Field Programmable Gate Arrays (FPGAs) have become increasingly popular in computing platforms. With recent advances in bitstream format reverse engineering, the scientific community has widely explored static FPGA security threats. For example, it is now possible to convert a bitstream to a netlist, revealing design information, and apply modifications to the static bitstream based on this knowledge. However, a systematic study of the influence of the bitstream format understanding in regards to the security aspects of the dynamic configuration process, particularly for Xilinx’s Internal Configuration Access Port (ICAP), is lacking. This article fills this gap by comprehensively analyzing the security implications of ICAP interfaces, which primarily support dynamic partial reconfiguration. We delve into the Xilinx bitstream file format, identify misconceptions in official documentation, and propose novel configuration (attack) primitives based on dynamic reconfiguration, i.e., create/read/update/delete circuits in the FPGA, without requiring pre-definition during the design phase. Our primitives are consolidated in a novel Stealthy Reconfigurable Adaptive Trojan framework to conceal Trojans and evade state-of-the-art netlist reverse engineering methods. As FPGAs become integral to modern cloud computing, this research presents crucial insights on potential security risks, including the possibility of a malicious tenant or provider altering or spying on another tenant’s configuration undetected.

FPGA 在计算平台中变得越来越流行。随着比特流格式逆向工程的最新进展，科学界广泛探讨了静态 FPGA 安全威胁。例如，现在可以将比特流转换为网表，揭示设计信息，并基于此知识对静态比特流应用修改。然而，目前还缺乏对比特流格式理解对动态配置过程安全性影响的系统研究，特别是对于 Xilinx 的内部配置访问端口 (ICAP)。本文通过全面分析主要支持动态部分重配置的 ICAP 接口的安全隐患来填补这一空白。我们深入研究 Xilinx 比特流文件格式，识别官方文档中的误解，并提出基于动态重配置的新颖配置（攻击）原语，即在 FPGA 中创建/读取/更新/删除电路，而无需在设计过程中预先定义阶段。我们的原语被整合到一个新颖的隐形可重构自适应木马中（策略）框架来隐藏木马并逃避最先进的网表逆向工程方法。随着 FPGA 成为现代云计算不可或缺的一部分，这项研究提供了有关潜在安全风险的重要见解，包括恶意租户或提供商在未检测到的情况下更改或监视另一个租户配置的可能性。