Радіоелектронні і комп'ютерні системи (Apr 2024)
Ensuring cybersecurity of FPGA as a service with the use of penetration testing of components
Abstract
The subject of study in this article is modern penetration testing technologies, in which the test object is the implementation of a service based on a platform using Field Programmable Gate Array (FPGA) resources. The goal of this study is to improve modern methods of penetration testing of services provided by FPGA as a Service (FaaS) to find vulnerabilities for further fixing and increasing the level of services security and trust. Task: to analyze the technological capabilities for the development of FPGA as a Service; to analyze possible threats for FPGA as a Service platform; to analyze the structure of the FPGA as a Service platform and the peculiarities of attacks on it; to analyze options for using the penetration testing standard; to propose the classification of possible use of FPGA as a Service platform for solving of cybersecurity tasks; and to propose the sequence of critical components of ensuring of the cybersecurity of FPGA as a Service platform. The following results were obtained based on the tasks. The analysis of the capabilities of existing chips, FPGA accelerator cards, programming technologies, and the integrated environments of a leading company for creation of FPGA as a Service is performed. A study on the cybersecurity problems of FPGA as a Service platforms is conducted, and a set of components to ensure the cybersecurity of FPGA as a Service Platform is proposed. Modern cybersecurity threats of FPGA as a Service platforms are analyzed. A threat structure for FPGA as a Service is proposed. The possibility of applying a penetration testing standard to FPGA services is considered. Regular audits and penetration testing are crucial elements of a cybersecurity strategy and help maintain customer and user trust in FPGA services. Based on the analysis of the possible use of FPGA as a Service to solve cybersecurity tasks, a classification of five variants considering FPGA as an object and tool is proposed. The sequence of critical components of ensuring of the cybersecurity of FPGA as a Service platform is proposed to correspond to modern known threats. Complex activities, including the software updates, security monitoring, auditing, and penetration testing, based on security standards. Conclusions. The primary contribution and scientific novelty of the obtained results is the research into the possibilities of penetration testing for services, where the test object is a platform with access to FPGA. As in many other areas, ensuring the cybersecurity of FPGA as a Service platform is complex, and ignoring any component can lead to critical consequences. Applying only penetration testing is not enough; therefore, a comprehensive list of cybersecurity measures for FPGA as a Service platforms is provided, underlining the urgency and necessity of their implementation.
Keywords