System-on-a-Chip (SoC) designers use third-party intellectual property (3PIP) cores and in-house IP cores to design SOCs. Trustworthiness of such SoCs is undermined by security bugs unintentionally introduced during integration of these IPs. Each SoC has its own defined use case/usage models and corresponding security objectives. When exploited, a security weakness often results in compromise or bypass of at least one of the product security objectives. For example, it may lead to a deadlock or failure of the system, or create a backdoor allowing the attacker to gain remote access to the system so as to leak secrets from it. The goal of this competition is to develop approaches and computer-aided tools to identify such vulnerabilities in buggy SoCs.
Participating teams in this contest try to mimic the behavior of the research team that is responsible for the security assurance of the system. Their objective is to identify the security vulnerabilities, assess the security impact, and propose a mitigation, and report them to the design. They are free to use any tools and techniques of their choosing.
The competition has two phases:
Phase 1: Teams will be given a “buggy” SoC design which they need to analyze to identify as many security vulnerabilities as possible, if not all. We will also provide specification detail and the desired security properties. Freedom to choose tools and techniques is intended to minimize barrier of entry for teams.
Phase 2: At DAC, the participants need to participate in a live capture-the-flag competition. A new SoC design with new set of bugs will be provided. They need to apply their techniques (and any tools developed) on this new design.
- Siddarth Garg, New York University
- Dan Holcomb, UMass
- Arun Kanuparthi, Intel
- Hareesh Khattri, Intel
- Jeyavijayan Rajendran, Texas A&M University
- Ahmad-Reza Sadeghi, TU Darmstadt
- Ghada Dessouky, TU Darmstadt
- Patrick Haney, Texas A&M University
- Sourav Sudhir, Texas A&M University
The current scores of each team can be found on the scoreboard.
|The Last Mohicans||70.0|
|Super Secure Synopsys (industry)||35.0|
|SUNY New Paltz||32.5|
|.:hackamole:.||Vienna University of Technology (TU Wien); SymbioticEDA|
|ACES||University of California San Diego|
|Aryabhatta||Cummins college of engineering for women, pune|
|Backdoor||University of Massachusetts Amherst|
|Blue Hens||University of Delaware|
|BugHunters||Texas A&M University|
|BugShooter||Indian Institute of Technology Indore, New York University|
|Bull_ackist||University of South Florida|
|CARCH-VLSI||State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences; University of Chinese Academy of Sciences|
|CRYPTOGUYS||University (IIT Kharagpur)|
|Cinap Pi||University of Illinois at Urbana-Champaign|
|CodeJedi||Indian Institute of Technology Kharagpur|
|Dallas Bugboys||The University of Texas at Dallas|
|Diamond Dogs||Indian Institute of Technology, Kanpur|
|FGUS||Arizona State University, Intel Corporation|
|HackSOC||University of California Riverside|
|Hackcis||Univ. Grenoble Alpes, Grenoble INP, LCIS|
|Hackin' Aggies||Texas A&M University|
|ICE Lab||Drexel University|
|ICT-HS||State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences|
|LosFuzzys||Graz University of Technology|
|MaskedNebula||Indian Institute of Technology, Kharagpur|
|Neko||University of California San Diego; University of California San Diego; Tortuga Logic|
|Polar Bear||Intel Inc/ Intel Labs|
|R00timentary||Georgia Institute of Technology|
|RISC-pect||NYU Tandon School of Engineering|
|Russel's Teapot||New York University|
|SAVe||BorgWarner, Waterloo Technical Center and McMaster University; National University of Sciences and Technology (NUST)|
|SEAL_IITKGP||Indian Institute of Technology Kharagpur|
|SPARTAN||Nanyang Technological University|
|SUNY New Paltz||State University of New York (SUNY)|
|Sparsh-IITH||Indian Institute of Technology Hyderabad|
|Super Secure Synopsys||Synopsys Inc|
|TAMU-Solver||Texas A&M University|
|THT||University of Chinese Academy of Sciences|
|TPTSIC||Telecom ParisTech; Secure-IC|
|TRELA||University of Texas at Dallas|
|Team Alohomora||Texas A&M University|
|The Last Mohicans||Indian Institute of Technology Kharagpur|
|UCSB_GCB||University of California, Santa Barbara|
|WiNet Cap||Indian Institute of Technology Hyderabad|
|Wildcats||University of New Hampshire|
|intrepide||Vishwakarma Institute of Technology,Pune|
|ude-syssec||University of Duisburg-Essen|
Each team should have a team leader and up to 3 additional team members (a total of 4 participants per team), and a university-affiliated advisor. Except for unforeseen and exceptional situations, if a team has qualified for the final round of the competition and withdraws after May 15, 2018, the team members and their advisor will not be eligible to qualify for next year’s competition; the same policy applies to no-shows on the day of the finals at DAC. We strongly encourage industry teams to participate. Travel support and prizes will not be provided to industry teams but honorable mentions will be made to them according to their scores.
Important dates and Timelines
- Dec 1, Registration begins
- Jan 15 Jan 29, Registration ends
- Feb 1: Phase 1: Before DAC. An SoC design “alpha” (with security bugs embedded) will be provided. Participants have to identify the bugs and report them.
- May 1: Phase 1 ends and final reports are due.
- May 15: Finalists are announced.
- At DAC. An SoC design “beta” (with security bugs embedded) will be provided. Participants have to identify the bugs within the given timeframe, 8am-5pm, and report the bugs.
Can teams be changed after registration?
Yes, teams can change their members at any time until the finalists are announced. You can add or remove team members by sending an email to with the title “Hack@DAC team change”.
Who can be an advisor?
Team advisors are required only for academic teams. A team advisor can be anyone with a formal affiliation to a university, including faculty members, post-docs, graduate students, etc. Advisors need not be listed as team members.
Can people with the job title of _____ be on a team?
What specific skills are required to compete?
No particular expertise is required for the contest. We expect teams to use a variety of approaches according to their own backgrounds to find the security bugs.
You can contact the organizers via email at .
The competition has a Slack channel as well.
Venue & Travel
The Hack@DAC2018 will be held in San Franciso, California in June 2018 and is co-located with the DAC 2018 conference.