One of the FPL 2012 security track talks in
Oslo focused on FPGAs platforms, security and clouds. The paper “FPGAs for
Trusted Cloud Computing” written by Ken Eguro, Ramarathnam Venkatesan both from
Microsoft Research addressed aforementioned issues. The authors focused on application
of FPGAs in the cloud, e.g., how to use a protected bitstream to create a root
of trust and thus how to secure client data and computation from potential
attackers both externally and internally. There is no doubt that cloud security
is a painful problem that is not easy to solve especially with a software-only approach
and thus the authors investigated a hardware solution (FPGA) to mitigate some
of security issues. Why FPGAs? According to authors … “FPGAs offer a
substantially smaller and more well-defined attack surface as compared to
traditional software-based systems. This allows us to make stronger security
guarantees under more robust attack models“. So it seems that apart from high performance
computing, real time computations, flexibility, power to performance ratio e.g.
all well-known areas where FPGAs work well, we also have applications where
FPGAs acts as a root of trust. It is worth to mention that hardware like
dedicated Hardware Security Modules (HSMs) can be used in similar application,
but they are usually fixed to handle specific application and thus building “virtual”
HSM using FPGA to extended applicability of HSMs and mitigate the fixed-application
problem by dynamically swap bit-streams whenever needed might be justified. The
biggest disadvantage of this solution is that target software oriented clients,
which means that in most cases hardware decryption language is not they favorite
way of solving problems. Investigation how to interface a high-level language
compiler is left as a future work.
No comments:
Post a Comment