Modern FPGAs are increasingly supporting multi-tenancy to enable dynamic reconfiguration of user modules. While multi-tenant FPGAs improve utilization and flexibility, this paradigm introduces critical security threats. In this paper, we present FLARE, a fault attack that exploits vulnerabilities in the partial reconfiguration process, specifically while a user bitstream is being uploaded to the FPGA by a reconfiguration manager. Unlike traditional fault attacks that operate during module runtime, FLARE injects faults in the bitstream during its reconfiguration, altering the configuration address and redirecting it to unintended partial reconfigurable regions (PRRs). This enables the overwriting of pre-configured co-tenant modules, disrupting their functionality. FLARE leverages power-wasters that activate briefly during the reconfiguration process, making the attack stealthy and more challenging to detect with existing countermeasures. Experimental results on a Xilinx Pynq FPGA demonstrate the effectiveness of FLARE in compromising multiple user bitstreams during the reconfiguration process.

翻译：现代FPGA日益支持多租户架构，以实现用户模块的动态重配置。尽管多租户FPGA提升了资源利用率和灵活性，但这种范式引入了严峻的安全威胁。本文提出FLARE——一种利用部分重配置过程漏洞的故障攻击，具体针对用户比特流通过重配置管理器上传至FPGA的阶段。与传统在模块运行时实施的故障攻击不同，FLARE在比特流重配置期间注入故障，篡改配置地址并将其重定向至非预期的部分可重配置区域。这种攻击能够覆盖预先配置的共租户模块，破坏其功能完整性。FLARE利用重配置过程中短暂激活的功耗单元实施攻击，使其具有隐蔽性，难以被现有防护机制检测。在Xilinx Pynq FPGA上的实验结果表明，FLARE能在重配置过程中有效破坏多个用户比特流。