System-on-a-Chip (SoC) designers use third-party intellectual property (3PIP) cores and in-house IP cores to design SOCs. Trustworthiness of such SoCs is undermined by security bugs unintentionally introduced during integration of these IPs. Each SoC has its own defined use case/usage models and corresponding security objectives. When exploited, a security weakness often results in compromise or bypass of at least one of the product security objectives. For example, it may lead to a deadlock or failure of the system, or create a backdoor allowing the attacker to gain remote access to the system so as to leak secrets from it. The goal of this competition is to develop approaches and computer-aided tools to identify such vulnerabilities in buggy SoCs.

Participating teams in this contest try to mimic the behavior of the research team that is responsible for the security assurance of the system. Their objective is to identify the security vulnerabilities, assess the security impact, and propose a mitigation, and report them to the design. They are free to use any tools and techniques of their choosing.

The competition has two phases:

  • Phase 1: Teams will be given a “buggy” SoC design which they need to analyze to identify as many security vulnerabilities as possible, if not all. We will also provide specification detail and the desired security properties. Freedom to choose tools and techniques is intended to minimize barrier of entry for teams.

  • Phase 2: At DAC, the participants need to participate in a live capture-the-flag competition. A new SoC design with new set of bugs will be provided. They need to apply their techniques (and any tools developed) on this new design.




PhD Students

  • Ghada Dessouky, TU Darmstadt
  • Patrick Haney, Texas A&M University
  • Sourav Sudhir, Texas A&M University



1Hackin' AggiesSheena Goel, Zhiyang Ong, Saumil Gogri, and Bhavani Bedre ShankarTexas A&M University
1The Last MohicansDebapriya Basu Roy, Mohammed Shayan, Sarani Bhattacharya, and Arnab BagIndian Institute of Technology Kharagpur
3TRELAMohammad-Mahdi Bidmeshki, Liwei Zhou, Monir Zaman, and Yunjie ZhangThe University of Texas at Dallas


Hackin' Aggies217.5
Dallas Bugboys77.5
The Last Mohicans70.0
Super Secure Synopsys (industry)35.0
SUNY New Paltz32.5
.:hackamole:.Vienna University of Technology (TU Wien); SymbioticEDA
ACESUniversity of California San Diego
AryabhattaCummins college of engineering for women, pune
BackdoorUniversity of Massachusetts Amherst
Blue HensUniversity of Delaware
BugHuntersTexas A&M University
BugShooterIndian Institute of Technology Indore, New York University
Bull_ackistUniversity of South Florida
CARCH-VLSIState Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences; University of Chinese Academy of Sciences
CRYPTOGUYSUniversity (IIT Kharagpur)
Cinap PiUniversity of Illinois at Urbana-Champaign
CodeJediIndian Institute of Technology Kharagpur
DAKUjuniper networks
Dallas BugboysThe University of Texas at Dallas
Diamond DogsIndian Institute of Technology, Kanpur
FGUSArizona State University, Intel Corporation
HackSOCUniversity of California Riverside
HackcisUniv. Grenoble Alpes, Grenoble INP, LCIS
Hackin' AggiesTexas A&M University
HardHackUC Riverside
HijkIIT Kharagpur
ICE LabDrexel University
ICT-HSState Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences
LosFuzzysGraz University of Technology
MaskedNebulaIndian Institute of Technology, Kharagpur
NekoUniversity of California San Diego; University of California San Diego; Tortuga Logic
Polar BearIntel Inc/ Intel Labs
R00timentaryGeorgia Institute of Technology
RISC-pectNYU Tandon School of Engineering
Russel's TeapotNew York University
SAVe BorgWarner, Waterloo Technical Center and McMaster University; National University of Sciences and Technology (NUST)
SEAL_IITKGPIndian Institute of Technology Kharagpur
SPARTANNanyang Technological University
SUNY New PaltzState University of New York (SUNY)
SlashIIT Kharagpur
Sparsh-IITHIndian Institute of Technology Hyderabad
Super Secure SynopsysSynopsys Inc
TAMU-SolverTexas A&M University
THTUniversity of Chinese Academy of Sciences
TPTSICTelecom ParisTech; Secure-IC
TRELAUniversity of Texas at Dallas
Team AlohomoraTexas A&M University
The Last MohicansIndian Institute of Technology Kharagpur
UCSB_GCBUniversity of California, Santa Barbara
WiNet Cap Indian Institute of Technology Hyderabad
WildcatsUniversity of New Hampshire
intrepideVishwakarma Institute of Technology,Pune
ude-syssecUniversity of Duisburg-Essen


Each team should have a team leader and up to 3 additional team members (a total of 4 participants per team), and a university-affiliated advisor. Except for unforeseen and exceptional situations, if a team has qualified for the final round of the competition and withdraws after May 15, 2018, the team members and their advisor will not be eligible to qualify for next year’s competition; the same policy applies to no-shows on the day of the finals at DAC. We strongly encourage industry teams to participate. Travel support and prizes will not be provided to industry teams but honorable mentions will be made to them according to their scores.

Important dates and Timelines

  1. Dec 1, Registration begins
  2. Jan 15 Jan 29, Registration ends
  3. Feb 1: Phase 1: Before DAC. An SoC design “alpha” (with security bugs embedded) will be provided. Participants have to identify the bugs and report them.
  4. May 1: Phase 1 ends and final reports are due.
  5. May 15: Finalists are announced.
  6. At DAC. An SoC design “beta” (with security bugs embedded) will be provided. Participants have to identify the bugs within the given timeframe, 8am-5pm, and report the bugs.


Can teams be changed after registration?

Yes, teams can change their members at any time until the finalists are announced. You can add or remove team members by sending an email to with the title “Hack@DAC team change”.

Who can be an advisor?

Team advisors are required only for academic teams. A team advisor can be anyone with a formal affiliation to a university, including faculty members, post-docs, graduate students, etc. Advisors need not be listed as team members.

Can people with the job title of _____ be on a team?


What specific skills are required to compete?

No particular expertise is required for the contest. We expect teams to use a variety of approaches according to their own backgrounds to find the security bugs.


You can contact the organizers via email at .

The competition has a Slack channel as well.

Venue & Travel

The Hack@DAC2018 will be held in San Franciso, California in June 2018 and is co-located with the DAC 2018 conference.