Microarchitectural vulnerabilities introduced, exploited, and accelerated by heterogeneous FPGA-CPU platforms

Abstract

After years of development, FPGAs finally made an appearance on multi-tenant cloud servers in the late 2010s. Research in micro-architectural attacks has uncovered a variety of vulnerabilities on shared compute devices like CPUs and GPUs which pose a substantial thread to cloud service providers and customers alike, but heterogeneous FPGA-CPU microarchitectures require reassessment of common assumptions about isolation and security boundaries, as they introduce new attack vectors and vulnerabilities. The FPGAs now available from major cloud services use technologies like direct memory access and coherent caching to offer high-throughput, low-latency, and highly scalable FPGA-FPGA and FPGA-CPU coprocessing for heavy workloads. This chapter explores how FPGAs with access to these microarchitectural features can accelerate attacks against the host memory. It points out cache timing side channels and demonstrates a performant Rowhammer attack against a well-known RSA variant through direct memory access.