&BECAUSE FPGAS CAN provide a useful balance between performance, rapid time to market, and flexibility, they have become the primary source of computation in many critical embedded systems. 1,2 The aerospace industry, for example, relies on FPGAs to control everything from the Joint Strike Fighter to the Mars Rover. Face recognition systems, wireless networks, intrusion detection systems, and supercomputers, all of which are employed in large security applications, also use FPGAs. In fact, in 2005 alone, an estimated 80,000 different commercial FPGA design projects began. 3 Because major IC manufacturers outsource most of their operations, 4 IP theft from a foundry is a serious concern. FPGAs provide a viable solution to this problem because the sensitive IP is not loaded onto the device until after it has been manufactured and delivered, making it harder for adversaries to target a specific application or user. Furthermore, modern FPGAs use bitstream encryption and other methods to protect IP once it is loaded onto the FPGA or an external memory. However, techniques beyond bitstream encryption are necessary to ensure FPGA design security. To save time and money, FPGA systems are typically cobbled together from a collection of existing computational cores, often obtained from third parties. These cores can be subverted during the design phase, by tampering with the tools used to translate the design to the cores or by tampering with the cores themselves. Building every core and tool from scratch is not economically feasible in most cases, and subversion can affect both third-party cores and cores developed in-house. Therefore, embedded designers need methods for securely composing systems comprising both trusted and untrusted components. 590 FPGAs combine the programmability of processors with the performance of custom hardware. As they become more common in critical embedded systems, new techniques are necessary to manage security in FPGA designs. This article discusses FPGA security problems and current research on reconfigurable devices and security, and presents security primitives and a component architecture for building highly secure systems on FPGAs.