The purpose of this book is to provide a practical approach to managing security in FPGA designs for researchers and practitioners in the electronic design automation (EDA) and FPGA communities, including corporations, industrial and government research labs, and academics. This book combines theoretical underpinnings with a practical design approach and worked examples for combating real world threats. To address the spectrum of lifecycle and operational threats against FPGA systems, a holistic view of FPGA security is presented, from formal top level speci?cation to low level policy enforcement mechanisms, which integrates recent advances in the ?elds of computer security theory, languages, compilers, and hardware. The net effect is a diverse set of static and runtime techniques that, working in coope- tion, facilitate the composition of robust, dependable, and trustworthy systems using commodity components. We wish to acknowledge the many people who helped us ensure the success of ourworkonrecon?gurablehardwaresecurity.Inparticular,wewishtothankAndrei Paun and Jason Smith of Louisiana Tech University for providing us with a Lin- compatible version of Grail+. We also wish to thank those who gave us comments on drafts of this book, including Marco Platzner of the University of Paderborn, and Ali Irturk and Jason Oberg of the University of California, San Diego. This research was funded in part by National Science Foundation Grant CNS-0524771 and NSF Career Grant CCF-0448654.

1 Introduction and Motivation.- 1.1 The Growing Reliance on FPGAs.- 1.2 FPGA Architectures.- 1.3 The Many Facets of FPGA Security.- 1.4 Organization of This Book.- References. 2 High Assurance Software Lessons and Techniques.- 2.1 Background.- 2.2 Malicious Software.- 2.3 Assurance.- 2.4 Commensurate Protection.- 2.5 Security Policy Enforcement.- 2.6 Assurance of Policy Enforcement.- References. 3 Hardware Security Challenges.- 3.1 Malicious Hardware.- 3.2 Covert Channel De?nition.- 3.3 Existing Approaches to Limiting Covert and Side Channel Attacks.- 3.4 Detecting and Mitigating Covert Channels on FPGAs.- 3.5 Policy State as a Covert Storage Channel.- References. 4 FPGA Updates and Programmability.- 4.1 Introduction.- 4.2 Bitstream Encryption and Authentication.- 4.3 Remote Updates.- 4.4 Partial Recon?guration.- References. 5 Memory Protection on FPGAs.- 5.1 Overview.- 5.2 Memory Protection on FPGAs.- 5.3 Policy Description and Synthesis.- 5.4 A Higher-Level Speci?cation Language.- 5.5 Example Policies.- 5.6 System Architecture.- 5.7 Evaluation.- 5.8 Using the Policy Compiler.- 5.9 Constructing Mathematically Precise Policies.- 5.10 Summary.- References. 6 Spatial Separation with Moats.- 6.1 Overview.- 6.2 Separation.- 6.3 Physical Isolation with Moats.- 6.4 Constructing Moats.- 6.5 Secure Interconnect with Drawbridges.- 6.6 Protecting the Reference Monitor with Moats.- References. 7 Putting it All Together: A Design Example.- 7.1 A Multi-Core Recon?gurable Embedded System.- 7.2 On-chip Peripheral Bus.- 7.3 AES core.- 7.4 Logical Isolation Compartments.- 7.5 Reference Monitor.- 7.6 Stateful Policy.- 7.7 Secure Interconnect Scalability.- 7.8 Covert Channels.- 7.9 Incorporating Moats and Drawbridges.- 7.10 Implementation and Evaluation.- 7.11 Software Interface.- 7.12 Security Usability.- 7.13 More Example Security Architectures.- 7.14 Summary.- References. 8 Forward-Looking Problems.- 8.1Trustworthy Tools.- 8.2 Formal Veri?cation of Secure Systems.- 8.3 Security Usability.- 8.4 Hardware Trust.- 8.5 Languages.- 8.6 Con?guration Management.- 8.7 Securing the Supply Chain.- 8.8 Physical Attacks on FPGAs.- 8.9 Design Theft and Failure Analysis.- 8.10 Partial Recon?guration and Dynamic Security.- 8.11 Concluding Remarks.- References. A Computer Architecture Fundamentals.- A.1 What Do Computer Architects Do All Day?- A.2 Tradeoffs Between CPUs, FPGAs, and ASICs.- A.3 Computer Architecture and Computer Science.- A.4 Program Analysis.- A.5 Novel Computer Architectures.- A.6 Memory.- A.7 Superscalar Processors.- A.8 Multithreading.- References.