{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T09:37:48Z","timestamp":1774517868520,"version":"3.50.1"},"reference-count":54,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,4,30]],"date-time":"2024-04-30T00:00:00Z","timestamp":1714435200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSF","award":["2245344 and 1901901"],"award-info":[{"award-number":["2245344 and 1901901"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Reconfigurable Technol. Syst."],"published-print":{"date-parts":[[2024,6,30]]},"abstract":"<jats:p>Cloud computing providers today offer access to a variety of devices, which users can rent and access remotely in a shared setting. Among these devices are SmartSSDs, which are solid-state disks (SSD) augmented with an FPGA, enabling users to instantiate custom circuits within the FPGA, including potentially malicious circuits for power and temperature measurement. Normally, cloud users have no remote access to power and temperature data, but with SmartSSDs they could abuse the FPGA component to instantiate circuits to learn this information. Additionally, custom power waster circuits can be instantiated within the FPGA. This paper shows for the first time that by leveraging ring oscillator sensors and power wasters, numerous covert-channels in FPGA-enabled SmartSSDs could be used to transmit information. This work presents two channels in single-tenant setting (SmartSSD is used by one user at a time) and two channels in multi-tenant setting (FPGA and SSD inside SmartSSD is shared by different users). The presented covert channels can reach close to 100% accuracy. Meanwhile, bandwidth of the channels can be easily scaled by cloud users renting more SmartSSDs as the bandwidth of the covert channels is proportional to number of SmartSSD used.<\/jats:p>","DOI":"10.1145\/3635312","type":"journal-article","created":{"date-parts":[[2023,12,4]],"date-time":"2023-12-04T11:50:52Z","timestamp":1701690652000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Covert-channels in FPGA-enabled SmartSSDs"],"prefix":"10.1145","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-7750-068X","authenticated-orcid":false,"given":"Theodoros","family":"Trochatos","sequence":"first","affiliation":[{"name":"Yale University, New Haven, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5932-9199","authenticated-orcid":false,"given":"Anthony","family":"Etim","sequence":"additional","affiliation":[{"name":"Yale University, New Haven, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9721-3640","authenticated-orcid":false,"given":"Jakub","family":"Szefer","sequence":"additional","affiliation":[{"name":"Yale University, New Haven, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,4,30]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"[n. d.]. Amazon EC2 F1 Instances. https:\/\/aws.amazon.com\/ec2\/instance-types\/f1\/"},{"key":"e_1_3_2_3_2","unstructured":"[n. d.] . AWS News Blog. https:\/\/aws.amazon.com\/blogs\/aws\/"},{"key":"e_1_3_2_4_2","unstructured":"[n. d.] . Project Catapult Microsoft. https:\/\/www.microsoft.com\/en-us\/research\/project\/project-catapult\/"},{"key":"e_1_3_2_5_2","unstructured":"[n. d.] . Samsung SmartSSD. https:\/\/www.xilinx.com\/applications\/data-center\/computational-storage\/smartssd.html"},{"key":"e_1_3_2_6_2","unstructured":"[n. d.] . TACC. https:\/\/www.tacc.utexas.edu\/"},{"key":"e_1_3_2_7_2","unstructured":"[n. d.] . VMAccel. https:\/\/www.vmaccel.com\/"},{"key":"e_1_3_2_8_2","unstructured":"Amazon Web Services. 2016. Developer Preview\u2014EC2 Instances (F1) with Programmable Hardware. https:\/\/aws.amazon.com\/blogs\/aws\/developer-preview-ec2-instances-f1-with-programmable-hardware\/Accessed: 2022-01-15."},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3030207.3030230"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.5555\/647924.738726"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICFPT51103.2020.00023"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/1735688.1735702"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISVLSI51109.2021.00059"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPSW.2016.44"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2022.3142199"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD46524.2019.00010"},{"key":"e_1_3_2_17_2","article-title":"CAPSULe: Cross-FPGA covert-channel attacks through power supply unit leakage","author":"Giechaskiel Ilias","year":"2021","unstructured":"Ilias Giechaskiel, Kasper Rasmussen, and Jakub Szefer. 2021. CAPSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. IEEE Symposium on Security and Privacy (2021).","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/FPL.2019.00017"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD46524.2019.00010"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415695"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/HOST49136.2021.9702277"},{"key":"e_1_3_2_22_2","article-title":"Cross-VM covert- and side-channel attacks in cloud FPGAs","author":"Giechaskiel Ilias","year":"2022","unstructured":"Ilias Giechaskiel, Shanquan Tian, and Jakub Szefer. 2022. Cross-VM covert- and side-channel attacks in cloud FPGAs. ACM Transactions on Reconfigurable Technology and Systems (2022).","journal-title":"ACM Transactions on Reconfigurable Technology and Systems"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.23919\/DATE48585.2020.9116481"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9473947"},{"key":"e_1_3_2_25_2","volume-title":"Design Automation Conference (DAC)","author":"Gobulukoglu Mustafa","year":"2021","unstructured":"Mustafa Gobulukoglu, Colin Drewes, William Hunter, Ryan Kastner, and Dustin Richmond. 2021. Classifying computations on multi-tenant FPGAs. In Design Automation Conference (DAC)."},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-90-481-9157-4"},{"key":"e_1_3_2_27_2","unstructured":"Chenglu Jin Vasudev Gohil Ramesh Karri and Jeyavijayan Rajendran. 2020. Security of Cloud FPGAs: A Survey."},{"key":"e_1_3_2_28_2","volume-title":"13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)","author":"Khawaja Ahmed","year":"2018","unstructured":"Ahmed Khawaja, Joshua Landgraf, Rohith Prakash, Michael Wei, Eric Schkufza, and Christopher J. Rossbach. 2018. Sharing, protection, and compatibility for reconfigurable fabric with \\(\\lbrace\\) AmorphOS \\(\\rbrace\\) . In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18)."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3328222"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i3.441-464"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3402937"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2019.2955119"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/ITHERM.2018.8419576"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/54.825679"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCAPT.2002.808011"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415694"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/FPL.2019.00039"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.23919\/DATE51398.2021.9473915"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2020.3027711"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/FPL50879.2020.00046"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3451236"},{"key":"e_1_3_2_42_2","volume-title":"USENIX Security Symposium","author":"Rakin Adnan Siraj","year":"2021","unstructured":"Adnan Siraj Rakin, Yukui Luo, Xiaolin Xu, and Deliang Fan. 2021. Deep-Dup: An adversarial weight duplication attack framework to crush deep neural network in multi-tenant FPGA. In USENIX Security Symposium."},{"key":"e_1_3_2_43_2","article-title":"The crystal oscillator [a circuit for all seasons]","author":"Razavi Behzad","year":"2017","unstructured":"Behzad Razavi. 2017. The crystal oscillator [a circuit for all seasons]. IEEE Solid-State Circuits Magazine (2017).","journal-title":"IEEE Solid-State Circuits Magazine"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2009.5161068"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/1964179.1964194"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00059"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/FCCM51124.2021.00035"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/3289602.3293920"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3373087.3375322"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/FCCM51124.2021.00037"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/DDECS.2008.4538777"},{"key":"e_1_3_2_52_2","article-title":"When FPGA meets cloud: A first look at performance","author":"Wang Xiuxiu","year":"2020","unstructured":"Xiuxiu Wang, Yipei Niu, Fangming Liu, and Zichen Xu. 2020. When FPGA meets cloud: A first look at performance. IEEE Transactions on Cloud Computing (TCC) (2020).","journal-title":"IEEE Transactions on Cloud Computing (TCC)"},{"key":"e_1_3_2_53_2","volume-title":"IEEE International Workshop on Hardware-Oriented Security and Trust (HOST)","author":"Yin Chi-En","year":"2009","unstructured":"Chi-En Yin and Gang Qu. 2009. Temperature-aware cooperative ring oscillator PUF. In IEEE International Workshop on Hardware-Oriented Security and Trust (HOST)."},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3340557"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3106169"}],"container-title":["ACM Transactions on Reconfigurable Technology and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3635312","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3635312","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:21Z","timestamp":1750178181000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3635312"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,30]]},"references-count":54,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,6,30]]}},"alternative-id":["10.1145\/3635312"],"URL":"https:\/\/doi.org\/10.1145\/3635312","relation":{},"ISSN":["1936-7406","1936-7414"],"issn-type":[{"value":"1936-7406","type":"print"},{"value":"1936-7414","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,30]]},"assertion":[{"value":"2023-07-05","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-11-16","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-04-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}