Memory Scraping Attack on Xilinx FPGAs: Private Data Extraction from Terminated Processes

TL;DR

This paper reveals security vulnerabilities in Xilinx FPGA-based systems where terminated process memory is not properly cleared, enabling memory scraping attacks that can extract private data, highlighting the need for better process isolation.

Contribution

It introduces a novel attack methodology exploiting inadequate process isolation in Xilinx FPGAs and characterizes how private data can be accessed after process termination.

Findings

Memory scraping attack is feasible on Xilinx FPGAs due to memory initialization flaws.

Process IDs and virtual address spaces can be accessed across user boundaries.

Terminated process data remains accessible, risking privacy breaches.

Abstract

FPGA-based hardware accelerators are becoming increasingly popular due to their versatility, customizability, energy efficiency, constant latency, and scalability. FPGAs can be tailored to specific algorithms, enabling efficient hardware implementations that effectively leverage algorithm parallelism. This can lead to significant performance improvements over CPUs and GPUs, particularly for highly parallel applications. For example, a recent study found that Stratix 10 FPGAs can achieve up to 90\% of the performance of a TitanX Pascal GPU while consuming less than 50\% of the power. This makes FPGAs an attractive choice for accelerating machine learning (ML) workloads. However, our research finds privacy and security vulnerabilities in existing Xilinx FPGA-based hardware acceleration solutions. These vulnerabilities arise from the lack of memory initialization and insufficient process isolation, which creates potential avenues for unauthorized access to private data used by processes. To illustrate this issue, we conducted experiments using a Xilinx ZCU104 board running the PetaLinux tool from Xilinx. We found that PetaLinux does not effectively clear memory locations associated with a terminated process, leaving them vulnerable to memory scraping attack (MSA). This paper makes two main contributions. The first contribution is an attack methodology of using the Xilinx debugger from a different user space. We find that we are able to access process IDs, virtual address spaces, and pagemaps of one user from a different user space because of lack of adequate process isolation. The second contribution is a methodology for characterizing terminated processes and accessing their private data. We illustrate this on Xilinx ML application library.