Securing Virtualized FPGAs for an Untrusted Cloud

摘要

The business with cloud computing is steadily growing. More and more data center providers offer reconfigurable hardware to accelerate workloads in an energy efficiency way. Various frameworks for virtualization of these devices have been proposed, but security concerns of potential users have mostly been neglected. Other approaches focused on security, but did not provide the required virtualization capabilities. In this paper we extend an existing FPGA virtualization framework with crucial security features, including strong AES encryption and efficient elliptic curve cryptography. But only with the use of a TLS based protocol does this combination achieve a high level of security. It enables the confidential and secure transfer of sensitive data, including the configuration bitstreams of virtual FPGAs. They are decrypted by the FPGA hypervisor and checked for malicious modifications to protect other vFPGAs. This way the device can be virtualized while being secured and no sensible data is exposed to potentially vulnerable software.