Off-campus UMass Amherst users: To download campus access dissertations, please use the following link to log into our proxy server with your UMass Amherst user name and password.

Non-UMass Amherst users: Please talk to your librarian about requesting this dissertation through interlibrary loan.

Dissertations that have an embargo placed on them will not be available to anyone until the embargo expires.

Author ORCID Identifier

https://orcid.org/0000-0001-7344-2334

AccessType

Open Access Dissertation

Document Type

dissertation

Degree Name

Doctor of Philosophy (PhD)

Degree Program

Electrical and Computer Engineering

Year Degree Awarded

2021

Month Degree Awarded

February

First Advisor

Professor Russell Tessier

Subject Categories

Computer and Systems Architecture | Digital Circuits | Electrical and Electronics | Hardware Systems | VLSI and Circuits, Embedded and Hardware Systems

Abstract

Embedded systems and field-programmable gate arrays (FPGAs) have become crucial parts of the infrastructure that supports our modern technological world. Given the multitude of threats that are present, the need for secure computing systems is undeniably greater than ever. Embedded systems and FPGAs are governed by characteristics that create unique security challenges and vulnerabilities.

Despite their array of uses, embedded systems are often built with modest microprocessors that do not support the conventional security solutions used by workstations, such as virus scanners. In the first part of this dissertation, a microprocessor defense mechanism that uses a hardware monitor to protect application-level and embedded operating system execution is presented. The monitoring system is placed adjacent to the embedded processor and observes each instruction during execution to ensure correct program operation. Our hardware-based processor monitoring system is shown to prevent an impending control-flow hijack attack within a single clock cycle. The approach is demonstrated using a hardware prototype based on a LEON3 processor running a Linux operating system. The monitoring system does not degrade processor performance nor require processor software or hardware modifications.

As FPGAs have grown in logic capacity, their range of application domains has expanded beyond embedded systems to include cloud computing. This growth has led to scenarios in which circuits from multiple designers are deployed in an FPGA at the same time. FPGA multi-tenancy introduces unique security challenges that must be addressed. Co-located FPGA users share device resources at the physical level including wiring and the power distribution network (PDN). These limitations make complete user-level isolation impossible for current commercial FPGA devices.

The second part of this dissertation focuses on two important classes of attacks that are based on this shared use of the FPGA resources, crosstalk-based information leakage attacks and on-chip voltage attacks. Crosstalk coupling that exists between long wires in an FPGA routing channel can be used by an adversary to steal secret information from an unsuspecting FPGA co-tenant. Similarly, a malicious tenant can deliberately cause voltage fluctuations in the FPGA PDN in an attempt to induce timing faults in a neighboring circuit. In both cases, the attacks require no physical access to the device and can be performed remotely. The work fully characterizes the threats and demonstrates strategies that can be used to protect multi-tenant users from potential attacks.

DOI

https://doi.org/10.7275/20484053

Available for download on Tuesday, February 01, 2022

Share

COinS