Security of FPGA-Accelerated Cloud Computing Environments,
Jakub Szefer and Russell Tessier

Springer Verlag, 2024.
ISBN 978-3-031-45394-6 (hardcover), 978-3-031-45395-3 (ebook).
328 pages + x, First edition, 2024

Reviewed by  Sven Dietrich   Sep 23, 2024 

Cloud computing has been around as a basic concept, if you are strictly and technically talking about virtual environments and virtual machine monitors, roughly since the 1960s. With that topic came a series of research topics that explored information flow, side channels, as well as covert channels, among others. The term cloud computing became popular in the advent of the Internet and the need of shared resources across network connections.

This book revisits these topics in a very specific context. While cloud computing in general has offered access to shared resources for both CPU and GPU computing, there has been the option to select Field Programmable Gate Arrays (FPGAs) on some cloud computing services since the mid 2010s. FPGAs are nothing else than an example of Programmable Logic Devices, allowing for the creation of integrated circuits using a hardware description language such as VHDL.

The editors Jakub Szefer and Russell Tessier have put together a book of 328 pages and 11 chapters, entitled "Security of FPGA-Accelerated Cloud Computing Environments," touching upon 11 separate yet interconnected topics on the security of such FPGA-accelerated cloud environments. The book overall is illustrated with color tables, charts, and figures, and each chapter is mostly self-contained: each has a proper introduction, an overview of the chapter, the main portion of the topic, plus an extensive set of references at the end of the chapter. The editors of the book are co-authors of some of the chapters that have been written by specific experts in the subfield.

The 11 chapters easily flow into three main categories, as mentioned in the book's foreword. Chapters 1-3 focus on authentication, protection of data communications between local and remote clients, and the cryptographic primitives that one could run on the FPGAs. Chapters 4-9 focus on physical attacks on the FPGAs, attacks between remote FPGAs, as well as hybrid attacks between using FPGAs, CPUs, and GPUs. Chapters 10-11 discuss countermeasures and defenses for the cloud-based attacks. The book considers the single-tenant and multi-tenant cases, meaning either single and sequential use, or concurrent use of the FPGA hardware by cloud clients. The examples given in each chapter often refer to specific hardware implementations of FPGAs, including the various "FPGA cloud options" the major cloud providers have been offering.

There eleven chapters are described here in order.
  1. This book begins with authentication and confidentiality in FPGA-based clouds. As expected, you will find the basics explained for this setting. Considerations such as proper trust authorities and multi-tenant scenarios are explored, as well as open challenges on this topic. The use of Physically Unclonable Functions (PUFs) for FPGAs are mentioned as well.

  2. The second chapter delves deeper into domain isolation and access control, a topic we have been familiar with, but here explained in the multi-tenant setting of the FPGA-based cloud. Here we see hardware and software isolation architecture considerations, plus approaches from classical security, such as the NSA FLASK architecture.

  3. Efficient and secure encryption for FPGAs in the cloud. Taken from the angle of lightweight cryptography, a topic popularized partly by the Internet of Things, the reader learns about what throughput is to be expected to and from the FPGA clouds and configurable hardware. Illustrations show modes of encryption, architectures, and numerical results for the efficiency tests. Reflections on post-quantum cryptography in the FPGA setting round off the chapter.

  4. Remote physical attacks on FPGAs at the electrical level. The authors explain the impact of manipulating power to the actual FPGAs, either by attacking its power distribution network, fault injection and power side channels,and forcing consumption of electrical resources, e.g. by causing voltage drops which would affect the actual FPGA logic. An evaluation of covert channels summarized in large tables illustrate the potential impact. Some design improvements are presented that would prevent or at least mitigate such attacks.

  5. Practical implementations of remote power side-channel and fault-injection attacks on multi-tenant FPGAs. This chapter contains well-illustrated, actual experiments with power side-channel attacks as well as fault-injection attacks in connection with FPGA voltage sensors, power wasters, and other electrical impacts on computation when other users are running jobs on the FPGA.

  6. Contention-based threats between single-tenant cloud FPGA instances. This chapter describes practical inference mechanisms and covert channels between single-tenant FPGA setups. Exploring channels such as the PCIe bus, heat signatures, and other forms that can carry information at a much higher rate than expected.

  7. Covert channels in cross-board power-based FPGA, CPU, and GPUs. The authors of this chapter identify shared power supplies as source of inference, introduce remote covert channels between FPGAs, and introduce CPU-to-FPGA as well as GPU-to-FPGA covert channels.

  8. Microarchitectural vulnerabilities introduced, exploited, and accelerated by heterogeneous FPGA-CPU platforms. As hybrid setups get created in the cloud providers due to various integrations of CPUs and FPGAs, e.g. by the PCIe bus or otherwise, new attack mechanisms arise. One example described i

    This chapter describes the JackHammer attack, the FPGA equivalent of the RowHammer attack on DRAM memory chips.

  9. Fingerprinting and mapping cloud FPGA infrastructures. In case of thermal or temporal attacks, it is important to know that one has returned or can obtain a specific physical FPGA. Using some fingerprinting techniques that bypass the cloud provider's undisclosed defense mechanism, the authors show how one can perform some FPGA cartography, effectively charting the FPGA infrastructure of the provider to some extent.

  10. Countermeasures against voltage attacks in multi-tenant FPGAs. Here the authors summarize the countermeasures for electrical attacks, namely attacks that use stressors, waste power, lower voltage and potentially inject faults that way.

  11. A proposal for programmable RO (PRO): a multipurpose countermeasure against side-channel and fault injection attack. The ring oscillators (RO) play a key role in this approach, as well as on-chip sensors. Various fault detection mechanisms are reviewed as the book wraps up with countermeasures in the last two chapters.

Overall the book is aimed at researchers, industry practitioners in technology, e-commerce, and online services, and postgraduate students seeking in-depth information about FPGAs. The editors did an excellent job at pulling together all the diverse authors for each chapter that provided such excellent in-depth and real-world excursion into this FPGA cloud topic.

I really enjoyed reading this book, especially due to its systems aspect, and the book (thank you Jakub!) will find its place on my bookshelf for any needed reference on this very timely topic.


Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org