The Costs of Confidentiality in Virtualized FPGAs

Some modern datacenters are augmenting their compute infrastructure by deploying field-programmable gate arrays (FPGAs) to provide users with specialized accelerators that offer superior compute capability, increased energy efficiency, lower latency, and more programming flexibility than CPUs. However, the higher programming flexibility of FPGAs also gives more capabilities to malicious users to remotely sniff data from other applications running on the same FPGA. This has created a challenge for efficient utilization of FPGAs in datacenters: FPGAs in datacenters are currently not shared between users due to potential security risks. In this paper, we propose different techniques to defeat data-sniffing attacks in datacenter FPGAs by encrypting/decrypting the user application’s data. We describe techniques that are appropriate to different trust levels and rigorously evaluate the costs of these data confidentiality techniques in current virtualized FPGAs. In addition, for each trust level, we propose an architectural change to the FPGA to mitigate the costs of providing data confidentiality. We also investigate the role of interconnect in these architectural changes and demonstrate that more efficient security features can be implemented together with the interconnect if the FPGAs use a hard network on chip.

[1]  Yu Zhang,et al.  Enabling FPGAs in the cloud , 2014, Conf. Computing Frontiers.

[2]  William J. Dally,et al.  Principles and Practices of Interconnection Networks , 2004 .

[3]  Eric S. Chung,et al.  A Configurable Cloud-Scale DNN Processor for Real-Time AI , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[4]  Vaughn Betz,et al.  Quantifying and mitigating the costs of FPGA virtualization , 2017, 2017 27th International Conference on Field Programmable Logic and Applications (FPL).

[5]  Vaughn Betz,et al.  LYNX: CAD for FPGA-based networks-on-chip , 2016, 2016 26th International Conference on Field Programmable Logic and Applications (FPL).

[6]  Christoph Hagleitner,et al.  Network-attached FPGAs for data center applications , 2016, 2016 International Conference on Field-Programmable Technology (FPT).

[7]  Yongqiang Xiong,et al.  The Feniks FPGA Operating System for Cloud Computing , 2017, APSys.

[8]  J. Gregory Steffan,et al.  Maximizing speed and density of tiled FPGA overlays via partitioning , 2013, 2013 International Conference on Field-Programmable Technology (FPT).

[9]  Paolo Ienne,et al.  Virtualized Execution Runtime for FPGA Accelerators in the Cloud , 2017, IEEE Access.

[10]  Vaughn Betz,et al.  Improving Confidentiality in Virtualized FPGAs , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[11]  Vaughn Betz,et al.  Interconnect Solutions for Virtualized Field-Programmable Gate Arrays , 2018, IEEE Access.

[12]  Vaughn Betz,et al.  COFFE 2: Automatic Modelling and Optimization of Complex and Heterogeneous FPGA Architectures , 2019, TRETS.

[13]  Joel-Ahmed M. Mondol Cloud security solutions using FPGA , 2011, Proceedings of 2011 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[14]  Weidong Shi,et al.  END-TO-END BIG DATA PROCESSING PROTECTION IN CLOUD ENVIRONMENT USING BLACK BOXES - AN FPGA APPROACH , 2014, CloudCom 2014.

[15]  Rainer G. Spallek,et al.  RC3E: Reconfigurable Accelerators in Data Centres and Their Provision by Adapted Service Models , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[16]  Randy H. Katz,et al.  FireSim: FPGA-Accelerated Cycle-Exact Scale-Out System Simulation in the Public Cloud , 2019, IEEE Micro.

[17]  Alberto Leon-Garcia,et al.  FPGAs in the Cloud: Booting Virtualized Hardware Accelerators with OpenStack , 2014, 2014 IEEE 22nd Annual International Symposium on Field-Programmable Custom Computing Machines.

[18]  Alberto Leon-Garcia,et al.  Enabling Flexible Network FPGA Clusters in a Heterogeneous Cloud Data Center , 2017, FPGA.

[19]  Varun Sharma,et al.  Galapagos: A Full Stack Approach to FPGA Integration in the Cloud , 2018, IEEE Micro.

[20]  Vaughn Betz,et al.  Comparing performance, productivity and scalability of the TILT overlay processor to OpenCL HLS , 2014, 2014 International Conference on Field-Programmable Technology (FPT).

[21]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[22]  Daniel E. Holcomb,et al.  FPGA Side Channel Attacks without Physical Access , 2018, 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[23]  Martin Langhammer,et al.  Floating-Point DSP Block Architecture for FPGAs , 2015, FPGA.

[24]  Weidong Shi,et al.  PFC: Privacy Preserving FPGA Cloud - A Case Study of MapReduce , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[25]  Kizheppatt Vipin,et al.  Virtualized FPGA Accelerators for Efficient Cloud Computing , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[26]  Vaughn Betz,et al.  Automatic circuit design and modelling for heterogeneous FPGAs , 2017, 2017 International Conference on Field Programmable Technology (ICFPT).

[27]  Daniel E. Holcomb,et al.  Characterization of Long Wire Data Leakage in Deep Submicron FPGAs , 2019, FPGA.

[28]  Hari Angepat,et al.  A cloud-scale acceleration architecture , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[29]  Vaughn Betz,et al.  The Case for Embedded Networks on Chip on Field-Programmable Gate Arrays , 2014, IEEE Micro.