As cloud computing evolves to support highly heterogeneous workloads, the adoption of Field-Programmable Gate Arrays (FPGAs) in multi-tenant cloud platforms has surged. This shift promises unparalleled performance benefits, especially for domains such as machine learning inference acceleration. However, the unique hardware-sharing model inherent to multi-tenant FPGAs also exposes novel and severe security risks — ranging from covert communication via wiring-level leakage to cross-tenant side-channel attacks exploiting power, timing, and electromagnetic emanations. In this paper, we present a comprehensive, theory-driven analysis of these threats, survey existing empirical evidence, and propose a unified security framework for future cloud FPGA deployments. We synthesize prior findings regarding wiring-based information leakage (Giechaskiel, Rasmussen & Eguro, 2018), cross-VM leakage in FPGA‑accelerated cloud environments (Giechaskiel, Tian & Szefer, 2021), power-analysis and ring‑oscillator based side-channel attacks (Glamočanin et al., 2020; Gravellier et al., 2019), bitstream-level fault inducement via voltage drop (Gnad, Oboril & Tahoori, 2017; Gnad et al., 2018), and isolation methodologies to shield non‑trusted IPs (Hategekimana et al., 2016–2018). On top of these technical vulnerabilities, we discuss the need for higher-level tenant isolation, attribute‑based access control, and zero‑trust policies in multi‑tenant deployments (e.g., Almorsy, Grundy & Ibrahim, 2012; Kamara & Lauter, 2010; Hariharan, 2025). Our framework advocates a layered defense strategy combining hardware partitioning, rigorous bitstream verification, runtime side‑channel monitoring, and tenant‑aware policy enforcement. Through detailed theoretical analysis, we demonstrate that such a unified approach can — in principle — mitigate the majority of known FPGA-based threats. We conclude by outlining research directions and standardization efforts essential for realizing secure, scalable, and trustworthy FPGA-accelerated cloud services.

FPGA security, multi‑tenant cloud, side‑channel attacks, bitstream isolation

Giechaskiel, I., Rasmussen, K. B. & Eguro, K. (2018). Leaky wires: Information leakage and covert communication between FPGA long wires. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 15–27.

Giechaskiel, I., Tian, S. & Szefer, J. (2021). Cross-VM information leaks in FPGA-accelerated cloud environments. In Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 91–101.

Glamočanin, O., Coulon, L., Regazzoni, F. & Stojilović, M. (2020). Are cloud FPGAs really vulnerable to power analysis attacks? In Proceedings of the 23rd Conference on Design, Automation and Test in Europe, 1007–1010.

Gnad, D. R. E., Oboril, F. & Tahoori, M. B. (2017). Voltage drop-based fault attacks on FPGAs using valid bitstreams. In Proceedings of the 27th International Conference on Field Programmable Logic and Applications (FPL ’17), 1–7.

Hariharan, R. (2025). Zero trust security in multi-tenant cloud environments. Journal of Information Systems Engineering and Management, 10.

Gnad, D. R. E., Rapp, S., Krautter, J. & Tahoori, M. B. (2018). Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In Proceedings of the International Conference on Field-Programmable Technology (FPT ’18), 289–292.

Gravellier, J., Dutertre, J. M., Teglia, Y. & Loubet‑Moundi, P. (2019). High-speed ring oscillator based sensors for remote side-channel attacks on FPGAs. In Proceedings of the International Conference on Reconfigurable Computing and FPGAs (ReConFig ’19).

Guo, K., Zeng, S., Yu, J., Wang, Y., Yang, H. & Wang, Y. (2019). A survey of FPGA-based neural network inference accelerator. ACM Transactions on Reconfigurable Technology and Systems, 12(2), Article 2.

Hategekimana, F., Mbongue, J. M., Pantho, M. J. H. & Bobda, C. (2018). Secure hardware kernels execution in CPU+FPGA heterogeneous cloud. In Proceedings of the International Conference on Field‑Programmable Technology (FPT ’18), 182–189.

Hategekimana, F., Mbongue, J. M., Pantho, M. J. H. & Bobda, C. (2018). Inheriting software security policies within hardware IP components. In Proceedings of the IEEE 26th Annual International Symposium on Field‑Programmable Custom Computing Machines (FCCM ’18), 53–56.

Hategekimana, F., Nardin, P. & Bobda, C. (2016). Hardware/software isolation and protection architecture for transparent security enforcement in networked devices. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI ’16), 140–145.

Hategekimana, F., Whitaker, T. J. L., Pantho, M. J. H. & Bobda, C. (2017). Shielding non-trusted IPs in SoCs. In Proceedings of the 27th International Conference on Field Programmable Logic and Applications (FPL ’17), 1–4.

Hategekimana, F., Whitaker, T. J. L., Pantho, M. J. H. & Bobda, C. (2017). Secure integration of non‑trusted IPs in SoCs. In 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 103–108.

Almorsy, M., Grundy, J. & Ibrahim, A. S. (2012). TOSSMA: A Tenant‑Oriented SaaS Security Management Architecture. IEEE Fifth International Conference on Cloud Computing, 1–9.

Tsai, W. & Shao, Q. (2011). Role-Based Access-Control Using Reference Ontology in Clouds. Tenth International Symposium on Autonomous Decentralized Systems, 121–128.

Kamara, S. & Lauter, K. (2010). Cryptographic cloud storage. In Proceedings of the 14th International Conference on Financial Cryptography and Data Security, 136–149.