FLARE: Fault Attack Leveraging Address Reconfiguration Exploits in Multi-Tenant FPGAs

TL;DR

FLARE is a fault attack targeting multi-tenant FPGAs that exploits vulnerabilities during partial reconfiguration to overwrite modules, demonstrating a stealthy and effective security breach during bitstream uploads.

Contribution

This paper introduces FLARE, a novel fault attack exploiting reconfiguration vulnerabilities in multi-tenant FPGAs, highlighting a new security threat during bitstream reconfiguration.

Findings

Successfully overwrites modules during reconfiguration

Stealthy attack leveraging power-wasters

Effective on Xilinx Pynq FPGA

Abstract

Modern FPGAs are increasingly supporting multi-tenancy to enable dynamic reconfiguration of user modules. While multi-tenant FPGAs improve utilization and flexibility, this paradigm introduces critical security threats. In this paper, we present FLARE, a fault attack that exploits vulnerabilities in the partial reconfiguration process, specifically while a user bitstream is being uploaded to the FPGA by a reconfiguration manager. Unlike traditional fault attacks that operate during module runtime, FLARE injects faults in the bitstream during its reconfiguration, altering the configuration address and redirecting it to unintended partial reconfigurable regions (PRRs). This enables the overwriting of pre-configured co-tenant modules, disrupting their functionality. FLARE leverages power-wasters that activate briefly during the reconfiguration process, making the attack stealthy and more challenging to detect with existing countermeasures. Experimental results on a Xilinx Pynq FPGA demonstrate the effectiveness of FLARE in compromising multiple user bitstreams during the reconfiguration process.