research-article

Domain Isolation in FPGA-Accelerated Cloud and Data Center Applications

Authors:

Joel Mandebi Mbongue,

Sujan Kumar Saha,

Christophe BobdaAuthors Info & Claims

GLSVLSI '21: Proceedings of the 2021 Great Lakes Symposium on VLSI

Pages 283 - 288

https://doi.org/10.1145/3453688.3461527

Published: 22 June 2021 Publication History

Get Access

Abstract

Cloud and data center applications increasingly leverage FPGAs because of their performance/watt benefits and flexibility advantages over traditional processing cores such as CPUs and GPUs. As the rising demand for hardware acceleration gradually leads to FPGA multi-tenancy in the cloud, there are rising concerns about the security challenges posed by FPGA virtualization. Exposing space-shared FPGAs to multiple cloud tenants may compromise the confidentiality, integrity, and availability of FPGA-accelerated applications. In this work, we present a hardware/software architecture for domain isolation in FPGA-accelerated clouds and data centers with a focus on software-based attacks aiming at unauthorized access and information leakage. Our proposed architecture implements Mandatory Access Control security policies from software down to the hardware accelerators on FPGA. Our experiments demonstrate that the proposed architecture protects against such attacks with minimal area and communication overhead.

Supplemental Material

MP4 File

This presentation summarizes the work presented in the paper titled "Domain Isolation in FPGA-Accelerated Cloud and Data Center Applications".

Download
9.43 MB

References

[1]

Lawrence E Bassham III, Andrew L Rukhin, Juan Soto, James R Nechvatal, Miles E Smid, Elaine B Barker, Stefan D Leigh, Mark Levenson, Mark Vangel, David L Banks, et al. 2010. Sp 800-22 rev. 1a. a statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards & Technology.

Google Scholar

[2]

Abraham Bookstein, Vladimir A Kulyukin, and Timo Raita. 2002. Generalized hamming distance. Information Retrieval, Vol. 5, 4 (2002), 353--375.

Digital Library

Google Scholar

[3]

Festus Hategekimana, Joel Mandebi Mbongue, Md Jubaer Hossain Pantho, and Christophe Bobda. 2018a. Inheriting software security policies within hardware ip components. In 2018 IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). IEEE, 53--56.

Crossref

Google Scholar

[4]

Festus Hategekimana, Joel Mandebi Mbongue, Md Jubaer Hossain Pantho, and Christophe Bobda. 2018b. Secure Hardware Kernels Execution in CPU FPGA Heterogeneous Cloud. In 2018 International Conference on Field-Programmable Technology (FPT). IEEE, 182--189.

Google Scholar

[5]

Chenglu Jin, Vasudev Gohil, Ramesh Karri, and Jeyavijayan Rajendran. 2020. Security of cloud FPGAs: A survey. arXiv preprint arXiv:2005.04867 (2020).

Google Scholar

[6]

Yukui Luo and Xiaolin Xu. 2019. Hill: A hardware isolation framework against information leakage on multi-tenant fpga long-wires. In 2019 International Conference on Field-Programmable Technology (ICFPT). IEEE, 331--334.

Crossref

Google Scholar

[7]

Nikos Mavrogiannopoulos. 2019. Understanding the Red Hat Enterprise Linux random number generator interface. retrieved February 11, 2021 https://www.redhat.com/en/blog/understanding-red-hat-enterprise-linux-random-number-generator-interface.

Google Scholar

[8]

Yoshihiro Oyama, Tran Truong Duc Giang, Yosuke Chubachi, Takahiro Shinagawa, and Kazuhiko Kato. 2012. Detecting malware signatures in a thin hypervisor. In Proceedings of the 27th Annual ACM Symposium on Applied Computing. 1807--1814.

Digital Library

Google Scholar

[9]

David Pellerin. 2016. Amazon EC2 F1 Instances. retrieved July 14, 2020 from https://aws.amazon.com/ec2/instance-types/f1/.

Google Scholar

[10]

Sujan Kumar Saha and Christophe Bobda. 2020. FPGA Accelerated Embedded System Security Through Hardware Isolation. In 2020 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). IEEE, 1--6.

Google Scholar

[11]

Ashish Singh and Kakali Chatterjee. 2017. Cloud security issues and challenges: A survey. Journal of Network and Computer Applications, Vol. 79 (2017), 88--115.

Digital Library

Google Scholar

[12]

TACC. 2019. A Reconfigurable Architecture for Large Scale Machine Learning. retrieved February 17, 2021 from https://www.tacc.utexas.edu/systems/catapult.

Google Scholar

[13]

Shanquan Tian, Wenjie Xiong, Ilias Giechaskiel, Kasper Rasmussen, and Jakub Szefer. 2020. Fingerprinting cloud FPGA infrastructures. In Proceedings of the 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays. 58--64.

Digital Library

Google Scholar

Cited By

View all

Wulf CPertuz SGöhringer D(2024)Hardware-level Access Control and Scheduling of Shared Hardware Accelerators2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00044(274-281)Online publication date: 28-Aug-2024
https://doi.org/10.1109/DSD64264.2024.00044
Braeken Ada Silva BSegers LKnödtel JReichenbach MWulf CPertuz SGöhringer DVliegen JRabbani MMentens N(2024)Trusted Computing Architectures for IoT DevicesApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_17(241-254)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-55673-9_17
Bobda CMbongue JSaha SAhmed M(2023)Domain Isolation and Access Control in Multi-tenant Cloud FPGAsSecurity of FPGA-Accelerated Cloud Computing Environments10.1007/978-3-031-45395-3_2(29-55)Online publication date: 18-Sep-2023
https://doi.org/10.1007/978-3-031-45395-3_2
Show More Cited By

Index Terms

Domain Isolation in FPGA-Accelerated Cloud and Data Center Applications

Recommendations

Deploying Multi-tenant FPGAs within Linux-based Cloud Infrastructure
Cloud deployments now increasingly exploit Field-Programmable Gate Array (FPGA) accelerators as part of virtual instances. While cloud FPGAs are still essentially single-tenant, the growing demand for efficient hardware acceleration paves the way to FPGA ...
Synthesizable Standard Cell FPGA Fabrics Targetable by the Verilog-to-Routing CAD Flow
Special Section on Field Programmable Logic and Applications 2015 and Regular Papers

In this article, we consider implementing field-programmable gate arrays (FPGAs) using a standard cell design methodology and present a framework for the automated generation of synthesizable FPGA fabrics. The open-source Verilog-to-Routing (VTR) FPGA ...
FPGA-oriented HW/SW implementation of the MPEG-4 video decoder

This paper presents an FPGA-oriented implementation methodology for the MPEG-4 video decoder based on a hardware/software co-design approach. The MPEG-4 decoder is based on MoMuSys optimized reference software combined with new hardware VLSI ...

Comments

Information & Contributors

Information

Published In

GLSVLSI '21: Proceedings of the 2021 Great Lakes Symposium on VLSI

June 2021

504 pages

ISBN:9781450383936

DOI:10.1145/3453688

General Chairs:
Yiran Chen
Duke University, USA
,
Victor Zhirnov
Semiconductor Research Corporation, USA
,
Program Chairs:
Avesta Sasan
George Mason University, USA
,
Ioannis Savidis
Drexel University, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Data Availability

This presentation summarizes the work presented in the paper titled "Domain Isolation in FPGA-Accelerated Cloud and Data Center Applications". https://dl.acm.org/doi/10.1145/3453688.3461527#GLSVLSI21-glsv093p.mp4

Funding Sources

National Science Fundation

Conference

GLSVLSI '21

Sponsor:

SIGDA

GLSVLSI '21: Great Lakes Symposium on VLSI 2021

June 22 - 25, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Upcoming Conference

GLSVLSI '25

Sponsor:
sigda

Great Lakes Symposium on VLSI 2025

June 30 - July 2, 2025

New Orleans , LA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
167
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)3

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wulf CPertuz SGöhringer D(2024)Hardware-level Access Control and Scheduling of Shared Hardware Accelerators2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00044(274-281)Online publication date: 28-Aug-2024
https://doi.org/10.1109/DSD64264.2024.00044
Braeken Ada Silva BSegers LKnödtel JReichenbach MWulf CPertuz SGöhringer DVliegen JRabbani MMentens N(2024)Trusted Computing Architectures for IoT DevicesApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_17(241-254)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-55673-9_17
Bobda CMbongue JSaha SAhmed M(2023)Domain Isolation and Access Control in Multi-tenant Cloud FPGAsSecurity of FPGA-Accelerated Cloud Computing Environments10.1007/978-3-031-45395-3_2(29-55)Online publication date: 18-Sep-2023
https://doi.org/10.1007/978-3-031-45395-3_2
Bobda CMbongue JChow PEwais MTarafdar NVega JEguro KKoch DHandagala SLeeser MHerbordt MShahzad HHofste PRinglein BSzefer JSanaullah ATessier R(2022)The Future of FPGA Acceleration in Datacenters and the CloudACM Transactions on Reconfigurable Technology and Systems10.1145/350671315:3(1-42)Online publication date: 4-Feb-2022
https://dl.acm.org/doi/10.1145/3506713

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Supplemental Material

References

Cited By

Index Terms

Recommendations

Deploying Multi-tenant FPGAs within Linux-based Cloud Infrastructure

Synthesizable Standard Cell FPGA Fabrics Targetable by the Verilog-to-Routing CAD Flow

FPGA-oriented HW/SW implementation of the MPEG-4 video decoder

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Data Availability

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations