FPGAs on the cloud can boost applications such as real-time artificial intelligence with an optimized application-specific hardware configuration. Intel is meeting this new demand by providing FPGA platforms optimized for cloud and data center scenarios. As of today, three Intel FPGA server platforms exist:

• PAC: Programmable Acceleration Cards are PCIe expansion boards containing an Arria 10 or Stratix 10 FPGA and local SDRAM
• Integrated: Xeon CPU with Integrated Arria 10 FPGA and local cache on the FPGA
• SoC: System on Chip running an Agilex FPGA and an ARM Cortex-A53 with local memory and cache

As these new platforms are closely connected to the CPU, new side channels are introduced exposing a new attack surface. Recent works focused on remote physical attacks, but from our point of view digital attacks such as micro-architectural attacks are a much more serious threat.

HARPY is a joint project between the University of Lübeck and our partners at the Worcester Polytechnic Institute (WPI). Together we take part in Intel's Vulnerability ISRA, which is an Intel funded research cluster consisting of teams from VUSec, the University of Florida, WPI, and University of Lübeck.

Our first project results are presented in our JackHammer paper. We systematically analyze the PAC and integrated platform for cache side-channels and show that rowhammer attacks originating from the FPGA result in a significantly higher flip-rate in the main memory. The draft paper is available on arXiv and got attention in the media (see ZDNet, Tom's Hardware, or Heise Online). The final version was published at the CHES 2020 conference.