FPGAs are currently becoming increasingly popular as flexibly programmable computing accelerators in cloud servers for applications such as artificial intelligence (AI), big data analysis or online search. To enable easy and efficient exchange of big data for these new applications and usage mechanisms in the cloud, manufacturers are integrating FPGAs ever closer to the existing software and CPU infrastructure.
Cloud operators are already offering FPGAs for rent on their shared server platforms. This tight integration of FPGAs to the classic CPU systems in the cloud infrastructure is leading to an increasing share of platform sharing. However, FPGAs are not currently shared due to security concerns. Shared FPGA-based services and true multi-user usage for FPGAs - which is standard for server-based platforms - are highly desirable functionalities, as sharing offers maximum flexibility, performance, and reduced cost. Consequently, the investigation of technologies for secure sharing of FPGAs is essential for FPGA technology, which is becoming increasingly close to CPU systems.
The goal of this project is to provide new security mechanisms for securely sharing FPGAs in the cloud. We will investigate security issues and countermeasures for combined CPU-FPGA platforms whose CPUs as well as FPGAs are shared by multiple processes and users. We plan to conduct an extensive analysis of the new combined architecture in terms of new risks posed by the tight binding of CPU and FPGA and their shared operation at electrical, logical, and microarchitectural levels. To prevent these security threats at the electrical and logical levels, we will investigate new countermeasures based on a combination of static checks and dynamic detection and protection. This project will have a transformative impact on the entire reconfigurable hardware and secure microarchitecture community, paving the way for flexible and secure sharing of combined CPU-FPGA systems in the cloud. As a team with complementary skill sets, we will pioneer the emerging field of hardware security at a critical time in the ever-advancing proliferation of these technologies.
This project is funded by Deutsche Forschungsgemeinschaft (DFG).
Contact
Universität zu Lübeck:
Prof. Dr.-Ing. Thomas Eisenbarth
Thore Tiemann
Ruhr-Universität Bochum:
Karsruhe Institut für Technologie: