Тестування на проникнення компонентів FPGA як сервісу для забезпечення кібербезпеки

Abstract

The subject of study in this article is modern penetration testing technologies, in which the test object is a platform with access to FPGA resources. The goal of this work is to improve modern methods of penetration testing of services that provide FPGA as a Service, to identify vulnerabilities, the elimination of which increases the level of security of services and increases the level of user trust in such services. Task: to analyze possible threats of FPGA as a Service platforms; analyze the structure of FPGA as a Service platforms; analyze options for using the penetration testing standard; and offer key components for ensuring cyber security of FPGA as a Service platforms. According to the tasks, the following results were obtained. A study of the cyber security problems of FPGA as a Service platforms was conducted, and a set of components for ensuring the cybersecurity of FPGA as a Service platforms was proposed. An analysis of modern cybersecurity threats of FPGA as a Service platforms was carried out. The possibility of applying the penetration testing standard to FPGA services is considered. Regular audits and penetration testing are key elements of a cybersecurity strategy and help maintain customer and user trust in FPGA services. A set of components for ensuring cybersecurity of FPGA as a Service platforms is proposed, which corresponds to modern threats. The complex includes activities such as regular software updates, security monitoring and analysis, audit and penetration testing, compliance with security standards, and staff training. Conclusions. The main contribution and scientific novelty of the obtained results is that a study of the possibilities of penetration testing was conducted, where the test object is a platform with access to FPGA resources. As in many other areas, ensuring the cybersecurity of FPGA as a Service platforms is a complex task, where ignoring any component can lead to critical consequences. Applying only penetration testing is not enough; therefore, a comprehensive list of cybersecurity measures for FPGA as a Service platforms is provided.