Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover "FPGA pentimenti" - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker who knows a non-secret "skeleton" (the physical structure, but not the contents) of the victim's design to (1) extract proprietary details from an encrypted FPGA design image available on the AWS marketplace and (2) recover data loaded at runtime by a previous user of a cloud FPGA using a known design. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.

翻译：云FPGA在计算效率、能效与成本之间实现了诱人的平衡。这种优势源于FPGA架构的灵活性，但正是这种灵活性暴露了新的安全漏洞。我们证明，远程攻击者能够恢复"FPGA pentimenti"——即云FPGA前用户已移除的长期秘密数据。构成FPGA pentimenti的敏感数据是偏置温度不稳定性（BTI）效应对底层晶体管造成的模拟印记。我们展示了当攻击者将时间数字转换器（TDC）编程到目标云FPGA时，如何通过该转换器测量这种细微的退化现象。这种技术使得攻击者能够获取云FPGA上先前安全的信息，即使这些信息已不再显式存在。值得注意的是，若攻击者知晓受害者设计的非秘密"骨架"（物理结构而非内容），该技术可允许其：（1）从AWS市场上提供的加密FPGA设计镜像中提取专有细节；（2）利用已知设计恢复云FPGA先前用户在运行时加载的数据。我们的实验表明，BTI退化（老化）与恢复过程是可测量的，并构成对商业云FPGA的安全威胁。