System-on-a-Chip (SoC) designers use third-party intellectual property (3PIP) cores and in-house IP cores to design SoCs. Trustworthiness of such SoCs is undermined by security bugs unintentionally introduced during integration of these IPs. Each SoC has its own defined usage scenario and corresponding security objectives. When exploited, a security weakness often results in compromise or bypass of at least one of the product security objectives. As it has been in the past attacks may lead to a system failure or deadlock , or create a side-channel to remotely access sensitive information (e.g., cryptographic keys), or gain privileged access to the system enabling them to bypass the security mechanisms in place and compromise the whole computing platform.

The goal of this competition is to develop practical and effective solutions and computer-aided tools to identify such vulnerabilities in buggy SoCs.

What is HACK@DAC?

Participating teams in this competition try to mimic the practices of a security team that is responsible for the security assurance of the system. Their objective is to identify the security vulnerabilities, assess their security impact, propose a mitigation, and report them. They are free to use any tools and techniques of their choosing. Participating teams can affiliated with either industry or academia.

The competition has four phases:

  1. Bug donation teams will provide a proposal on what bugs they can contribute. Selected proposers will work with the organization team to incorporate these bugs in an open-source SoC. They will also help develop specification details and the desired security properties.
  2. Participating teams will be given a “buggy” SoC design which they need to analyze to identify as many security vulnerabilities as possible, if not all. We will also provide specification detail and the desired security properties. Freedom to choose tools and techniques is intended to minimize the barrier of entry for teams. Bug donation teams will help the organizers in evaluating these submissions and selecting the finalists.
  3. A new open-source SoC will be chosen and bug donation teams will provide a new set of bugs. These teams will again work with the organization team to incorporate these bugs into the new SoC.
  4. At DAC, the participants need to compete in a live capture-the-flag competition. An SoC design with a new set of bugs will be provided. They need to apply their techniques (and any tools developed) on this new design. Bug donation teams will help the organizers in evaluating these submissions live and help select the winners.

What is Bug Donation?

To provide the buggy SoCs to the participating teams, we are collecting real-world bugs from leading players in the semiconductor industry and reproducing them by incorporating them in open-source SoC designs. This way, the competition will be more realistic and useful to the community in identifying tools and techniques in detecting security bugs. To overcome restrictions due to proprietary information, we implement the bugs within open-source designs. To this end, we are requesting companies to submit proposals on how they plan to donate the bugs to this competition, work with the organizers on implementing them, and evaluate the submissions with the organizers. The selected proposers will have access to all the known and unknown bugs submitted, direct interactions with the teams, and can identify the bottlenecks in the process.

Bug Proposal Format and Submission Guidelines

  • Each proposal should clearly describe the class/type of security bugs that are of interest to the participating company. The proposal should also describe why those bugs are of importance to the company and industry in general and how easy/difficult it is to detect them. The proposal should describe how these bugs can be incorporated in an open-source SoC design. Optional: Mention at least one open-source SoC where proposed bugs can be inserted.

  • The proposal will be evaluated by the committee on the following metrics:
    • Interest to the community: How important is the list of proposed bugs?
    • Ease of detection: Does the proposed set of bugs cover the entire spectrum of difficulty (very easy to very hard)?
    • Ease of exploitability: Does the exploit require physical access to the hardware or is it remotely exploitable (by means of software)?
    • Feasibility: How feasible it is for the organizers to integrate these bugs in an open-source SoC?
  • Page limit is two pages, 1 inch margin on all side, Times 12pt.
  • Please email your proposals by January 1, 2019 11:59PM PT to jv.rajendran@tamu.edu
  • Please mention a contact author and the team. This is not an anonymous submission process.


Bug-donation and organization:

  • Jan 1, 2019: Deadline for bug proposals
  • Jan 15, 2019: Decisions on bugs


  • Dec 15, 2018: Registration begins.
  • March 1, 2019: Phase 1: Before DAC. A SoC design “alpha” (with security bugs embedded) will be provided. Participants have to identify the bugs and report them.
  • May 1, 2019: Phase 1 ends and final submissions are due.
  • May 5: Finalists are announced.
  • June 2-6, 2019: At DAC, a SoC design “beta” (with security bugs embedded) will be provided. Participants have to identify the bugs within the given timeframe, and report the bugs.


PhD Students

Grad Students

  • Garrett Persyn, Texas A&M University
  • Rahul Kande, Texas A&M University

Live Scoreboard


#Team NameAffiliationCountry
1Hackin' AggiesTortuga Logic and Texas A&M UniversityUnited States
3NotATrojanRuhr-Universität BochumGermany
4Alpha4NYU Tandon School of EngineeringUnited States
5Always@PosedgeNYU Tandon School of EngineeringUnited States
6ChipstersNYU Tandon School of EngineeringUnited States
7.:hackamole:.TU WienAustria
8SECNYUUnited States
9Team 11NYU Tandon School of EngineeringUnited States
10TribeNYU Tandon School of EngineeringUnited States
11Digi-NerdsIIT HyderabadIndia
12CCNYCCNYUnited States
$teamnameState University of New York
Parallel_beingsBITS PILANI University
GreycellsMicrochip; Samsung; ThinCI; Mediatek
Gator HackersUniversity of Florida
CUREThe Chinese University of Hong Kong
elmerfuddIIT Madras
Hackin' AggiesTortuga Logic and Texas A&M University
cyber@ucrUniversity of California, Riverside, Institute of Computing Technology, Chinese Academy of Sciences; University of Chinese Academy of Sciences
Idea LabUniversity of Maryland, College Park
teamDfxNew York University; New York University Abu Dhabi
TribeNew York University- Tandon School of Engineering
kangaroosUniversity of New Southwales
.:hackamole:.TU Wien
pinakaIndian Statistical Institute, Kolkata
Alpha4NYU Tandon School of Engineering
ChipstersNew York University, Tandon School of Engineering
hacking_essenUniversity of Duisburg-Essen
Morgan State University CREAMMorgan State University
Formal Methods Group @ PoliTOPolitecnico di Torino, Department of Control and Computer Engineering (DAUIN)
GigEmBitesTexas A&M University
CryptoTigersAuburn University
Dallas BugboysThe University of Texas at Dallas
Team 11NYU Tandon School of Engineering
SECNew York University Tandon
NotATrojanRuhr-Universität Bochum
Xx-dacHOUND-xXNew York University
Always@PosedgeNew York University
CCNYCity College of New York
SECDAC-UPCDepartament d'Arquitectura de Computadors (DAC), Universitat Politècnica de Catalunya (UPC)
JarJarNYU Tandon
NYU HSecNew York University Tandon School of Engineering
Secure TechNetNagpur University; Central University
Digi-NerdsIndian Institute of Technology, Hyderabad
RockersAnalog Devices
Charan valaUnversity of Southampton
SpartansTexas A&M University
QintetIIT Bombay

Each team must meet all of the below eligibility requirements:

  1. A team member can be a student or a working professional.
  2. Provide ‘single’ e-mail address for your team.
  3. A team can consist of up-to 4 members (excluding the adviser).
  4. A team member cannot be associated with multiple teams.
  5. Individuals associated with any of the organizers are not allowed to participate in the competition.
  6. Individuals affiliated with multiple organizations can participate in one single team.
  7. No entry fee is required to participate in the competition.
  8. The organizers reserve the right to disqualify entries at their discretion.

You can contact the organizers via email at hackdac19@gmail.com.

The competition has a Slack channel as well. Please check the invite page to join the channel.

Venue & Travel

The Hack@DAC2019 will be held in Las Vegas in June 2019 and is co-located with the DAC 2019 conference.