Our mission

TRAIN HARDWARE SECURITY EXPERTS,​

DESIGN AND DEVELOP ADVANCED METHODOLOGIES AND AUTOMATED TOOLS FOR DETECTING HARDWARE SECURITY VULNERABILITIES, and

AID COMMUNITY TESTING AND OPEN SOURCING.

Why hardware security is vital?

Hardware is at the heart of any computing platform. For decades the software was considered to be more error-prone and vulnerable to attacks than hardware. At last, everybody needs to trust the CPU of her/his machine. As software became more complex and the attack surface larger, security researchers and industry have invested high effort to provide various hardware security mechanisms and components inside as well as outside the CPU, strengthening the security of modern software. However, sophisticated attacks exploiting security bugs in hardware are increasing despite the effort of the semi-conductor industry for hardware error detection and verification. This imposes a number of challenges on hardware design, implementation and evaluation requiring novel technological and educational approaches. To face the current and future challenges in secure hardware it is vital to foster a security mindset, develop programs to educate the next generation of security engineers, and bring together excellent researchers to solve complex problems.  HACK@EVENT Franchise is a premier hardware security contest, a venue for computer scientists and industry experts for discovering security-critical vulnerabilities and design flaws in system-on-a-chip (SoC) and the exploitation thereof. This mimics the real-life scenario where security engineers have to find vulnerabilities in the given design. 

The vulnerabilities are very diverse and can range from enabling an attacker to corrupt data to leak secret information  bringing down an entire system. Given that companies will typically not share their designs in public space to be attacked by others, Intel joined hands with the Technical University of Darmstadt and Texas AMU to develop for this contest an open-source SoC that is riddled with security vulnerabilities.

Since then HACK@EVENT became a first-of-its-kind competition and a franchise that has attracted massive interest. It takes place yearly at different top security and systems venues such as USENIX Security and DAC.  

LIKE SOFTWARE, HARDWARE IS BUGGY​

  • Hardware is complex
  • Hardware designers use legacy modules
  • Hardware designers use IPs made by other companies
  • The high-level specification can be imperfectly interpreted by modular design in the lower levels
  • Old and new modules interact via old and new interfaces
  • Old and new modules interact via old and new interfaces

LIKE SOFTWARE, WE DO TEST HARDWARE

The semiconductor industry and hardware designers make extensive use of a variety of techniques, such as simulation, emulation, and formal verification to detect bugs and security-critical vulnerabilities. These were originally designed for functional verification with security-specific verification incorporated into them later. While a rich body of knowledge exists within the software community (e.g., regarding software exploitation and techniques to automatically detect software vulnerabilities, security-focused HDL analysis is currently lagging behind. Hence, the industry has recently adopted a security development lifecycle (SDL) for hardware — inspired by software practices. This process combines different techniques and tools, such as RTL manual code audits, assertion-based testing, dynamic simulation, and automated security verification. However, the recent outbreak of cross-layer attacks poses a spectrum of difficult challenges for these security verification techniques, because they exploit complex and subtle inter-dependencies between hardware and software. By cross-layer attack we mean when an attacker exploits hardware vulnerabilities from software only, such as microarchitectural attacks like Meltdown and Spectre and other attacks that exploit vulnerabilities even deeper in hardware, as we explore in different HACK@EVENT events.  Existing verification techniques are fundamentally limited in modeling and verifying these interactions. Moreover, they also do not scale with the size and complexity of real-world SoC designs.

UNLIKE SOFTWARE, PATCHING HARDWARE IS HARD

Post-fabrication, it is not physically possible to modify the hardware to patch errors and vulnerabilities. Hence, there is a real need to move back in the verification process and use more effective and efficient methods to detect as many vulnerabilities as possible in the hardware before the fabrication. To do that we need to:

  • train hardware security experts,
  • develop and test automated tools for detecting vulnerabilities in the design time,
  • adopt reconfigurable and cloud-based hardware,
  • aid community testing and open sourcing.