院的高中生正在参与这项正在进行的研究。与该项目有关的所有数据都通过DukeSpace储存库https://dukespace.lib.duke.edu/dspace/传播。杜克空间是一个数字集合，捕捉和保存杜克的智力输出的服务器上运行的大学的图书馆。测试源代码、输入/输出文件和文档将在项目成熟时发布。所有的数据和软件将在杜克网站（http：//people.ee.duke.edu/dukrish/）上提供，这些数据将在项目完成后的5年内提供。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。

项目成果

Diagnosis of Malicious Bitstreams in Cloud Computing FPGAs*

云计算 FPGA 中的恶意比特流诊断*

• DOI: 10.1109/tcad.2023.3272268
• 发表时间: 2023
• 期刊: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
• 影响因子: 2.9
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu

Criticality Analysis of Ring Oscillators in FPGA Bitstreams *

FPGA 比特流中环形振荡器的关键性分析*

• DOI: 10.1109/ets56758.2023.10173861
• 发表时间: 2023
• 期刊: Prof. IEEE European Test Symposium
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu

Detection and Classification of Malicious Bitstreams for FPGAs in Cloud Computing

云计算中 FPGA 恶意比特流的检测和分类

• DOI: 10.1145/3566097.3568346
• 发表时间: 2023
• 期刊: Proc. Asia South Pacific Design Automation Conference
• 作者: Chaudhuri, Jayeeta;Chakrabarty, Krishnendu
• 通讯作者: Chakrabarty, Krishnendu