Hacking SoC IP Under Pressure

Hackfest culminates in race to find planted SoC bugs in 33 hours.


Hack@DAC certainly shows that some teams can find bugs faster than others. The hackfest, now in its third year, is a bug-finding contest for teams of university students joined by a smattering of industry members whose task is to find a bugs implanted in SoC IP.  The teams follow the practices of real-world security teams.

“[The teams’] objective is to identify the security vulnerabilities, assess their security impact, propose a mitigation and report them,” according to the contest website. “They are free to use any tools and techniques of their choosing. Participating teams can affiliated with either industry or academia.”

Hack@DAC competition. (Image: Daniel Holcomb.)

Hack@DAC competition. (Images: Daniel Holcomb.)

“The contest addresses a critical problem in security—students do not have appropriate venues for learning how to do a security review of designs,” said Daniel Holcomb, assistant professor of Electrical and Computer Engineering at University of Massachusetts at Amherst. “If engineers can learn a security mindset, it can help them to design more secure products when they reach industry. We were surprised that some of the student teams even found bugs that were introduced accidentally when creating the benchmarks!”

The competition had several stages: a bug donation team selected bugs and puts them into an open-source SoC; in March 2019, the buggy SoC design was given to all the teams, who were allowed to use whatever tools they wanted (existing or created by them) to find and record the bugs. Teams submitted written entries, from which the bug donation team and organizers selected finalists. The bug donation team went back into action and created a new buggy SoC, which the finalists examined at DAC in “a live capture-the-flag competition” that lasted 33 hours.

The finalists competing at DAC this year were from around the world. “The contest was a great success. This is the third year of holding the contest, and we had 14 teams competing in the final round from three continents (44 teams in initial round). It has been great to see how it grows each year,” said Holcomb.

Finalists competing at DAC 2019. (Source: Hack@DAC)

The three top teams—the Hackin’ Aggies (Texas A&M College Station and tool vendor Tortuga Logic), NOPS (Eurecom, the French graduate school and research center in digital sciences) and Always@Posedge (New York University School of Engineering) presented their winning methods on Tuesday afternoon at DAC. A formal awards were presented to top three teams on Thursday June 6 before the DAC keynote.

Nicole Fern, a senior hardware security engineer at Tortuga Logic, was on Hackin’ Aggies, which did use Tortuga Logic’s tool Radix-S during the contest. “Our team used Radix-S both during the alpha and beta rounds of the contest. The unique ability of Radix-S to track where secret assets stored in hardware (such as encryption keys) flow in the hardware design definitely gave us an advantage in the competition,” Fern told Semiconductor Engineering. “No other teams used Tortuga Logic tools and we won the contest by quite a large margin. Of course, because of the contest time constraints, we also found many bugs by RTL code inspection and writing test cases.”

Regardless of the tools, the team members were good. It wasn’t a contest about just the tools. “There were not in general tool vendors involved. Aggies were one of the few teams that had industry members, and their industry member happened to be from a tool company,” said Holcomb. He said the year before, Aggies was one of the top scorers as well, before anyone from Tortuga joined. “They have a strong group of students,” he said.

Live scoreboard in the Hack@DAC room on Sunday afternoon. (Source: Semiengineering.com/Susan Rambo)

Final scoreboard posted on Hack@DAC’s website after the 33-hour contest was over. (Hack@DAC)

(Above) Scorekeepers at the Hack@DAC 2019 contest are (left to right) Hareesh Khattri, a senior security researcher from Intel; Arun Kanuparthi, a security researcher at Intel, and Texas A&M student helper Rahul Kande. Not pictured is scorekeeper Jason M Fung, product security research manager at Intel. The contest is a 33-hour contest for teams from major universities to find planted open-source bugs in third-party SoC IP. (Right) Co-organizer Daniel Holcomb, assistant professor at Electrical & Computer Engineering, UMass, Amherst.  Source: Semiconductor Engineering/Susan Rambo.

Hack@DAC sponsors are Qualcomm, Army Research, Crossings, and NSF. Organizers were:

  • Jason M Fung, Intel
  • Dan Holcomb, UMass
  • Arun Kanuparthi, Intel
  • Hareesh Khattri, Intel
  • Jeyavijayan Rajendran, Texas A&M University
  • Ahmad-Reza Sadeghi, TU Darmstadt

PhD students Ghada Dessouky from TU Darmstadt and Bhagyaraja Adapa from Texas A&M University helped manage the contest, along with grad students Garrett Persyn and Rahul Kande, both from Texas A&M University.

Related Story
Training Tomorrow’s Chip Designers
The semiconductor industry partners with academia in a variety of ways to support the next generation of electrical engineers.

Leave a Reply

(Note: This name will be displayed publicly)