ADHeS: Attacks and Defenses on FPGA-CPU Heterogeneous Systems

Due to their hardware parallelism and reconfiguration capabilities, field programmable gate arrays (FPGAs) are integrated into modern heterogeneous platforms and run a variety of safety-critical applications. They are often coupled with CPUs. However, the security of this integration remains questionable. Modern FPGAs contain millions of programmable cells, forcing the designers to use third-party IP cores, which carry the risk of being infected with malicious code. Furthermore, researchers have recently demonstrated carrying out side-channel, fault-injection and denial-of-service attacks from the FPGA fabric. CPUs are also vulnerable to a variety of known attacks leveraging shared memory or microarchitectural state. In this project, we focus on discovering new security vulnerabilities introduced by FPGAs in heterogeneous systems. Discovering and understanding the mechanisms behind these, not yet understood, security threats will enable developing protections and countermeasures, necessary to guarantee safe employment of FPGAs in today's heterogeneous platforms.

This research is supported by armasuisse Science and Technology.

D. G. Mahmoud, B. Shokry, V. Lenders, W. Hu, and M. Stojilović, X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don't Care Hardware Trojans to Shared Cloud FPGAs, IEEE Access, January, 2024.
[detailed record]

D. G. Mahmoud, O. Glamočanin, F. Regazzoni, and M. Stojilović, Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs, (eds) Security of FPGA-Accelerated Cloud Computing Environments. Springer, Cham. September, 2023

D. G. Mahmoud, V. Lenders, and M. Stojilović, Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous Era, ACM Computing Surveys, March, 2023.
[detailed record]

D. G. Mahmoud, D. Dervishi, S. Hussein, V. Lenders, and M. Stojilović, DFAulted: Analyzing and Exploiting CPU Software Faults Caused by FPGA-Driven Undervolting Attacks, IEEE Access, December, 2022.
[detailed record]

D. G. Mahmoud, S. Hussein, V. Lenders and M. Stojilović, FPGA-to-CPU Undervolting Attacks, Design, Automation and Test in Europe (DATE), March 14 - 23, 2022.
[detailed record]

D. G. Mahmoud, W. Hu, and M. Stojilović, X-Attack: Remote Activation of Satisfiability Don’t-Care Hardware Trojans on Shared FPGAs, The International Conference on Field-Programmable Logic and Applications (FPL), August 31 - September 4, 2020.
[detailed record]

D. Mahmoud and M. Stojilović, Timing Violation Induced Faults in Multi-Tenant FPGAs, Design, Automation and Test in Europe Conference and Exhibition (DATE), Florence, Italy, March 25 – 29, 2019.
[detailed record]