Field-programmable gate arrays (FPGAs) have become critical components in many cloud computing platforms. These devices possess the fine-grained parallelism and specialization needed to accelerate applications ranging from machine learning to networking and signal processing, among many others. Unfortunately, fine-grained programmability also makes FPGAs a security risk. Here, we review the current scope of attacks on cloud FPGAs and their remediation. Many of the FPGA security limitations are enabled by the shared power distribution network in FPGA devices. The simultaneous sharing of FPGAs is a particular concern. Other attacks on the memory, host microprocessor, and input/output channels are also possible. After examining current attacks, we describe trends in cloud architecture and how they are likely to impact possible future attacks. FPGA integration into cloud hypervisors and system software will provide extensive computing opportunities but invite new avenues of attack. We identify a series of system, software, and FPGA architectural changes that will facilitate improved security for cloud FPGAs and the overall systems in which they are located.

中文翻译：

---

对可重构云计算安全性的远见卓识

现场可编程门阵列 (FPGA) 已成为许多云计算平台的关键组件。这些设备拥有加速从机器学习到网络和信号处理等应用程序所需的细粒度并行性和专业化。不幸的是，细粒度的可编程性也使 FPGA 存在安全风险。在这里，我们回顾了当前针对云 FPGA 的攻击范围及其补救措施。许多 FPGA 安全限制都是由 FPGA 设备中的共享配电网络造成的。 FPGA 的同时共享是一个特别值得关注的问题。对存储器、主机微处理器和输入/输出通道的其他攻击也是可能的。在检查了当前的攻击之后，我们描述了云架构的趋势以及它们可能如何影响未来可能的攻击。 FPGA 集成到云管理程序和系统软件中将提供广泛的计算机会，但也会带来新的攻击途径。我们确定了一系列系统、软件和 FPGA 架构变更，这些变更将有助于提高云 FPGA 及其所在整体系统的安全性。