We propose FPGA-Patch, the first-of-its-kind defense that leverages automated
program repair concepts to thwart power side-channel attacks on cloud FPGAs.
FPGA-Patch generates isofunctional variants of the target hardware by injecting
faults and finding transformations that eliminate failure. The obtained
variants display different hardware characteristics, ensuring a maximal
diversity in power traces once dynamically swapped at run-time. Yet, FPGA-Patch
forces the variants to have enough similarity, enabling bitstream compression
and minimizing dynamic exchange costs. Considering AES running on AMD/Xilinx
FPGA, FPGA-Patch increases the attacker's effort by three orders of magnitude,
while preserving the performance of AES and a minimal area overhead of 14.2%.Comment: 6 page