SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection

This paper proposes SafeDB: Spark Acceleration on FPGA Clouds with Enclaved Data Processing and Bitstream Protection. SafeDB provides a comprehensive and systematic hardware-based security framework from the bitstream protection to data confidentiality, especially for the cloud environment. The AES key shared between FPGA and client for the bitstream encryption is generated in hard-wired logic using PKI and ECC. The data security is assured by the enclaved processing with encrypted data, meaning that the encrypted data is processed inside the FPGA fabric. Thus, no one in the system is able to look into clients' data because plaintext data are not exposed to memory and/or memory-mapped space. SafeDB is resistant not only to the side channel attack but to the attacks from malicious insiders. We have constructed an 8-node cluster prototype with Zynq UltraScale+ FPGAs to demonstrate the security, performance, and practicability.

[1]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[3]  Yu Wang,et al.  FPMR: MapReduce framework on FPGA , 2010, FPGA '10.

[4]  Petros Zerfos,et al.  SDFS: Secure distributed file system for data-at-rest security for Hadoop-as-a-service , 2015, 2015 IEEE International Conference on Big Data (Big Data).

[5]  Jason Cong,et al.  When apache spark meets FPGAs: a case study for next-generation DNA sequencing acceleration , 2016, CloudCom 2016.

[6]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[7]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[8]  Jason Helge Anderson,et al.  A PUF design for secure FPGA-based embedded systems , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[9]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[10]  Vinod Kathail,et al.  SDSoC: A Higher-level Programming Environment for Zynq SoC and Ultrascale+ MPSoC , 2016, FPGA.

[11]  Jason Cong,et al.  When Spark Meets FPGAs: A Case Study for Next-Generation DNA Sequencing Acceleration , 2016, 2016 IEEE 24th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[12]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[13]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[14]  Raghid Morcel,et al.  FPGA-Based Accelerator for Deep Convolutional Neural Networks for the SPARK Environment , 2016, 2016 IEEE International Conference on Smart Cloud (SmartCloud).

[15]  Sagheer Ahmad,et al.  UltraScale+ MPSoC and FPGA families , 2015, 2015 IEEE Hot Chips 27 Symposium (HCS).

[16]  Rainer G. Spallek,et al.  Securing Virtualized FPGAs for an Untrusted Cloud , 2018 .

[17]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[18]  John Viega,et al.  19 deadly sins of software security : programming flaws and how to fix them , 2005 .