A new scheme for securing users’ data and applications in public clouds and data centers using Field Programmable Gate Arrays (FPGAs) has been developed. This scheme incorporates all necessary protocols, hardware, and software components to provide protection against many known potential attacks including internal attacks. It achieves perfect forward secrecy, provides FPGA authentication and integrity checks, and securely establishes a symmetric session key between the user and the FPGA. A complete prototype has been implemented to show the feasibility of the proposed scheme with current FPGAs. Experimental results showed that an FPGA-based compute node can be set up in a cloud in 3.36s; 12.6 times faster than booting a medium-size conventional Virtual Machine (VM) on the same cloud. Based on the average global Internet speed, the time it takes to set up the FPGA-based machine from anywhere in the world was estimated to be 15s. Also, running an experimental secure image processing application on the FPGA took 50 percent less time than running the same application on a conventional state-of-the art processor (without a secure container).

中文翻译：

---

使用FPGA的安全计算区域

已经开发出一种新的方案，该方案使用现场可编程门阵列（FPGA）保护公共云和数据中心中用户的数据和应用程序。该方案结合了所有必要的协议，硬件和软件组件，以提供针对许多已知潜在攻击（包括内部攻击）的保护。它实现了完美的前向保密性，提供了FPGA身份验证和完整性检查，并在用户和FPGA之间安全地建立了对称的会话密钥。已经实现了一个完整的原型，以显示该方案与当前FPGA的可行性。实验结果表明，基于FPGA的计算节点可以在3.36 s的时间内在云中建立。比在同一云上启动中型常规虚拟机（VM）快12.6倍。根据全球平均互联网速度，在世界任何地方设置基于FPGA的机器所需的时间估计为15秒。而且，在FPGA上运行实验性安全图像处理应用程序所花费的时间比在传统的最新型处理器（没有安全容器）上运行相同的应用程序所花的时间少50％。