Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Trusted Execution in SoC-FPGAs

Garrett Perkins, Benjamin Macht, Lucas Ritzdorf, Tristan Running Crane, Brock LaMeres, Clemente Izurieta, Ann Marie Reinhold

TL;DR

This SoC-FPGA TEEs SoK maps the landscape of trusted execution environments on SoC-FPGA platforms, showing rapid growth but a strong bias toward application- or feature-specific designs and only a few extensible, multi-feature solutions. Using ACM DL and IEEE Xplore and applying strict inclusion criteria, the authors categorize designs by applications (hardware acceleration, cloud/remote computing, attack mitigation, IP licensing, etc.) and features (RoT, attestation, memory security, secure boot, etc.), and visualize feature usage with a heatmap. Key conclusions identify research gaps in extensibility, open-source availability, and cross-domain integration, highlighting Keystone and HECTOR-V as promising extensible paradigms while noting performance and complexity overheads. The work provides a foundation for developing modular, secure, cross-platform TEEs for edge FPGA systems, guiding both researchers and practitioners toward more holistic security solutions.

Abstract

Trusted Execution Environments (TEEs) have emerged at the forefront of edge computing to combat the lack of trust between system components. Field Programmable Gate Arrays (FPGAs) are commonly used as edge computers but were not created with security as a primary consideration. Thus, FPGA-based edge computers are increasingly the target of cyberattacks. We analyze the existing literature to systematize the applications and features of FPGA-based TEEs. We identified 27 primary studies related to different types of System-on-Chip FPGA-based TEEs. Across a wide range of applications and features, the availability of extensible solutions is limited. Most solutions focus on specific features and applications, whereas few solutions focus on feature-rich, comprehensive TEEs that can be utilized across computer systems. Whether TEEs are specific or extensible, the paucity of published studies provides evidence of research gaps. This SoK delineates these gaps revealing opportunities for researchers and developers.

SoK: Trusted Execution in SoC-FPGAs

TL;DR

This SoC-FPGA TEEs SoK maps the landscape of trusted execution environments on SoC-FPGA platforms, showing rapid growth but a strong bias toward application- or feature-specific designs and only a few extensible, multi-feature solutions. Using ACM DL and IEEE Xplore and applying strict inclusion criteria, the authors categorize designs by applications (hardware acceleration, cloud/remote computing, attack mitigation, IP licensing, etc.) and features (RoT, attestation, memory security, secure boot, etc.), and visualize feature usage with a heatmap. Key conclusions identify research gaps in extensibility, open-source availability, and cross-domain integration, highlighting Keystone and HECTOR-V as promising extensible paradigms while noting performance and complexity overheads. The work provides a foundation for developing modular, secure, cross-platform TEEs for edge FPGA systems, guiding both researchers and practitioners toward more holistic security solutions.

Abstract

Trusted Execution Environments (TEEs) have emerged at the forefront of edge computing to combat the lack of trust between system components. Field Programmable Gate Arrays (FPGAs) are commonly used as edge computers but were not created with security as a primary consideration. Thus, FPGA-based edge computers are increasingly the target of cyberattacks. We analyze the existing literature to systematize the applications and features of FPGA-based TEEs. We identified 27 primary studies related to different types of System-on-Chip FPGA-based TEEs. Across a wide range of applications and features, the availability of extensible solutions is limited. Most solutions focus on specific features and applications, whereas few solutions focus on feature-rich, comprehensive TEEs that can be utilized across computer systems. Whether TEEs are specific or extensible, the paucity of published studies provides evidence of research gaps. This SoK delineates these gaps revealing opportunities for researchers and developers.

Paper Structure

This paper contains 14 sections, 2 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Methods
  3. Results & Discussion
  4. Application Specific
  5. Hardware Acceleration
  6. Cloud and Remote Computing
  7. Attack Mitigation
  8. IP Licensing
  9. Smart Grid Security
  10. Feature Specific
  11. Extensible TEEs
  12. Threats to Validity
  13. Conclusion
  14. Acknowledgments

Figures (2)

  • Figure 1: Stacked bar plot representing the number of papers published over the study period. Panel A is the 109 papers found using the search strings in Table \ref{['table:strings']}. Panel B is the 27 papers after application of the inclusion criteria in Table \ref{['table:criteria']}.
  • Figure 2: Heatmap of applications and their respective features in the pool of papers. Blue hue denotes number of papers discussing the features and applications indicated on axes.