چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Security of FPGA-Accelerated Cloud Computing Environments

Jakub Szefer (editor), Russell Tessier (editor)

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۲۴
فرمت
PDF
زبان
انگلیسی
حجم فایل
۲۰٫۴ مگابایت
شابک
9783031453946، 9783031453953، 3031453948، 3031453956

دربارهٔ کتاب

This book addresses security of FPGA-accelerated cloud computing environments. It presents a comprehensive review of the state-of-the-art in security threats as well as defenses. The book further presents design principles to help in the evaluation and designs of cloud-based FPGA deployments which are secure from information leaks and potential attacks. Foreword Acknowledgements Contents 1 Authentication and Confidentiality in FPGA-Based Clouds 1.1 Introduction 1.2 FPGA-Based Cloud Architectures 1.2.1 FPGA as a Cloud Service Accelerator 1.2.2 Infrastructure as a Service FPGA Acceleration 1.2.3 FPGA-Based Cloud Without a Trusted Authority 1.2.4 FPGA-Based Cloud with a Trusted Authority 1.3 FPGA-Based Cloud Authentication Solutions 1.3.1 Authentication Principles 1.3.1.1 Direct Authentication 1.3.1.2 Authentication Using a Trusted Authority 1.3.2 Bitstream Authentication 1.3.3 FPGA Authentication 1.3.3.1 Direct FPGA and User Authentication 1.3.3.2 FPGA and User Authentication Using a Trusted Authority 1.4 Open Challenges 1.4.1 Multi-tenancy 1.4.2 Remote FPGA Attacks 1.5 Authorization and Access Delegation Framework for FPGA-Enabled Cloud Computing 1.5.1 Client Request and Certificate Creation 1.5.2 HTTP Redirection and Authorization Grants 1.5.3 Access Management and Token Generation Phase 1.5.4 Client and FPGA Secure Channel 1.5.5 Access Control with Tokens 1.5.6 Access Control of Bitstreams 1.6 Performance Analysis 1.6.1 Theoretical Performance 1.6.2 Time Estimation for Token Generation 1.7 Conclusion References 2 Domain Isolation and Access Control in Multi-tenant CloudFPGAs 2.1 Introduction 2.2 System Organization 2.2.1 FPGA Provisioning Model 2.2.1.1 FPGA Hardware Elasticity 2.2.1.2 FPGA Interfacing 2.2.2 Virtual Machine Integration 2.2.3 Simultaneous FPGA Access 2.3 Security Architecture and Domain Isolation 2.3.1 FLASK Security Architecture 2.3.2 Threat Model and System Assumption 2.3.3 Domain Isolation Model 2.3.4 Hardware/Software Isolation Architecture 2.3.4.1 Security Server 2.3.4.2 Hardware Modules Manager 2.3.4.3 Secure Communication Protocol 2.3.4.4 FPGA Area Overhead 2.3.4.5 Security Assessment 2.3.4.6 FPGA Configuration and Communication Overhead 2.4 Discussion References 3 Efficient and Secure Encryption for FPGAs in the Cloud 3.1 Introduction 3.2 Cryptographic Primitives: Block Ciphers 3.2.1 Architectures 3.2.1.1 High-Throughput Implementations 3.2.2 Implementation Results of Different Block Ciphers 3.3 Cryptographic Primitives: Stream Ciphers 3.3.1 eSTREAM Project 3.3.2 Implementation Results of Different Stream Ciphers 3.4 Cryptographic Primitives: Authenticated Encryption 3.4.1 AES-GCM 3.4.2 Finite Field Multiplication 3.4.2.1 Karatsuba Multiplier 3.4.2.2 AES Architectures 3.4.2.3 AES-GCM Circuit Architecture 3.4.2.4 AES-GCM Implementation Results 3.4.3 GIFT-COFB 3.4.3.1 GIFT-COFB Circuit Architecture 3.4.4 ROMULUS 3.4.4.1 ROMULUS-N1 Circuit Architecture 3.4.5 ASCON 128 3.4.5.1 ASCON 128 Circuit Architecture 3.4.5.2 Implementation Results of Different Authenticated Encryption Algorithms 3.5 Post-Quantum Cryptography 3.6 Conclusion and Open Problems References 4 Remote Physical Attacks on FPGAs at the Electrical Level 4.1 Introduction 4.2 Background 4.2.1 Power Distribution in Integrated Circuits 4.2.2 Security Threats Based on PDN Access 4.2.2.1 Fault Attacks Based on Power 4.2.2.2 Power Side-Channel Attacks 4.3 Interaction Between Voltage and FPGA Logic 4.3.1 Voltage Drop Injection with Digital Logic 4.3.2 Digital Logic for Voltage Estimation 4.4 Fault and Side-Channel Attacks on FPGA Platforms 4.4.1 Power Analysis Attack on a Lattice ECP5 4.4.2 Fault Attack on a Xilinx Ultrascale VCU108 4.4.3 Results on Additional FPGA Platforms 4.5 Countermeasures 4.5.1 The Importance of Physical Design Parameters 4.5.2 Offline Bitstream Checking Countermeasures 4.5.3 Online On-Chip Countermeasures 4.5.4 Overview of Countermeasures 4.6 Summary References 5 Practical Implementations of Remote Power Side-Channel and Fault-Injection Attacks on Multitenant FPGAs 5.1 Electrical-Level Vulnerabilities of Remote FPGAs 5.2 Attack Scenarios 5.3 Remote Power Side-Channel Attacks 5.3.1 FPGA Voltage Sensors 5.3.2 Power Side-Channel Analysis 5.3.3 Running the Attack 5.3.4 Countermeasures 5.4 Remote Fault-Injection Attacks 5.4.1 Timing Constraints 5.4.2 FPGA Power Wasters 5.4.3 Fault Injection vs. Denial of Service 5.4.4 Victim 5.4.5 Exploits and Possible Extensions 5.4.6 Countermeasures 5.5 Conclusions References 6 Contention-Based Threats Between Single-Tenant Cloud FPGA Instances 6.1 Introduction 6.1.1 Contributions 6.1.2 Chapter Organization 6.2 Background and Related Work 6.2.1 AWS F1 Instance Architecture 6.2.2 Programming AWS F1 Instances 6.2.3 Related Work 6.2.3.1 PCIe-Based Threats 6.2.3.2 Power-Based Threats 6.2.3.3 Thermal-Based Threats 6.2.3.4 DRAM-Based Threats 6.2.3.5 Multi-tenant Security 6.3 PCIe Contention in Cloud FPGAs 6.4 Cross-VM Covert Channels 6.4.1 Covert-Channel Implementation 6.4.2 Experimental Setup 6.4.3 Bandwidth vs. Accuracy Trade-Offs 6.4.4 Transfer Sizes 6.4.5 Operating Systems 6.5 Cross-VM Side-Channel Leaks 6.5.1 Inferring User Activity 6.5.1.1 Experimental Setup 6.5.1.2 Leaking Private Information from Marketplace AMIs 6.5.2 Detecting Instance Initialization 6.5.3 Long-Term PCIe Monitoring 6.5.4 Interference Attacks 6.6 Other Cross-Instance Effects 6.6.1 Network-Based Contention 6.6.2 SSD Contention 6.6.2.1 SSD-to-SSD Contention 6.6.2.2 FPGA-to-SSD Contention 6.6.3 DRAM-Based Thermal Monitoring 6.6.3.1 Setup and Evaluation 6.7 Conclusion References 7 Cross-board Power-Based FPGA, CPU, and GPU Covert Channels 7.1 Introduction 7.1.1 Contributions 7.1.2 Chapter Organization 7.2 Threat Model 7.3 Experimental Setup 7.3.1 Ring Oscillators 7.3.2 Architectural FPGA Design 7.3.2.1 Covert-Channel Source 7.3.2.2 Covert-Channel Sink 7.3.3 FPGA Boards 7.3.4 Power Supply Units and Computer Transmitters 7.3.5 Data Collection and Encoding 7.4 Classification Metric 7.4.1 Why Absolute Counts Are Not Enough 7.4.2 A New Metric Based on Count Differences 7.4.3 Characterization of the Proposed Metric 7.5 Cross-FPGA Communication 7.5.1 Overview of Results 7.5.2 Transmitter and Stressor ROs 7.5.3 Bandwidth–Accuracy Tradeoffs 7.5.4 Transmitted Patterns and Cabling Layouts 7.5.5 Ring Oscillator Types and Alternative Experimental Setup 7.6 Additional Covert Channels 7.6.1 CPU Transmissions 7.6.2 GPU Transmissions 7.7 Discussion 7.7.1 Practicality of Attacks 7.7.2 Defense Mechanisms 7.8 Related Work 7.8.1 Remote FPGA Attacks 7.8.2 Power and Temperature Covert Channels 7.9 Conclusion References 8 Microarchitectural Vulnerabilities Introduced, Exploited, and Accelerated by Heterogeneous FPGA-CPU Platforms 8.1 Introduction 8.2 Background 8.2.1 Cache Attacks 8.2.1.1 Eviction Sets 8.2.2 Rowhammer 8.2.3 RSA-CRT Signing 8.2.4 IOTLB Side Channel 8.3 Experimental Setup 8.4 Analysis of Intel FPGA-CPU Systems 8.4.1 Intel FPGA Platforms 8.4.2 Intel's FPGA-CPU Compatibility Layers 8.4.2.1 Memory-Mapped I/O (MMIO) 8.4.2.2 Direct Memory Access (DMA) 8.4.3 Cache and Memory Architecture on the Intel FPGAs 8.4.3.1 Arria 10 PAC 8.4.3.2 Integrated Arria 10 8.4.3.3 Reverse-Engineering Caching Hint Behavior 8.5 The JackHammer Attack 8.5.1 JackHammer: An FPGA Implementation of Rowhammer 8.5.2 JackHammer on the FPGA PAC vs. CPU Rowhammer 8.5.3 JackHammer on the Integrated Arria 10 vs. CPU Rowhammer 8.5.4 The Effect of Caching on Rowhammer Performance 8.6 Fault Attack on RSA Using JackHammer 8.6.1 RSA Fault Injection Attacks 8.6.1.1 Fault Injection Attack with RSA Base Blinding 8.6.2 Our Attack 8.6.2.1 Attack Setup 8.6.3 Performance of the Attack 8.7 Cache Attacks on Intel FPGA-CPU Platforms 8.7.1 Cache Attacks from FPGA PAC to CPU 8.7.2 Cache Attacks from Integrated Arria 10 FPGA to CPU 8.7.2.1 Constructing a Covert Channel from AFU to CPU 8.7.3 Cache Attacks from CPU to Integrated Arria 10 FPGA 8.7.4 Intra-FPGA Cache Side Channels 8.8 Countermeasures 8.8.1 Hardware Monitors 8.8.2 Increasing DRAM Row Refresh Rate 8.8.3 Cache Partitioning and Pinning 8.8.4 Disabling Huge Pages and Virtualizing AFU Address Space 8.8.5 Protection Against Bellcore Attack 8.9 Conclusion References 9 Fingerprinting and Mapping Cloud FPGA Infrastructures 9.1 Introduction 9.1.1 Contributions and Chapter Organization 9.2 Background 9.2.1 Cloud FPGAs 9.2.2 Decay-Based DRAM PUFs 9.2.3 Ring Oscillators 9.2.4 PCIe Contention and NUMA Localities 9.3 Threat Model 9.4 Fingerprinting Cloud FPGAs 9.4.1 DRAM PUF Design 9.4.1.1 Accessing DRAM from the FPGA 9.4.1.2 Collecting DRAM PUF Fingerprints 9.4.2 DRAM PUF Evaluation 9.4.2.1 Data Collection on AWS 9.4.2.2 DRAM PUF Example on Cloud FPGAs 9.4.2.3 Fingerprinting Metric 9.4.2.4 Identifying Repeated Instances 9.4.2.5 Monitoring Temperature Changes 9.4.3 RO PUF Design 9.4.4 RO PUF Evaluation 9.4.5 Defense Strategies 9.5 Cloud FPGA Cartography 9.5.1 Experimental Setup 9.5.2 Evaluation 9.5.2.1 Determining NUMA Localities 9.5.2.2 Cross-VM PCIe Contention 9.5.2.3 Contention Between f1.4xlarge Instances 9.5.2.4 Data Center Regions and On-Demand Instances 9.5.2.5 Probability of Co-location 9.5.2.6 Overlap Between Instance Types 9.5.2.7 Practical Considerations 9.6 Related Work 9.6.1 Remote FPGA Attacks 9.6.2 Cloud Security 9.7 Conclusion References 10 Countermeasures Against Voltage Attacks in Multi-tenant FPGAs 10.1 Introduction 10.2 Overview of Voltage Attacks and Countermeasures 10.2.1 Threats 10.2.2 Countermeasures 10.3 Voltage Attacks 10.3.1 Types of Power Wasters Used in Voltage Attacks 10.3.2 Effects of Power Wasters on FPGA PDN 10.3.3 Potential Threats of Voltage Attacks 10.4 Voltage Sensing and Fault Detection 10.4.1 On-Chip Voltage Sensors 10.4.2 Voltage Attack Detection 10.5 Reactive Countermeasures for Voltage Attacks 10.5.1 Disabling Synchronous Power Wasters 10.5.2 Disabling Asynchronous Power Wasters Using Partial Reconfiguration 10.5.3 Modified Partial Reconfiguration 10.6 Ideas to Address Security Threats 10.7 Conclusion References 11 Programmable RO (PRO): A Multipurpose Countermeasure Against Side-Channel and Fault Injection Attack 11.1 Introduction 11.1.1 Adversary Model 11.1.1.1 Side-Channel Attacker Model 11.1.1.2 Fault Attacker Model 11.1.1.3 Chapter Organization 11.2 Related Work 11.2.1 On-Chip Sensors as a Countermeasure Against Power SCA 11.2.2 On-Chip Sensors to Detect or Cause Power Perturbation 11.2.3 On-Chip Sensors to Detect Fault Injection 11.2.4 Our Contribution 11.3 Programmable RO Design 11.3.1 Background 11.3.2 PRO Design and Configuration 11.3.3 PRO Integration and Basic Principles 11.4 Side-Channel Countermeasure 11.5 Power Sensing 11.5.1 PRO Power Sensing with Regard to External Power Variations 11.5.2 PRO Power Sensing with Regard to On-die Local Power Variations 11.5.3 PRO Power Sensing with Regard to Sensor Locality 11.6 Fault Detection 11.6.1 Power Fault Detection 11.6.2 Electromagnetic Fault Injection (EMFI) Detection 11.7 Conclusion References Index

قیمت نهایی

۴۴٬۰۰۰ تومان