FPL2012: Security, FPGAs and the Clouds

One of the FPL 2012 security track talks in Oslo focused on FPGAs platforms, security and clouds. The paper “FPGAs for Trusted Cloud Computing” written by Ken Eguro, Ramarathnam Venkatesan both from Microsoft Research addressed aforementioned issues. The authors focused on application of FPGAs in the cloud, e.g., how to use a protected bitstream to create a root of trust and thus how to secure client data and computation from potential attackers both externally and internally. There is no doubt that cloud security is a painful problem that is not easy to solve especially with a software-only approach and thus the authors investigated a hardware solution (FPGA) to mitigate some of security issues. Why FPGAs? According to authors … “FPGAs offer a substantially smaller and more well-defined attack surface as compared to traditional software-based systems. This allows us to make stronger security guarantees under more robust attack models“. So it seems that apart from high performance computing, real time computations, flexibility, power to performance ratio e.g. all well-known areas where FPGAs work well, we also have applications where FPGAs acts as a root of trust. It is worth to mention that hardware like dedicated Hardware Security Modules (HSMs) can be used in similar application, but they are usually fixed to handle specific application and thus building “virtual” HSM using FPGA to extended applicability of HSMs and mitigate the fixed-application problem by dynamically swap bit-streams whenever needed might be justified. The biggest disadvantage of this solution is that target software oriented clients, which means that in most cases hardware decryption language is not they favorite way of solving problems. Investigation how to interface a high-level language compiler is left as a future work.