DescriptionHeterogeneous CPU-FPGA systems have been shown to achieve significant performance gains in domain-specific computing. However, contrary to the huge efforts invested on the performance acceleration, the community has not yet investigated the security consequences due to incorporating FPGA into the traditional CPU-based architecture. In fact, the interplay between CPU and FPGA in such a heterogeneous system may introduce brand new attack surfaces if not well controlled. We develop a hardware isolation-based secure architecture, namely HISA, to mitigate the identified new threats. HISA extends the CPU-based trusted execution environment (TEE) to the heterogeneous FPGA components to enhance the security of the CPU-FPGA system. To securely offload the application to the FPGA part of HISA, we develop ApproVer to verify the security of the FPGA IP cores by applying an approximate computing-based verification mechanism. To help developers deploy applications on HISA, we develop TZSlicer to securely partition the software by meeting the security requirements and maintaining the original functionality. Furthermore, we explore another dimension of heterogeneity by extending HISA to a local-cloud system to support secure and privacy-preserving computations offloaded from the local user to the remote service provider.