System-on-a-Chip (SoC) designers use third-party intellectual property (3PIP) cores and in-house IP cores to design SOCs. Trustworthiness of such SoCs is undermined by security bugs unintentionally introduced during integration of these IPs. Each SoC has its own defined use case/usage models and corresponding security objectives. When exploited, a security weakness often results in compromise or bypass of at least one of the product security objectives. For example, it may lead to a deadlock or failure of the system, or create a backdoor allowing the attacker to gain remote access to the system so as to leak secrets from it. The goal of this competition is to develop approaches and computer-aided tools to identify such vulnerabilities in buggy SoCs.

Participating teams in this contest try to mimic the behavior of the research team that is responsible for the security assurance of the system. Their objective is to identify the security vulnerabilities, assess the security impact, and propose a mitigation, and report them to the design. They are free to use any tools and techniques of their choosing.

The competition has two phases:

  • Phase 1: Teams will be given a “buggy” SoC design which they need to analyze to identify as many security vulnerabilities as possible, if not all. We will also provide specification detail and the desired security properties. Freedom to choose tools and techniques is intended to minimize barrier of entry for teams.

  • Phase 2: At DAC, the participants need to participate in a live capture-the-flag competition. A new SoC design with new set of bugs will be provided. They need to apply their techniques (and any tools developed) on this new design.



Each team should have a team leader and up to 3 additional team members (a total of 4 participants per team), and a university-affiliated advisor. Except for unforeseen and exceptional situations, if a team has qualified for the final round of the competition and withdraws after May 15, 2018, the team members and their advisor will not be eligible to qualify for next year’s competition; the same policy applies to no-shows on the day of the finals at DAC. We strongly encourage industry teams to participate. Travel support and prizes will not be provided to industry teams but honorable mentions will be made to them according to their scores.

Important dates and Timelines

  1. Dec 1, Registration begins
  2. Jan 15 Jan 29, Registration ends
  3. Feb 1: Phase 1: Before DAC. An SoC design “alpha” (with security bugs embedded) will be provided. Participants have to identify the bugs and report them.
  4. May 1: Phase 1 ends and final reports are due.
  5. May 15: Finalists are announced.
  6. At DAC. An SoC design “beta” (with security bugs embedded) will be provided. Participants have to identify the bugs within the given timeframe, 8am-5pm, and report the bugs.


Can teams be changed after registration?

Yes, teams can change their members at any time until the finalists are announced. You can add or remove team members by sending an email to with the title “Hack@DAC team change”.

Who can be an advisor?

Team advisors are required only for academic teams. A team advisor can be anyone with a formal affiliation to a university, including faculty members, post-docs, graduate students, etc. Advisors need not be listed as team members.

Can people with the job title of _____ be on a team?


What specific skills are required to compete?

No particular expertise is required for the contest. We expect teams to use a variety of approaches according to their own backgrounds to find the security bugs.

Where can I see the current scoreboard?

The current scoreboard can be seen here.



You can contact the organizers via email at .

The competition has a Slack channel as well.


To register, please fill in the form below or use this link. You will receive a confirmation email.

Venue & Travel

The Hack@DAC2018 will be held in San Franciso, California in June 2018 and is co-located with the DAC 2018 conference.