FPGAs are now used in public clouds to accelerate a wide range of applications, including many that operate on sensitive data such as financial and medical records. We present ShEF, a trusted execution environment (TEE) for cloud-based reconfigurable accelerators. ShEF is independent from CPU-based TEEs and allows secure execution under a threat model where the adversary can control all software running on the CPU connected to the FPGA, has physical access to the FPGA, and can compromise the FPGA interface logic of the cloud provider. ShEF provides a secure boot and remote attestation process that relies solely on existing FPGA mechanisms for root of trust. It also includes a Shield component that provides secure access to data while the accelerator is in use. The Shield is highly customizable and extensible, allowing users to craft a bespoke security solution that fits their accelerator's memory access patterns, bandwidth, and security requirements at minimum performance and area overheads. We describe a prototype implementation of ShEF for existing cloud FPGAs, map ShEF to a performant and secure storage application, and measure the performance benefits of customizable security using five additional accelerators.
翻译:FPGA现在用于公共云层,以加速广泛的应用,包括许多使用财务和医疗记录等敏感数据的应用程序。我们为基于云的可调动加速器提供一个可靠的执行环境SEEF。SHEF独立于基于CPU的TEE,在威胁模式下可以安全地执行,在威胁模式下,对手可以控制与FPGA连接的CPU上运行的所有软件,可以实际访问FPGA, 并可能损害FPGA对云供应商的界面逻辑。SEF提供了一个安全靴子和远程验证程序,完全依靠现有的FPGA的信任根机制。它还包括一个盾牌部件,在使用加速器时提供安全访问数据的机会。Hild是高度可定制和可扩展的,使用户能够设计一个符合其加速器记忆访问模式、带宽度和最低性能和地区顶端安全要求的自定安全解决方案。我们描述SEFF对现有云、SEFPGA的原型实施情况,将SEFF图绘制成一个可操作和安全存储器,并测量5个额外安全存储器的性能。