HACK@DAC 2023
San Francisco, CA July 9 - July 13, 2023
WHAT IS HACK@DAC?
HACK@DAC is a competition, coincides with the DAC conference, for penetration testing of the hardware and firmware. In this competition, participants compete to identify the security vulnerabilities, implement the related exploit, propose a mitigation technique or a patch, and report them. The participants are encouraged to use any tools and techniques with a focus on theory, tooling, and automation.
This year, yet another RISC-V soc with security vulnerabilities ready to be exploited
WHAT ARE WE FOCUSING ON THIS YEAR?
This year, we together develop practical and effective solutions and computer-aided tools to identify the vulnerabilities more efficiently in buggy SoC, with a special focus on theory, tooling, and automation
The competition is held in two phase
WHAT HAPPENS IN PHASE I?
In phase I, participating teams will be provided with a “buggy” SoC, including a diverse set of bugs akin to real-world Common Vulnerabilities and Exposures. The participants are required to identify and exploit as many security vulnerabilities as possible. The detailed specification, the required security properties, and the threat model will be also provided. To minimize the barrier of entry for teams, the participants are free to use any tools and techniques needed.
After Phase I, the qualified teams will compete in phase II
Live!
WHAT HAPPENS IN PHASE II?
In phase II, the teams will be provided an SoC including a new set of more bugs. The finalists will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.
Bugs and exploits submitted will be evaluated live and winners will be announced in DAC conference.
WHO CAN PARTICIPATE?
In phase II, the teams will be provided an SoC including a new set of more bugs. The finalists will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.
DEADLINES?
- Registration starts: 25th Jan 2023
- Phase I starts: 1st March 2023
- Phase I ends: 30th April 2023
- Phase I results announced: 7th May 2023
- Phase II starts: 9th July 2023
