Diagnosis of Malicious Bitstreams in Cloud Computing FPGAs

Abstract

Multi-tenant FPGAs are increasingly being used in cloud computing technologies. Users are able to access the FPGA fabric remotely to implement custom accelerators in the cloud. However, the sharing of FPGA resources by untrusted third-parties can lead to serious security threats. Attackers can configure a portion of the FPGA with a malicious bitstream. Such malicious use of the FPGA fabric may lead to severe voltage fluctuations and denial-of-service. In this work, we consider FPGAs that support time-based multi-tenancy i.e., a single user has access to the FPGA at a time. We propose a convolutional neural network (CNN)-based approach to detect malicious RO-like circuits that are configured on an FPGA by learning features from the data-series representation of the bitstreams of malicious circuits. We use the classification accuracy, true-positive rate, and false-positive rate metrics to quantify the effectiveness of CNN-based classification of malicious bitstreams. Our threat model includes a variety of power-wasting circuits that are used to configure FPGAs in the cloud. We propose a two-stage malicious bitstream detection framework for classification and diagnosis of the type of malicious circuit implemented by a particular bitstream. We further propose a novel window-merging technique to improve model performance in the second stage of the detection framework. Experimental results on Xilinx FPGAs demonstrate the effectiveness of the proposed method.