Memory Scraping Attack on Xilinx FPGAs: Private Data Extraction from Terminated Processes

Bharadwaj Madabhushi,Sandip Kundu,Daniel Holcomb
2024-05-23
Abstract:FPGA-based hardware accelerators are becoming increasingly popular due to their versatility, customizability, energy efficiency, constant latency, and scalability. FPGAs can be tailored to specific algorithms, enabling efficient hardware implementations that effectively leverage algorithm parallelism. This can lead to significant performance improvements over CPUs and GPUs, particularly for highly parallel applications. For example, a recent study found that Stratix 10 FPGAs can achieve up to 90\% of the performance of a TitanX Pascal GPU while consuming less than 50\% of the power. This makes FPGAs an attractive choice for accelerating machine learning (ML) workloads. However, our research finds privacy and security vulnerabilities in existing Xilinx FPGA-based hardware acceleration solutions. These vulnerabilities arise from the lack of memory initialization and insufficient process isolation, which creates potential avenues for unauthorized access to private data used by processes. To illustrate this issue, we conducted experiments using a Xilinx ZCU104 board running the PetaLinux tool from Xilinx. We found that PetaLinux does not effectively clear memory locations associated with a terminated process, leaving them vulnerable to memory scraping attack (MSA). This paper makes two main contributions. The first contribution is an attack methodology of using the Xilinx debugger from a different user space. We find that we are able to access process IDs, virtual address spaces, and pagemaps of one user from a different user space because of lack of adequate process isolation. The second contribution is a methodology for characterizing terminated processes and accessing their private data. We illustrate this on Xilinx ML application library.
Cryptography and Security,Hardware Architecture
What problem does this paper attempt to address?
The main problems that this paper attempts to solve are the privacy and security vulnerabilities in Xilinx FPGA in hardware - acceleration solutions. Specifically, these problems stem from the following aspects: 1. **Insufficient Memory Initialization**: When a process terminates, the memory in the FPGA's local DRAM is not properly cleared, resulting in memory residue. This enables subsequent processes accessing these memory locations to obtain the sensitive data left by the previous process. 2. **Insufficient Process Isolation**: Existing FPGA systems (such as those using the PetaLinux tool) fail to effectively isolate processes between different user spaces. Attackers can access other users' process IDs, virtual address spaces, and page tables through debuggers, thereby obtaining data that should not be accessed. 3. **Excessive Debugger Privileges**: The Xilinx debugger can be called from different user spaces and can access page tables. This high - level privilege allows attackers to bypass the access control of the host operating system (OS) and directly read data in the FPGA's local memory. ### Specific Contributions of the Paper To demonstrate these security issues, the authors carried out the following tasks: 1. **Proposed a New Attack Method**: Utilize the Xilinx debugger to launch a system - channel attack from different user spaces. In this way, access control can be bypassed and data in the local memory can be read. 2. **Showed How to Extract Sensitive Information from Terminated Processes**: Through the above - mentioned attack method, the authors successfully extracted private data from terminated machine - learning applications and reconstructed information such as input images. 3. **Proposed Data Analysis Techniques**: Through offline analysis of the extracted data, the authors were able to identify specific machine - learning models and reconstruct input data (such as images) related to these models. ### Experimental Verification The authors used the Xilinx ZCU104 development board to conduct experiments to verify the effectiveness of the attack. The experimental results show that after the process terminates, the data in the memory is indeed not cleared, and attackers can easily read these residual data. ### Conclusions and Future Work The authors point out that while FPGA manufacturers pursue performance and efficiency, they must place more emphasis on security, especially in managing the privileges of local memory and debugging tools. Future work will focus on improving the FPGA's security mechanisms to prevent such attacks from occurring. Through this paper, the authors revealed the potential security risks of FPGA and provided an important reference for future improvements.