Loading...
Thumbnail Image
Publication

ADDRESSING SECURITY CHALLENGES IN EMBEDDED SYSTEMS AND MULTI-TENANT FPGAS

Citations
Altmetric:
Abstract
Embedded systems and field-programmable gate arrays (FPGAs) have become crucial parts of the infrastructure that supports our modern technological world. Given the multitude of threats that are present, the need for secure computing systems is undeniably greater than ever. Embedded systems and FPGAs are governed by characteristics that create unique security challenges and vulnerabilities. Despite their array of uses, embedded systems are often built with modest microprocessors that do not support the conventional security solutions used by workstations, such as virus scanners. In the first part of this dissertation, a microprocessor defense mechanism that uses a hardware monitor to protect application-level and embedded operating system execution is presented. The monitoring system is placed adjacent to the embedded processor and observes each instruction during execution to ensure correct program operation. Our hardware-based processor monitoring system is shown to prevent an impending control-flow hijack attack within a single clock cycle. The approach is demonstrated using a hardware prototype based on a LEON3 processor running a Linux operating system. The monitoring system does not degrade processor performance nor require processor software or hardware modifications. As FPGAs have grown in logic capacity, their range of application domains has expanded beyond embedded systems to include cloud computing. This growth has led to scenarios in which circuits from multiple designers are deployed in an FPGA at the same time. FPGA multi-tenancy introduces unique security challenges that must be addressed. Co-located FPGA users share device resources at the physical level including wiring and the power distribution network (PDN). These limitations make complete user-level isolation impossible for current commercial FPGA devices. The second part of this dissertation focuses on two important classes of attacks that are based on this shared use of the FPGA resources, crosstalk-based information leakage attacks and on-chip voltage attacks. Crosstalk coupling that exists between long wires in an FPGA routing channel can be used by an adversary to steal secret information from an unsuspecting FPGA co-tenant. Similarly, a malicious tenant can deliberately cause voltage fluctuations in the FPGA PDN in an attempt to induce timing faults in a neighboring circuit. In both cases, the attacks require no physical access to the device and can be performed remotely. The work fully characterizes the threats and demonstrates strategies that can be used to protect multi-tenant users from potential attacks.
Type
dissertation
Date
2021-02
Publisher
License
License