Pentimento: Data Remanence in Cloud FPGAs

Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker who knows a non-secret "skeleton" (the physical structure, but not the contents) of the victim's design to (1) extract proprietary details from an encrypted FPGA design image available on the AWS marketplace and (2) recover data loaded at runtime by a previous user of a cloud FPGA using a known design. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.Comment: 17 Pages, 8 Figure

Photography-based taxonomy is inadequate, unnecessary, and potentially harmful for biological sciences

The question whether taxonomic descriptions naming new animal species without type specimen(s) deposited in collections should be accepted for publication by scientific journals and allowed by the Code has already been discussed in Zootaxa (Dubois & Nemésio 2007; Donegan 2008, 2009; Nemésio 2009a–b; Dubois 2009; Gentile & Snell 2009; Minelli 2009; Cianferoni & Bartolozzi 2016; Amorim et al. 2016). This question was again raised in a letter supported by 35 signatories published in the journal Nature (Pape et al. 2016) on 15 September 2016. On 25 September 2016, the following rebuttal (strictly limited to 300 words as per the editorial rules of Nature) was submitted to Nature, which on 18 October 2016 refused to publish it. As we think this problem is a very important one for zoological taxonomy, this text is published here exactly as submitted to Nature, followed by the list of the 493 taxonomists and collection-based researchers who signed it in the short time span from 20 September to 6 October 2016

Abstracts from the 20th International Symposium on Signal Transduction at the Blood-Brain Barriers

https://deepblue.lib.umich.edu/bitstream/2027.42/138963/1/12987_2017_Article_71.pd

Next Generation Cloud-FPGA Side-Channels

Cloud-FPGAs are an attractive option for accelerating consumer computation without the need to purchase a multi-thousand dollar device. The greatest strength of these devices, their reconfigurability, comes at a cost in terms of opening new attack vectors. We first consider an attractive cloud-FPGA model that has garnered great commercial and academic interest for reducing costs and maximizing utilization: the virtualization of cloud-FPGA resources, called multi-tenancy. However, side-channel leakage poses a major security threat in multi-tenant FPGA environments. A tenant can instantiate a signal timing sensor that measures minute changes in the power distribution network and infer information about co-tenant computation. This work presents the Tunable Dual-Polarity Time-to-Digital Converter (TDC)—a signal timing sensor with three dynamically tunable parameters: the sample duration, clock phase, and frequency. Returning to the existing cloud-FPGA model, we present, to the best of our knowledge, the first remote measurement of bias temperature instability, a type of transistor degradation, on a commercial cloud-FPGA platform. We repurpose the same on-fabric TDC testing mechanism as before. A study is provided demonstrating this bias effect within the FPGA routing, characterizing its relationship to the number of transistors in the underlying tested element, and exploring its elastic nature, on three different architectures: PYNQ-Z2, ZCU102, AWS F1. We present a novel attack vector that leverages this effect in cloud-FGPAs, where a malicious user can extract secrets from previous user’s computation

Genometa--a fast and accurate classifier for short metagenomic shotgun reads.

Metagenomic studies use high-throughput sequence data to investigate microbial communities in situ. However, considerable challenges remain in the analysis of these data, particularly with regard to speed and reliable analysis of microbial species as opposed to higher level taxa such as phyla. We here present Genometa, a computationally undemanding graphical user interface program that enables identification of bacterial species and gene content from datasets generated by inexpensive high-throughput short read sequencing technologies. Our approach was first verified on two simulated metagenomic short read datasets, detecting 100% and 94% of the bacterial species included with few false positives or false negatives. Subsequent comparative benchmarking analysis against three popular metagenomic algorithms on an Illumina human gut dataset revealed Genometa to attribute the most reads to bacteria at species level (i.e. including all strains of that species) and demonstrate similar or better accuracy than the other programs. Lastly, speed was demonstrated to be many times that of BLAST due to the use of modern short read aligners. Our method is highly accurate if bacteria in the sample are represented by genomes in the reference sequence but cannot find species absent from the reference. This method is one of the most user-friendly and resource efficient approaches and is thus feasible for rapidly analysing millions of short reads on a personal computer.The Genometa program, a step by step tutorial and Java source code are freely available from http://genomics1.mh-hannover.de/genometa/ and on http://code.google.com/p/genometa/. This program has been tested on Ubuntu Linux and Windows XP/7

Number of reads from an artifical metagenome of known composition (SimLC dataset; [<b>19</b>]) which were included in the metagenome (black bars) and assigned to the correct bacterial species by Genometa (blue bars).

<p>Only the top 21 species of the 113 bacteria included in the dataset are shown. Genometa achieves a high accuracy on this dataset. Asterisks indicate strains which are included in the SimLC dataset but not in the Genometa reference sequence. Inter strain differences generally mean less reads are attributed to these taxa. The cross denotes a species which is not present in the Genometa reference sequence.</p

The number of 100,000 Illumina human gut 100 bp reads (SRR042027, Human Microbiome Project, [17]) assigned to bacterial species by four metagenomic programs.

<p>Note the general agreement between the different programs but higher number of read assignments achieved by Genometa and MG-RAST. All programs found bacterial species typical of a human gut metagenome.</p

Software recommendations for analysis of different types of metagenome datasets.

<p>Software recommendations for analysis of different types of metagenome datasets.</p