For performance and scalability reasons, most cloud providers start using Field-Programmable Gate Arrays (FPGAs) to provide FPGA-based acceleration services. FPGA virtualization becomes then necessary to optimize hardware resources utilization, but raises security and privacy concerns.
In this work we consider a temporal multi-tenancy environment, where a single FPGA instance running a third-party logic is made available to multiple users in a sequential fashion, and we focus on ensuring users privacy by detecting whether data belonging to different user may be mixed in the circuit. We present a framework consisting of a set of components and design rules ensuring that only privacy-preserving third-party logics can be loaded on an FPGA instance. We then describe a static hardware information flow analysis, at the core of the framework’s behaviour.
This analysis leverages existing information flow tracking techniques and constructs a new circuit with the same structure as the original one, but instead computes security labels associated to the data as it goes through the logic. Notably, the label propagation rules employed to compute labels in this new circuit are independent of the actual signal values in the design under analysis. As a result, it can be simulated almost instantaneously and the simulation result remains valid for all possible executions of the original design. We have implemented our analysis within the Yosys tool and run it over a set of small and medium size circuits. While the analysis is still in an early development stage, it already shows encouraging results. Furthermore, we have identified multiple potential improvements for future work to bring the analysis to a more formal and operational state.
