Skip to main content
SpringerLink
Log in

Domain Isolation and Access Control in Multi-tenant Cloud FPGAs

  • Chapter
  • First Online:
Security of FPGA-Accelerated Cloud Computing Environments

  • 141 Accesses

Abstract

While sharing FPGA logic in space and time improves hardware utilization and reduces the overall power consumption in FPGA-accelerated clouds, it also raises security concerns. Accelerators from different tenants running on the same FPGA can be exploited by malicious actors to launch attacks on co-hosted virtual machines, which puts cloud applications and the entire infrastructure at risk. In addition, FPGA-accelerated cloud applications typically rely on a combination of software and hardware components, some of which are provided by non-trusted sources. The software layer executes on CPUs, and the hardware functions run on FPGAs. This type of heterogeneous architecture provides an attack surface that can be exploited by malicious hardware or software processes to breach well-insulated users’ domains. This chapter explores hardware and software infrastructure used to enforce domain isolation and security at the system level in multi-tenant FPGA clouds. The approach we present leverages the Flux Advanced Security Kernel (FLASK) architecture to inherit security policies from software down to hardware accelerators on FPGAs where enforcement mechanisms are implemented. This approach has been prototyped and proven to enforce isolation between co-hosted user domains while incurring minimal communication and power consumption overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amazon (2017). Amazon EC2 F1 Instances.

    Google Scholar 

  2. ARM: TrustZone: SoC and CPU System-Wide Approach to Security. https://www.arm.com/en/technologies/trustzone-for-cortex-a

  3. Asiatici, M., George, N., Vipin, K., Fahmy, S. A., & Ienne, P. (2017). Virtualized execution runtime for FPGA accelerators in the cloud. IEEE Access, 5, 1900–1910.

    Article  Google Scholar 

  4. Azab, A. M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., Ma, J., & Shen, W. (2014). Hypervision across worlds: Real-time Kernel protection from the ARM TrustZone secure world. In ACM Conference on Computer and Communications Security.

    Google Scholar 

  5. Babu, A., Hareesh, M., Martin, J. P., Cherian, S., & Sastri, Y. (2014). System performance evaluation of para virtualization, container virtualization, and full virtualization using xen, openvz, and xenserver. In 2014 Fourth International Conference on Advances in Computing and Communications (pp. 247–250). IEEE.

    Google Scholar 

  6. Basak, A., Bhunia, S., & Ray, S. (2015). A flexible architecture for systematic implementation of SoC security policies. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, ICCAD ’15 (pp. 536–543), Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2840819.2840894

    Google Scholar 

  7. Bassham III, L. E., Rukhin, A. L., Soto, J., Nechvatal, J. R., Smid, M. E., Barker, E. B., Leigh, S. D., Levenson, M., Vangel, M., Banks, D. L., et al. (2010) SP 800-22 Rev. 1a. A statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards & Technology.

    Google Scholar 

  8. Baumann, A., Peinado, M., Hunt, G. C. (2014) Shielding applications from an untrusted cloud with haven. ACM Transactions on Computer Systems, 33(8), 1–8:26

    Google Scholar 

  9. Bobda, C., Mbongue, J. M., Chow, P., Ewais, M., Tarafdar, N., Vega, J. C., Eguro, K., Koch, D., Handagala, S., Leeser, M., et al. (2022) The future of FPGA acceleration in datacenters and the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 15(3), 1–42.

    Article  Google Scholar 

  10. Bobda, C., Mead, J., Whitaker, T. J. L., Kamhoua, C. A., Kwiat, & K. A. (2017). Hardware sandboxing: A novel defense paradigm against hardware trojans in systems on chip. In Applied Reconfigurable Computing - 13th International Symposium, ARC 2017, Delft, The Netherlands, April 3–7, 2017, Proceedings (pp. 47–59). https://doi.org/10.1007/978-3-319-56258-2_5

  11. Bobda, C., Whitaker, T. J. L., Kamhoua, C. A., Kwiat, K. A., & Njilla, L. (2017). Synthesis of hardware sandboxes for trojan mitigation in systems on chip. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2017, McLean, VA, USA, May 1–5, 2017 (p. 172). https://doi.org/10.1109/HST.2017.7951836

  12. Bookstein, A., Kulyukin, V. A., & Raita, T. (2002) Generalized hamming distance. Information Retrieval, 5(4), 353–375.

    Article  Google Scholar 

  13. Boule, M., & Zilic, Z. (2007). Efficient automata-based assertion-checker synthesis of SEREs for hardware emulation. In 2007 Asia and South Pacific Design Automation Conference (pp. 324–329). https://doi.org/10.1109/ASPDAC.2007.358006

  14. De Alfaro, L., & Henzinger, T. A. (2001) Interface automata. SIGSOFT Software Engineering Notes, 26(5), 109–120. https://doi.org/10.1145/503271.503226. http://doi.acm.org/10.1145/503271.503226

  15. Dong, Y., Yang, X., Li, J., Liao, G., Tian, K., & Guan, H. (2012). High performance network virtualization with SR-IOV. Journal of Parallel and Distributed Computing, 72(11), 1471–1480.

    Article  Google Scholar 

  16. Drzevitzky, S. (2010). Proof-carrying hardware: Runtime formal verification for secure dynamic reconfiguration. In 2010 International Conference on Field Programmable Logic and Applicationspp. 255–258. https://doi.org/10.1109/FPL.2010.59

  17. Drzevitzky, S., Kastens, U., & Platzner, M. (2009). Proof-carrying hardware: Towards runtime verification of reconfigurable modules. In 2009 International Conference on Reconfigurable Computing and FPGAs (pp. 189–194). https://doi.org/10.1109/ReConFig.2009.31

  18. Elnaggar, R., Karri, R., & Chakrabarty, K. (2019). Multi-tenant FPGA-based reconfigurable systems: Attacks and defenses. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE) (pp. 7–12). IEEE.

    Google Scholar 

  19. Emmi, M., & Giannakopoulou Dimitra, C. S. (2008). Assume-guarantee verification for interface automata. In FM 2008: Formal Methods: 15th International Symposium on Formal Methods, Turku, Finland, May 26–30, 2008 Proceedings 15. Berlin: Springer.

    Google Scholar 

  20. Fahmy, S. A., Vipin, K., & Shreejith, S. (2015). Virtualized FPGA accelerators for efficient cloud computing. In 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom) (pp. 430–435). IEEE.

    Google Scholar 

  21. Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., & Williamson, M. (2004). Reconstructing I/O. Technical Report, University of Cambridge, Computer Laboratory.

    Google Scholar 

  22. Giechaskiel, I., Rasmussen, K. B., & Eguro, K. (2018). Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS ’18 (pp. 15–27). New York, NY, USA: ACM. https://doi.org/10.1145/3196494.3196518. http://doi.acm.org/10.1145/3196494.3196518

  23. Glazberg, Z., Moulin, M., Orni, A., Ruah, S., & Zarpas, E. (2007). PSL: Beyond hardware verification. In Next Generation Design and Verification Methodologies for Distributed Embedded Control Systems: Proceedings of the GM R&D Workshop, Bangalore, India, January 2007. Springer Netherlands.

    Google Scholar 

  24. Goguen, J. A., & Meseguer, J. (1982). Security policies and security models. In 1982 IEEE Symposium on Security and Privacy (pp. 11–11). https://doi.org/10.1109/SP.1982.10014

  25. Hategekimana, F., & Bobda, C. (2017). Towards the application of flask security architecture to SOC design: Work-in-progress. In Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion, CODES+ISSS 2017, Seoul, Republic of Korea, October 15–20, 2017 (pp. 12:1–12:2). https://doi.org/10.1145/3125502.3125558

  26. Hategekimana, F., Mbongue, J. M., Pantho, M. J. H., & Bobda, C. (2018). Inheriting software security policies within hardware IP components. In 26th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2018, Boulder, CO, USA, April 29–May 1, 2018 (pp. 53–56). https://doi.org/10.1109/FCCM.2018.00017

  27. Hategekimana, F., Mbongue, J. M., Pantho, M. J. H., & Bobda, C. (2018). Secure hardware kernels execution in CPU+ FPGA heterogeneous cloud. In 2018 International Conference on Field-Programmable Technology (FPT) (pp. 182–189). IEEE.

    Google Scholar 

  28. Hategekimana, F., Nardin, P., & Bobda, C. (2016). Hardware/software isolation and protection architecture for transparent security enforcement in networked devices. In IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2016, Pittsburgh, PA, USA, July 11–13, 2016 (pp. 140–145). https://doi.org/10.1109/ISVLSI.2016.32

  29. Hategekimana, F., Tbatou, A., Bobda, C., Kamhoua, C., & Kwiat, K. (2015). Hardware isolation technique for IRC-based botnets detection. In International Conference on ReConFigurable Computing and FPGAs (ReConFig0́8) (Vol. 0). Cancun, Mexico: IEEE Computer Society.

    Google Scholar 

  30. Hategekimana, F., Whitaker, T., Pantho, M. J. H., & Bobda, C. (2017). Shielding non-trusted IPs in SoCs. In 2017 27th International Conference on Field Programmable Logic and Applications (FPL) (pp. 1–4). https://doi.org/10.23919/FPL.2017.8056848

  31. Hategekimana, F., Whitaker, T. J. L., Pantho, M. J. H., & Bobda, C. (2017). Secure integration of non-trusted IPs in SoCs. In 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST) (pp. 103–108). https://doi.org/10.1109/AsianHOST.2017.8354003

  32. Hennessy, J. L., & Patterson, D. A. (2011). Computer architecture: a quantitative approach. Elsevier.

    Google Scholar 

  33. Huffmire, T., Brotherton, B., Sherwood, T., Kastner, R., Levin, T., Nguyen, T. D., & Irvine, C. (2008). Managing security in FPGA-based embedded systems. IEEE Design Test of Computers, 25(6), 590–598. https://doi.org/10.1109/MDT.2008.166

    Article  Google Scholar 

  34. Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., & Irvine, C. (2007). Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In 2007 IEEE Symposium on Security and Privacy (SP ’07) (pp. 281–295). https://doi.org/10.1109/SP.2007.28

  35. Huffmire, T., Sherwood, T., Kastner, R., & Levin, T. (2008). Enforcing memory policy specifications in reconfigurable hardware. Computers & Security, 27(5–6), 197–215. https://doi.org/10.1016/j.cose.2008.05.002. http://dx.doi.org/10.1016/j.cose.2008.05.002

  36. Li, X., Kashyap, V., Oberg, J. K., Tiwari, M., Rajarathinam, V. R., Kastner, R., Sherwood, T., Hardekopf, B., & Chong, F. T. (2014). Sapper: A language for hardware-level security policy enforcement. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’14 (pp. 97–112). New York, NY, USA: ACM. https://doi.org/10.1145/2541940.2541947. http://doi.acm.org/10.1145/2541940.2541947

  37. Lind, J., Priebe, C., Muthukumaran, D., O’Keeffe, D., Aublin, P. L., Kelbert, F., Reiher, T., Goltzsche, D., Eyers, D., Kapitza, R., Fetzer, C., & Pietzuch, P. (2017). Glamdring: Automatic application partitioning for Intel SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17) (pp. 285–298). Santa Clara, CA, USA: USENIX Association. https://www.usenix.org/conference/atc17/technical-sessions/presentation/lind

    Google Scholar 

  38. Loscocco, P., & Smalley, S. (2001). Integrating flexible support for security policies into the linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (pp. 29–42). Berkeley, CA, USA: USENIX Association. http://dl.acm.org/citation.cfm?id=647054.715771

    Google Scholar 

  39. Mandebi Mbongue, J., Saha, S. K., & Bobda, C. (2021). Domain Isolation in FPGA-accelerated cloud and data center applications. In Proceedings of the 2021 on Great Lakes Symposium on VLSI (pp. 283–288).

    Google Scholar 

  40. Mavrogiannopoulos, N. (2021). Understanding the Red Hat Enterprise Linux random number generator interface. February 11, 2021 https://www.redhat.com/en/blog/understanding-red-hat-enterprise-linux-random-number-generator-interface

    Google Scholar 

  41. Mbongue, J. M., Hategekimana, F., Kwadjo, D. T., Andrews, D., & Bobda, C. (2018). FPGAVirt: A novel virtualization framework for FPGAs in the cloud. In 11th IEEE International Conference on Cloud Computing, CLOUD 2018, San Francisco, CA, USA, July 2–7, 2018 (pp. 862–865). https://doi.org/10.1109/CLOUD.2018.00122

  42. Mbongue, J. M., Kwadjo, D. T., & Bobda, C. (2018). FLexiTASK: A flexible FPGA overlay for efficient multitasking. In Proceedings of the 2018 on Great Lakes Symposium on VLSI, GLSVLSI 2018, Chicago, IL, USA, May 23–25, 2018 (pp. 483–486). https://doi.org/10.1145/3194554.3194644. http://doi.acm.org/10.1145/3194554.3194644

  43. Mbongue, J. M., Kwadjo, D. T., Shuping, A., & Bobda, C. (2021). Deploying multi-tenant FPGAs within linux-based cloud infrastructure. ACM Transactions on Reconfigurable Technology and Systems (TRETS), 15(2), 1–31.

    Google Scholar 

  44. Mbongue, J. M., Saha, S. K., & Bobda, C. (2021). A security architecture for domain isolation in multi-tenant cloud FPGAs. In 2021 IEEE Computer Society Annual Symposium on VLSI (ISVLSI) (pp. 290–295). IEEE.

    Google Scholar 

  45. Mbongue, J. M., Shuping, A., Bhowmik, P., & Bobda, C. (2020). Architecture support for FPGA multi-tenancy in the cloud. In 2020 IEEE 31st International Conference on Application-Specific Systems, Architectures and Processors (ASAP) (pp. 125–132). IEEE.

    Google Scholar 

  46. Mead, J., Bobda, C., & Whitaker, T. J. L. (2016). Defeating drone jamming with hardware sandboxing. In 2016 IEEE Asian Hardware-Oriented Security and Trust, AsianHOST 2016, Yilan, Taiwan, December 19–20, 2016 (pp. 1–6). https://doi.org/10.1109/AsianHOST.2016.7835557

  47. Mell, P., Grance, T., et al. (2011). The NIST Definition of Cloud Computing, Special Publication (NIST SP). National Institute of Standards and Technology, Gaithersburg, MD, USA.

    Google Scholar 

  48. Metzner, M., Lizarraga, J., & Bobda, C. (2015). Architecture virtualization for run-time hardware multithreading on field programmable gate arrays. In Applied Reconfigurable Computing - 11th International Symposium, ARC 2015, Bochum, Germany, April 13–17, 2015, Proceedings (pp. 167–178). https://doi.org/10.1007/978-3-319-16214-0_14. http://dx.doi.org/10.1007/978-3-319-16214-0_14

  49. Nelson, M., Lim, B. H., Hutchins, G., et al. (2005). Fast transparent migration for virtual machines. In USENIX Annual Technical Conference, General Track (pp. 391–394).

    Google Scholar 

  50. Peeters, E. (2015). SoC security architecture: Current practices and emerging needs. In Proceedings of the 52Nd Annual Design Automation Conference, DAC ’15 (pp. 144:1–144:6). New York, NY, USA: ACM. https://doi.org/10.1145/2744769.2747943. http://doi.acm.org/10.1145/2744769.2747943

  51. Putnam, A., Caulfield, A., Chung, E., Chiou, D., Constantinides, K., Demme, J., Esmaeilzadeh, H., Fowers, J., Gopal, G., Gray, J., Haselman, M., Hauck, S., Heil, S., Hormati, A., Kim, J. Y., Lanka, S., Larus, J., Peterson, E., Pope, S., Smith, A., Thong, J., Xiao, P., & Burger, D. (2014). A reconfigurable fabric for accelerating large-scale datacenter services. In 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA) (pp. 13–24). https://doi.org/10.1109/ISCA.2014.6853195

  52. Ramesh, C., Patil, S. B., Dhanuskodi, S. N., George Provelengios, S. P., Holcomb, D., & Tessier, R. (2018). FPGA side channel attacks without physical access. In FCCM 2008. 26th International Symposium on Field-Programmable Custom Computing Machines.

    Google Scholar 

  53. Ray, S., & Jin, Y. (2015). Security policy enforcement in modern SoC designs. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, ICCAD ’15 (pp. 345–350). Piscataway, NJ, USA: IEEE Press. http://dl.acm.org/citation.cfm?id=2840819.2840868

    Google Scholar 

  54. Sabt, M., Achemlal, M., & Bouabdallah, A. (2015). Trusted execution environment: What it is, and what it is not. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 57–64). https://doi.org/10.1109/Trustcom.2015.357

  55. Saeed, A., Ahmadinia, A., Just, M., & Bobda, C. (2014). An ID and address protection unit for NoC based communication architectures. In Proceedings of the 7th International Conference on Security of Information and Networks, SIN ’14 (pp. 288:288–288:294). New York, NY, USA: ACM. https://doi.org/10.1145/2659651.2659719. http://doi.acm.org/10.1145/2659651.2659719

  56. Saha, S. K., & Bobda, C. (2020). FPGA accelerated embedded system security through hardware isolation. In 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST) (pp. 1–6). IEEE.

    Google Scholar 

  57. Salot, P. (2013). A survey of various scheduling algorithm in cloud computing environment. International Journal of Research in Engineering and Technology, 2(2), 131–135.

    Article  Google Scholar 

  58. Victor Costan, S. D. (2016). Intel SGX Explained.

    Google Scholar 

  59. Wiersema, T., Drzevitzky, S., & Platzner, M. (2014). Memory security in reconfigurable computers: Combining formal verification with monitoring. In 2014 International Conference on Field-Programmable Technology (FPT) (pp. 167–174). https://doi.org/10.1109/FPT.2014.7082771

  60. Xilinx (2014). TrustZone Technology Support in Zynq-7000 All Programmable SoCs.

    Google Scholar 

  61. Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., & Fullagar, N. (2009). Native client: A sandbox for portable, untrusted x86 native code. In 2009 30th IEEE Symposium on Security and Privacy (pp. 79–93). https://doi.org/10.1109/SP.2009.25

  62. Zhang, B., Wang, X., Lai, R., Yang, L., Luo, Y., Li, X., & Wang, Z. (2010). A survey on I/O virtualization and optimization. In 2010 Fifth Annual ChinaGrid Conference (ChinaGrid) (pp. 117–123). IEEE.

    Google Scholar 

  63. Zhang, F., Liu, G., Fu, X., & Yahyapour, R. (2018). A survey on virtual machine migration: Challenges, techniques, and open issues. IEEE Communications Surveys & Tutorials, 20(2), 1206–1243.

    Article  Google Scholar 

  64. Zhao, M., & Suh, G. E. (2018). FPGA-based remote power side-channel attacks. In 2018 IEEE Symposium on Security and Privacy (SP) (Vol. 00, pp. 839–854). https://doi.org/10.1109/SP.2018.00049. http://doi.org/doi.ieeecomputersociety.org/10.1109/SP.2018.00049

Download references

Acknowledgment

This work is partially funded by the National Science Foundation (NSF) under Grant CNS 2007320.

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA

    Christophe Bobda, Joel Mandebi Mbongue, Sujan Kumar Saha & Muhammed Kawser Ahmed

Authors
  1. Christophe Bobda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joel Mandebi Mbongue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sujan Kumar Saha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammed Kawser Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christophe Bobda .

Editor information

Editors and Affiliations

  1. Yale University, New Haven, CT, USA

    Jakub Szefer

  2. University of Massachusetts Amherst, Amherst, MA, USA

    Russell Tessier

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bobda, C., Mbongue, J.M., Saha, S.K., Ahmed, M.K. (2024). Domain Isolation and Access Control in Multi-tenant Cloud FPGAs. In: Szefer, J., Tessier, R. (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. https://doi.org/10.1007/978-3-031-45395-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-45395-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-45394-6

  • Online ISBN: 978-3-031-45395-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation