SecTEND: Secure Deployment of Heterogeneous Applications for Multi-tenant FPGA-based Platforms

Currently, FPGA-based processing systems in cloud environments are gaining popularity due to the growing demand for flexible and scalable hardware acceleration in cloud-based services. To reduce infrastructure costs and enhance resource utilization, multi-tenant sharing of computing resources has become a viable option for cloud service providers (CSPs). However, several attacks can occur during the deployment of heterogeneous applications, potentially leading to privacy leaks or even system crashes. In this paper, we propose SecTEND, a comprehensive solution for FPGA-SoCs that includes both a multi-party protocol for the secure delivery and loading of heterogeneous applications from tenants to remote devices of CSPs, and a security framework designed to ensure the protection and isolation of these applications. Within the framework, a multi-key protection mode and a hardware-accelerated cryptographic pathway are proposed and implemented. Meanwhile, several security-related functionalities, such as secure communication among parties, bitstream validation and loading are provided. Finally, we perform a security analysis, discuss possible countermeasures to further enhance the security of SecTEND, and evaluate our solution on a Xilinx UltraScale+ FPGA-SoC platform, demonstrating its security with acceptable timing overhead. Additionally, the hardware-accelerated cryptographic operations provided by the framework achieve higher throughput compared to software solutions in most cases.