FPGA Pentimenti: Transistors Leak Previous FPGA Cloud User Data

Cloud service providers offer Field Programmable Gate Arrays (FPGAs) as a time-shared service for accelerating various workloads. With the current temporal sharing model, there is generally believed to be no information leakage between subsequent users since the FPGA is entirely digitally erased between each tenant.

Our results show that conventional wisdom is flawed: data from previous users of an FPGA can be extracted by measuring analog burn-in effects without physical access to the FPGA. We call these “FPGA pentimenti,” i.e., analog remnants of a previous user’s information that reflect themselves due to bias temperature instability (BTI) effects that change transistor timing behavior. Pentimenti arise when BTI causes are reversed and transistor characteristics recover, enabling a subsequent FPGA user to observe previous logical values applied to FPGA elements.

Much like infrared imaging can expose artwork pentimenti — early paint strokes since painted over by an artist whose remnants remain but are not visible to the naked eye — an FPGA pentimento can be extracted by a subsequent FPGA user even though the data was cleared, and thus no longer digitally exists on the device.

Our ASPLOS paper describes the results in more detail. Or listen to Colin’s lightning talk below.