Verification of FPGA-augmented trusted computing mechanisms based on Applied Pi Calculus

Trusted computing technologies may play a key role for cloud security as they enable users to relax the trustworthiness assumptions about the provider that operates the physical cloud infrastructure. This work focuses on the possibility of embodying Field-Programmable Gate Array (FPGA) devices in cloud-based infrastructures, where they can bene t computeintensive workloads like data compression, machine learning, data encoding, etc. The focus is on the implications for cloud applications with security requirements. We introduce a general architecture model of a CPU+FPGA platform pinpointing key roles and speci c assumptions that are relevant for the trusted computing mechanisms and the associated security properties. In addition, we formally veri ed the proposed solution based on Applied Pi Calculus, a descendant of Pi Calculus, that introduces constructs allowing the symbolic description of cryptographic primitives. The veri cation phase was automated by means of ProVerif, a tool taking as input a model expressed in Applied Pi Calculus along with some queries and annotations that de ne security properties to be proved or denied. The results of the analysis con rmed that the properties de ned in our work hold under the Dolev Yao attacker model.