Cloud service providers offer Field Programmable Gate Arrays (FPGAs) as a time-shared service for accelerating various workloads. With the current temporal sharing model, there is generally believed to be no information leakage between subsequent users since the FPGA is entirely digitally erased between each tenant.

Our results show that conventional wisdom is flawed: data from previous users of an FPGA can be extracted by measuring analog burn-in effects without physical access to the FPGA. We call these “FPGA pentimenti,” i.e., analog remnants of a previous user’s information that reflect themselves due to bias temperature instability (BTI) effects that change transistor timing behavior. Pentimenti arise when BTI causes are reversed and transistor characteristics recover, enabling a subsequent FPGA user to observe previous logical values applied to FPGA elements.

Much like infrared imaging can expose artwork pentimenti — early paint strokes since painted over by an artist whose remnants remain but are not visible to the naked eye — an FPGA pentimento can be extracted by a subsequent FPGA user even though the data was cleared, and thus no longer digitally exists on the device.

Our ASPLOS paper describes the results in more detail. Or listen to Colin’s lightning talk below.

We are working to redevelop UCSD CSE 160 “Introduction to Parallel Programming” to make it more open and accessible. A major effort is moving from CUDA and nVidia GPUs to OpenCL. That will enable us to target a much broader set of hardware accelerators like vector processing units, tensor processing units, field-programmable gate arrays, multi-core processors, and other emerging architectures. The video presented at the Qualcomm University Platforms Symposium describes the efforts that we are undertaking. The intended outcome is making the curriculum – the slides, the programming assignments, the classroom materials, etc. all open-source. I hope this will make it easier for other educators to adopt and students outside of UCSD to learn more about parallel computing. Many thanks to Qualcomm and Intel for supporting these curriculum changes.