Stephan,
In the past, before Virtex architecture, it was possible to create contention in the bitstream (connect two outputs together).
With Virtex, and its new methods of interconnect (fully buffered, no tristate), we had fewer and fewer places where contention could occur.
Now with Virtex 5, it is almost impossible to create intentional contention. There are still some structures where the wrong bits will connect two outputs together, but these are very few, and do not amount to a large heat load (device will not be damaged, the currents in the metal does not even exceed the EM rules!).
The loading of a random bitstream does create some issues, as there are other bits which are part of the stream that can, and do affect power.
For example, by turning ON all of the parallel DCI impedance matching circuits, one could have 200 ohms from Vcco to ground, on every IO pin! Given 500 to 800 IO's, that is 200/500 ohms, or 200/800 ohms (0.25 ohms) from Vcco to ground. At 3.3 volts, that is 13 amperes, or 40 watts!
If you intentionally made a 500 MHz clock, and then connected all the CLB's in a shift register chain (including SRL32's in V5 or SRL16's in V4), and shifted a 1,0 pattern, I am sure you could melt the solder of a part!
The design rule check will check for an unsupported combination of bits, but not an intentional set of connections: the onus is on the user to know what they are doing, and not exceed the junction temperature specification. SO an "attack" using DCI or a giant shift register would succeed.
In that sense, a "denial of service" attack on an FPGA is much simpler if you have physical access -- just hit it with a hammer and be done with it!
If you hacked into a network management system, and knew that you could download bitstreams to network elements, I would hope that there are sufficient security protocols in place so that you could not destroy a system remotely by downloading a pattern with all DCI turned ON.
For example, if bitstream encyption is used, if you do not know the key, the bitstream is garbage, the CRC32 does not match, and the device never starts up (DONE does not go high).
Unlike a microprocessor, there is no possibility of a single "halt and catch fire" instruction.
Austin