{"title":"Security of FPGAs in data centers","authors":"S. Trimberger, Steve McNeil","doi":"10.1109/IVSW.2017.8031556","DOIUrl":null,"url":null,"abstract":"Recent deployments of FPGAs as compute resources in data centers have raised security concerns. One concern is how to prevent user-deployed logic in the FPGA from accessing privileged data such as physical addresses or raw network traffic. Addressing this issue uses the concept of ‘privileged’ mode FPGA logic that is kept separate from ‘user’ mode logic. Logical separation can be achieved with design restrictions, physical separation gives a stronger security guarantee. Physical separation can be implemented and enforced using the Xilinx Isolation Design Flow to isolate privileged shell logic from user application logic. A second security concern is the detection and handling of undesirable behavior of user logic. This undesirable behavior includes generation of current spikes, consumption of excessive power or overheating the FPGA or the system. These conditions can be addressed by design checking, and a thorough run-time solution leverages anti-tamper functionality in the FPGA that activates user logic to disable functions when voltage or temperature exceeds preset limits. A third concern is the need to ensure FPGA logic only changes when desired. This concern is addressed using both hard logic and IP that together ensure and verify that the programmable logic does not change during operation.","PeriodicalId":184196,"journal":{"name":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 2nd International Verification and Security Workshop (IVSW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IVSW.2017.8031556","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26
Abstract
Recent deployments of FPGAs as compute resources in data centers have raised security concerns. One concern is how to prevent user-deployed logic in the FPGA from accessing privileged data such as physical addresses or raw network traffic. Addressing this issue uses the concept of ‘privileged’ mode FPGA logic that is kept separate from ‘user’ mode logic. Logical separation can be achieved with design restrictions, physical separation gives a stronger security guarantee. Physical separation can be implemented and enforced using the Xilinx Isolation Design Flow to isolate privileged shell logic from user application logic. A second security concern is the detection and handling of undesirable behavior of user logic. This undesirable behavior includes generation of current spikes, consumption of excessive power or overheating the FPGA or the system. These conditions can be addressed by design checking, and a thorough run-time solution leverages anti-tamper functionality in the FPGA that activates user logic to disable functions when voltage or temperature exceeds preset limits. A third concern is the need to ensure FPGA logic only changes when desired. This concern is addressed using both hard logic and IP that together ensure and verify that the programmable logic does not change during operation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
