Recent research has exposed a number of security issues related to the use of FPGAs in embedded system and cloud computing environments. Circuits that deliberately waste power can be carefully crafted by a malicious cloud FPGA user and deployed to cause denial-of-service and fault injection attacks. The main defense strategy used by FPGA cloud services involves checking user-submitted designs for circuit structures that are known to aggressively consume power. Unfortunately, this approach is limited by an attacker’s ability to conceive new designs that defeat existing checkers. In this work, our contributions are twofold. We evaluate a variety of circuit power wasting techniques that typically are not flagged by design rule checks imposed by FPGA cloud computing vendors. The efficiencies of five power wasting circuits, including our new design, are evaluated in terms of power consumed per logic resource. We then show that the source of voltage attacks based on power wasters can be identified. Our monitoring approach localizes the attack and suppresses the clock signal for the target region within 21 μs, which is fast enough to stop an attack before it causes a board reset. All experiments are performed using a state-of-the-art Intel Stratix 10 FPGA.

中文翻译：

---

减轻多租户 FPGA 中的电压攻击

最近的研究揭示了许多与在嵌入式系统和云计算环境中使用 FPGA 相关的安全问题。恶意的云 FPGA 用户可以精心设计故意浪费电力的电路，并进行部署以引发拒绝服务和故障注入攻击。FPGA 云服务使用的主要防御策略包括检查用户提交的设计中是否存在已知会大量消耗功率的电路结构。不幸的是，这种方法受到攻击者构思新设计以击败现有检查器的能力的限制。在这项工作中，我们的贡献是双重的。我们评估了各种电路功耗技术，这些技术通常不会被 FPGA 云计算供应商强加的设计规则检查标记。五个功率浪费电路的效率，包括我们的新设计，根据每个逻辑资源的功耗进行评估。然后，我们表明可以识别基于电力浪费的电压攻击源。我们的监控方法定位攻击并在 21 μs 内抑制目标区域的时钟信号，这足以在攻击导致电路板复位之前停止攻击。所有实验均使用最先进的 Intel Stratix 10 FPGA 进行。