With the rapidly growing demand of high performance computations, the traditional central processing unit (CPU)-based computing systems have been deployed with field programmable gate array (FPGA) components for hardware acceleration, such as in the emerging CPU-FPGA cloud systems. Despite the significant performance benefits, the CPU-FPGA architecture introduces new attack surfaces through the communications between the two heterogeneous components. This project develops a hardware isolation-based security framework to eliminate the new attack surfaces, a programming toolkit to facilitate the development of secure CPU-FPGA systems, as well as a set of CPU-FPGA benchmark applications for evaluation purposes.
The project involves three research activities. First, it develops a hardware security framework that achieves FPGA-compatible containers enabled by bus-level hardware isolation, together with efficient security verification policies leveraging approximate computing and side channel analysis. Second, it delivers a programming toolkit that automatically partitions the CPU and FPGA jobs into the hardware isolation environment using dynamic program slicing, as well as a performance and resource optimization scheme employing dynamic scheduling. Third, it generates a representative set of CPU-FPGA benchmarks spanning secure multimedia systems, financial security, and privacy-preserving scientific computing to evaluate the security and performance of the CPU-FPGA systems.
The project will generate broader impacts from several aspects. First, it will enable comprehensive education activities such as new curriculum design and summer internship programs attracting undergraduate students to cybersecurity research. Second, it will benefit many fields of studies with strong security guarantees and short learning curves given the growing popularity of CPU-FPGA cloud. Third, the CPU-FPGA benchmarks have the potential of enabling industrial outreach and generating real world impacts. Furthermore, the project will transform the fields of hardware security, software engineering, and scientific computing to the new frontier of jointly supporting heterogeneous architectures, motivating interdisciplinary cybersecurity research.
The project repository will be stored on a publicly accessible server at the University of Nebraska-Lincoln (http://cse.unl.edu/~swei/projects/hisa). All the project data will be maintained for at least 5 years following the end of the grant period.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
