Abstract
While sharing FPGA logic in space and time improves hardware utilization and reduces the overall power consumption in FPGA-accelerated clouds, it also raises security concerns. Accelerators from different tenants running on the same FPGA can be exploited by malicious actors to launch attacks on co-hosted virtual machines, which puts cloud applications and the entire infrastructure at risk. In addition, FPGA-accelerated cloud applications typically rely on a combination of software and hardware components, some of which are provided by non-trusted sources. The software layer executes on CPUs, and the hardware functions run on FPGAs. This type of heterogeneous architecture provides an attack surface that can be exploited by malicious hardware or software processes to breach well-insulated users’ domains. This chapter explores hardware and software infrastructure used to enforce domain isolation and security at the system level in multi-tenant FPGA clouds. The approach we present leverages the Flux Advanced Security Kernel (FLASK) architecture to inherit security policies from software down to hardware accelerators on FPGAs where enforcement mechanisms are implemented. This approach has been prototyped and proven to enforce isolation between co-hosted user domains while incurring minimal communication and power consumption overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon (2017). Amazon EC2 F1 Instances.
ARM: TrustZone: SoC and CPU System-Wide Approach to Security. https://www.arm.com/en/technologies/trustzone-for-cortex-a
Asiatici, M., George, N., Vipin, K., Fahmy, S. A., & Ienne, P. (2017). Virtualized execution runtime for FPGA accelerators in the cloud. IEEE Access, 5, 1900–1910.
Azab, A. M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., Ma, J., & Shen, W. (2014). Hypervision across worlds: Real-time Kernel protection from the ARM TrustZone secure world. In ACM Conference on Computer and Communications Security.
Babu, A., Hareesh, M., Martin, J. P., Cherian, S., & Sastri, Y. (2014). System performance evaluation of para virtualization, container virtualization, and full virtualization using xen, openvz, and xenserver. In 2014 Fourth International Conference on Advances in Computing and Communications (pp. 247–250). IEEE.
Basak, A., Bhunia, S., & Ray, S. (2015). A flexible architecture for systematic implementation of SoC security policies. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, ICCAD ’15 (pp. 536–543), Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2840819.2840894
Bassham III, L. E., Rukhin, A. L., Soto, J., Nechvatal, J. R., Smid, M. E., Barker, E. B., Leigh, S. D., Levenson, M., Vangel, M., Banks, D. L., et al. (2010) SP 800-22 Rev. 1a. A statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards & Technology.
Baumann, A., Peinado, M., Hunt, G. C. (2014) Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems, 33(8), 1–8:26
Bobda, C., Mbongue, J. M., Chow, P., Ewais, M., Tarafdar, N., Vega, J. C., Eguro, K., Koch, D., Handagala, S., Leeser, M., et al. (2022) The future of FPGA acceleration in datacenters and the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 15(3), 1–42.
Bobda, C., Mead, J., Whitaker, T. J. L., Kamhoua, C. A., Kwiat, & K. A. (2017). Hardware sandboxing: A novel defense paradigm against hardware trojans in systems on chip. In Applied Reconfigurable Computing - 13th International Symposium, ARC 2017, Delft, The Netherlands, April 3–7, 2017, Proceedings (pp. 47–59). https://doi.org/10.1007/978-3-319-56258-2_5
Bobda, C., Whitaker, T. J. L., Kamhoua, C. A., Kwiat, K. A., & Njilla, L. (2017). Synthesis of hardware sandboxes for trojan mitigation in systems on chip. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2017, McLean, VA, USA, May 1–5, 2017 (p. 172). https://doi.org/10.1109/HST.2017.7951836
Bookstein, A., Kulyukin, V. A., & Raita, T. (2002) Generalized hamming distance. Information Retrieval, 5(4), 353–375.
Boule, M., & Zilic, Z. (2007). Efficient automata-based assertion-checker synthesis of SEREs for hardware emulation. In 2007 Asia and South Pacific Design Automation Conference (pp. 324–329). https://doi.org/10.1109/ASPDAC.2007.358006
De Alfaro, L., & Henzinger, T. A. (2001) Interface automata. SIGSOFT Software Engineering Notes, 26(5), 109–120. https://doi.org/10.1145/503271.503226. http://doi.acm.org/10.1145/503271.503226
Dong, Y., Yang, X., Li, J., Liao, G., Tian, K., & Guan, H. (2012). High performance network virtualization with SR-IOV. Journal of Parallel and Distributed Computing, 72(11), 1471–1480.
Drzevitzky, S. (2010). Proof-carrying hardware: Runtime formal verification for secure dynamic reconfiguration. In 2010 International Conference on Field Programmable Logic and Applicationspp. 255–258. https://doi.org/10.1109/FPL.2010.59
Drzevitzky, S., Kastens, U., & Platzner, M. (2009). Proof-carrying hardware: Towards runtime verification of reconfigurable modules. In 2009 International Conference on Reconfigurable Computing and FPGAs (pp. 189–194). https://doi.org/10.1109/ReConFig.2009.31
Elnaggar, R., Karri, R., & Chakrabarty, K. (2019). Multi-tenant FPGA-based reconfigurable systems: Attacks and defenses. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE) (pp. 7–12). IEEE.
Emmi, M., & Giannakopoulou Dimitra, C. S. (2008). Assume-guarantee verification for interface automata. In FM 2008: Formal Methods: 15th International Symposium on Formal Methods, Turku, Finland, May 26–30, 2008 Proceedings 15. Berlin: Springer.
Fahmy, S. A., Vipin, K., & Shreejith, S. (2015). Virtualized FPGA accelerators for efficient cloud computing. In 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom) (pp. 430–435). IEEE.
Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., & Williamson, M. (2004). Reconstructing I/O. Technical Report, University of Cambridge, Computer Laboratory.
Giechaskiel, I., Rasmussen, K. B., & Eguro, K. (2018). Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS ’18 (pp. 15–27). New York, NY, USA: ACM. https://doi.org/10.1145/3196494.3196518. http://doi.acm.org/10.1145/3196494.3196518
Glazberg, Z., Moulin, M., Orni, A., Ruah, S., & Zarpas, E. (2007). PSL: Beyond hardware verification. In Next Generation Design and Verification Methodologies for Distributed Embedded Control Systems: Proceedings of the GM R&D Workshop, Bangalore, India, January 2007. Springer Netherlands.
Goguen, J. A., & Meseguer, J. (1982). Security policies and security models. In 1982 IEEE Symposium on Security and Privacy (pp. 11–11). https://doi.org/10.1109/SP.1982.10014
Hategekimana, F., & Bobda, C. (2017). Towards the application of flask security architecture to SOC design: Work-in-progress. In Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion, CODES+ISSS 2017, Seoul, Republic of Korea, October 15–20, 2017 (pp. 12:1–12:2). https://doi.org/10.1145/3125502.3125558
Hategekimana, F., Mbongue, J. M., Pantho, M. J. H., & Bobda, C. (2018). Inheriting software security policies within hardware IP components. In 26th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2018, Boulder, CO, USA, April 29–May 1, 2018 (pp. 53–56). https://doi.org/10.1109/FCCM.2018.00017
Hategekimana, F., Mbongue, J. M., Pantho, M. J. H., & Bobda, C. (2018). Secure hardware kernels execution in CPU+ FPGA heterogeneous cloud. In 2018 International Conference on Field-Programmable Technology (FPT) (pp. 182–189). IEEE.
Hategekimana, F., Nardin, P., & Bobda, C. (2016). Hardware/software isolation and protection architecture for transparent security enforcement in networked devices. In IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2016, Pittsburgh, PA, USA, July 11–13, 2016 (pp. 140–145). https://doi.org/10.1109/ISVLSI.2016.32
Hategekimana, F., Tbatou, A., Bobda, C., Kamhoua, C., & Kwiat, K. (2015). Hardware isolation technique for IRC-based botnets detection. In International Conference on ReConFigurable Computing and FPGAs (ReConFig0́8) (Vol. 0). Cancun, Mexico: IEEE Computer Society.
Hategekimana, F., Whitaker, T., Pantho, M. J. H., & Bobda, C. (2017). Shielding non-trusted IPs in SoCs. In 2017 27th International Conference on Field Programmable Logic and Applications (FPL) (pp. 1–4). https://doi.org/10.23919/FPL.2017.8056848
Hategekimana, F., Whitaker, T. J. L., Pantho, M. J. H., & Bobda, C. (2017). Secure integration of non-trusted IPs in SoCs. In 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST) (pp. 103–108). https://doi.org/10.1109/AsianHOST.2017.8354003
Hennessy, J. L., & Patterson, D. A. (2011). Computer architecture: a quantitative approach. Elsevier.
Huffmire, T., Brotherton, B., Sherwood, T., Kastner, R., Levin, T., Nguyen, T. D., & Irvine, C. (2008). Managing security in FPGA-based embedded systems. IEEE Design Test of Computers, 25(6), 590–598. https://doi.org/10.1109/MDT.2008.166
Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., & Irvine, C. (2007). Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In 2007 IEEE Symposium on Security and Privacy (SP ’07) (pp. 281–295). https://doi.org/10.1109/SP.2007.28
Huffmire, T., Sherwood, T., Kastner, R., & Levin, T. (2008). Enforcing memory policy specifications in reconfigurable hardware. Computers & Security, 27(5–6), 197–215. https://doi.org/10.1016/j.cose.2008.05.002. http://dx.doi.org/10.1016/j.cose.2008.05.002
Li, X., Kashyap, V., Oberg, J. K., Tiwari, M., Rajarathinam, V. R., Kastner, R., Sherwood, T., Hardekopf, B., & Chong, F. T. (2014). Sapper: A language for hardware-level security policy enforcement. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’14 (pp. 97–112). New York, NY, USA: ACM. https://doi.org/10.1145/2541940.2541947. http://doi.acm.org/10.1145/2541940.2541947
Lind, J., Priebe, C., Muthukumaran, D., O’Keeffe, D., Aublin, P. L., Kelbert, F., Reiher, T., Goltzsche, D., Eyers, D., Kapitza, R., Fetzer, C., & Pietzuch, P. (2017). Glamdring: Automatic application partitioning for Intel SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17) (pp. 285–298). Santa Clara, CA, USA: USENIX Association. https://www.usenix.org/conference/atc17/technical-sessions/presentation/lind
Loscocco, P., & Smalley, S. (2001). Integrating flexible support for security policies into the linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (pp. 29–42). Berkeley, CA, USA: USENIX Association. http://dl.acm.org/citation.cfm?id=647054.715771
Mandebi Mbongue, J., Saha, S. K., & Bobda, C. (2021). Domain Isolation in FPGA-accelerated cloud and data center applications. In Proceedings of the 2021 on Great Lakes Symposium on VLSI (pp. 283–288).
Mavrogiannopoulos, N. (2021). Understanding the Red Hat Enterprise Linux random number generator interface. February 11, 2021 https://www.redhat.com/en/blog/understanding-red-hat-enterprise-linux-random-number-generator-interface
Mbongue, J. M., Hategekimana, F., Kwadjo, D. T., Andrews, D., & Bobda, C. (2018). FPGAVirt: A novel virtualization framework for FPGAs in the cloud. In 11th IEEE International Conference on Cloud Computing, CLOUD 2018, San Francisco, CA, USA, July 2–7, 2018 (pp. 862–865). https://doi.org/10.1109/CLOUD.2018.00122
Mbongue, J. M., Kwadjo, D. T., & Bobda, C. (2018). FLexiTASK: A flexible FPGA overlay for efficient multitasking. In Proceedings of the 2018 on Great Lakes Symposium on VLSI, GLSVLSI 2018, Chicago, IL, USA, May 23–25, 2018 (pp. 483–486). https://doi.org/10.1145/3194554.3194644. http://doi.acm.org/10.1145/3194554.3194644
Mbongue, J. M., Kwadjo, D. T., Shuping, A., & Bobda, C. (2021). Deploying multi-tenant FPGAs within linux-based cloud infrastructure. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 15(2), 1–31.
Mbongue, J. M., Saha, S. K., & Bobda, C. (2021). A security architecture for domain isolation in multi-tenant cloud FPGAs. In 2021 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (pp. 290–295). IEEE.
Mbongue, J. M., Shuping, A., Bhowmik, P., & Bobda, C. (2020). Architecture support for FPGA multi-tenancy in the cloud. In 2020 IEEE 31st International Conference on Application-Specific Systems, Architectures and Processors (ASAP) (pp. 125–132). IEEE.
Mead, J., Bobda, C., & Whitaker, T. J. L. (2016). Defeating drone jamming with hardware sandboxing. In 2016 IEEE Asian Hardware-Oriented Security and Trust, AsianHOST 2016, Yilan, Taiwan, December 19–20, 2016 (pp. 1–6). https://doi.org/10.1109/AsianHOST.2016.7835557
Mell, P., Grance, T., et al. (2011). The NIST Definition of Cloud Computing, Special Publication (NIST SP). National Institute of Standards and Technology, Gaithersburg, MD, USA.
Metzner, M., Lizarraga, J., & Bobda, C. (2015). Architecture virtualization for run-time hardware multithreading on field programmable gate arrays. In Applied Reconfigurable Computing - 11th International Symposium, ARC 2015, Bochum, Germany, April 13–17, 2015, Proceedings (pp. 167–178). https://doi.org/10.1007/978-3-319-16214-0_14. http://dx.doi.org/10.1007/978-3-319-16214-0_14
Nelson, M., Lim, B. H., Hutchins, G., et al. (2005). Fast transparent migration for virtual machines. In USENIX Annual Technical Conference, General Track (pp. 391–394).
Peeters, E. (2015). SoC security architecture: Current practices and emerging needs. In Proceedings of the 52Nd Annual Design Automation Conference, DAC ’15 (pp. 144:1–144:6). New York, NY, USA: ACM. https://doi.org/10.1145/2744769.2747943. http://doi.acm.org/10.1145/2744769.2747943
Putnam, A., Caulfield, A., Chung, E., Chiou, D., Constantinides, K., Demme, J., Esmaeilzadeh, H., Fowers, J., Gopal, G., Gray, J., Haselman, M., Hauck, S., Heil, S., Hormati, A., Kim, J. Y., Lanka, S., Larus, J., Peterson, E., Pope, S., Smith, A., Thong, J., Xiao, P., & Burger, D. (2014). A reconfigurable fabric for accelerating large-scale datacenter services. In 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA) (pp. 13–24). https://doi.org/10.1109/ISCA.2014.6853195
Ramesh, C., Patil, S. B., Dhanuskodi, S. N., George Provelengios, S. P., Holcomb, D., & Tessier, R. (2018). FPGA side channel attacks without physical access. In FCCM 2008. 26th International Symposium on Field-Programmable Custom Computing Machines.
Ray, S., & Jin, Y. (2015). Security policy enforcement in modern SoC designs. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, ICCAD ’15 (pp. 345–350). Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2840819.2840868
Sabt, M., Achemlal, M., & Bouabdallah, A. (2015). Trusted execution environment: What it is, and what it is not. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 57–64). https://doi.org/10.1109/Trustcom.2015.357
Saeed, A., Ahmadinia, A., Just, M., & Bobda, C. (2014). An ID and address protection unit for NoC based communication architectures. In Proceedings of the 7th International Conference on Security of Information and Networks, SIN ’14 (pp. 288:288–288:294). New York, NY, USA: ACM. https://doi.org/10.1145/2659651.2659719. http://doi.acm.org/10.1145/2659651.2659719
Saha, S. K., & Bobda, C. (2020). FPGA accelerated embedded system security through hardware isolation. In 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST) (pp. 1–6). IEEE.
Salot, P. (2013). A survey of various scheduling algorithm in cloud computing environment. International Journal of Research in Engineering and Technology, 2(2), 131–135.
Victor Costan, S. D. (2016). Intel SGX Explained.
Wiersema, T., Drzevitzky, S., & Platzner, M. (2014). Memory security in reconfigurable computers: Combining formal verification with monitoring. In 2014 International Conference on Field-Programmable Technology (FPT) (pp. 167–174). https://doi.org/10.1109/FPT.2014.7082771
Xilinx (2014). TrustZone Technology Support in Zynq-7000 All Programmable SoCs.
Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., & Fullagar, N. (2009). Native client: A sandbox for portable, untrusted x86 native code. In 2009 30th IEEE Symposium on Security and Privacy (pp. 79–93). https://doi.org/10.1109/SP.2009.25
Zhang, B., Wang, X., Lai, R., Yang, L., Luo, Y., Li, X., & Wang, Z. (2010). A survey on I/O virtualization and optimization. In 2010 Fifth Annual ChinaGrid Conference (ChinaGrid) (pp. 117–123). IEEE.
Zhang, F., Liu, G., Fu, X., & Yahyapour, R. (2018). A survey on virtual machine migration: Challenges, techniques, and open issues. IEEE Communications Surveys & Tutorials, 20(2), 1206–1243.
Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In 2018 IEEE Symposium on Security and Privacy (SP) (Vol. 00, pp. 839–854). https://doi.org/10.1109/SP.2018.00049. http://doi.org/doi.ieeecomputersociety.org/10.1109/SP.2018.00049
Acknowledgment
This work is partially funded by the National Science Foundation (NSF) under Grant CNS 2007320.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bobda, C., Mbongue, J.M., Saha, S.K., Ahmed, M.K. (2024). Domain Isolation and Access Control in Multi-tenant Cloud FPGAs. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-45395-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45394-6
Online ISBN: 978-3-031-45395-3
eBook Packages: EngineeringEngineering (R0)