The recent outbreak of microarchitectural attacks that are being continuously uncovered has shown us the hard way that our trust assumptions in the underlying hardware of our computing systems and security architectures are unjustified. Besides microarchitectural design flaws, System-on-Chip (SoC) designers often use third-party intellectual property (3PIP) cores and in-house IP cores to design their SoCs. Trustworthiness of such SoCs can be undermined by security bugs unintentionally introduced during the implementation and integration of these IPs. Each SoC has its own defined usage scenario and corresponding security objectives. When exploited, a security weakness often results in compromise or bypass of at least one of the product security objectives. As we have already witnessed, attacks may lead to a system failure or deadlock , or generate a side channel to remotely access sensitive information (e.g., cryptographic keys), or gain privileged access to the system enabling them to bypass the security mechanisms in place and compromise the whole computing platform.

The goal of this competition in its third edition in a row is to develop practical and effective solutions and computer-aided tools to identify such vulnerabilities more efficiently in buggy SoC, with a special focus on theory, tooling, and automation.

What is HACK@DAC?

Participating teams in this competition, in its third edition, try to mimic the practices of a security assurance team that is responsible for the security assurance of the hardware and firmware of the system under test. Their objective is to identify the security vulnerabilities (both microarchitectural/side-channel flaws as well as security bugs), assess their security impact, propose a mitigation, and report them. They are free to use any tools and techniques of their choosing, with a special focus this year on theory, tooling, and automation.

Participating teams will be affiliated with one of two categories: either student-only or mixed. Student-only teams comprise only of students affiliated with academic and research institutions, while mixed teams can comprise of members affiliated with industry only or both industry and academia.

The competition has two phases:

Phase I: Participating teams will be given a “buggy” SoC design which they need to analyze to identify as many security vulnerabilities as possible. We will provide specification details and the desired security properties and threat model. Freedom to choose tools and techniques is intended to minimize the barrier of entry for teams. Finalists will be selected from both team categories.

Phase II: The finalist teams from Phase I will be provided an SoC design with a new set of more bugs where they will compete in a live capture-the-flag competition co-located with DAC. They will need to apply their techniques (and any tools developed) to detect as many vulnerabilities on this new design in a limited time-frame. Bug submissions from the teams will be evaluated live and winners from both categories will be selected.

Who can participate?

Each team must meet all of the below eligibility requirements:

  1. A team member can be a student or a working professional.
  2. Provide ‘single’ e-mail address for your team.
  3. A team can consist of up-to 4 members (excluding the adviser).
  4. A team member cannot be associated with multiple teams.
  5. Individuals associated with Texas A&M University and TU Darmstadt are not allowed to participate in the competition to avoid conflict of interest.
  6. Individuals affiliated with multiple organizations can participate in one single team.
  7. No entry fee is required to participate in the competition.
  8. The organizers reserve the right to disqualify entries at their discretion.


  • Jan 5, 2020: Registration begins.
  • Feb 15, 2020: Phase I starts.
  • May 15, 2020 June 19, 2020: Phase I ends and final submissions are due. (registration ends)
  • May 19, 2020 June 22, 2020: Phase II finalists are announced.
  • June 28, 2020: Recorded video presentations by finalists are due.
  • July 19-23, 2020: Phase II at DAC (virtual).




Congratulations to the Hack@DAC 2020 competition winners!


Phase 2 Live Scoreboard


Phase I Finalists

Congratulations to our top 10 finalist teams! These will participating in Phase II of the competition during the virtual DAC 2020 Conference. Thank you all very much for participating in Phase I of our competition, and we hope everyone had a good time!

#     Team Name         Affiliation                         Score
1 VUSec Vrije Universiteit Amsterdam 205
2 NYU # New York University 84
3 NYU_AES New York University 77
4 CICA-II NXP Semiconductors 62
5 0xdeadbeef University of Illinois Urbana-Champaign 49
6 NYU AZTECS New York University 40
7 0xF1CAEC22 - 33
8 NYU-HDAC New York University 31
9 CCNY - 27
10 Dragonborn New York University 14

To register, please fill in the form below or use this link. You will receive a confirmation email.

0xdeadbeefUniversity of Illinois Urbana-ChampaignStudent
.:hackamole:.TU WienStudent
2^8VeriSi CorporationIndustry
Aerospace ChipletsThe Aerospace CorporationIndustry
Always@PosedgeBeijing Institute of TechnologyStudent
Beta4New York UniversityStudent
Bharathi MQualcommIndustry
BuranNational Taiwan UniversityStudent
ChipstersNew York UniversityStudent
CICANXP SemiconductorsIndustry
CICA-IINXP SemiconductorsIndustry
DefendersTexas InstrumentsIndustry
DragonbornNew York UniversityStudent
Formal EisTU KaiserslauternStudent
GatorFormalUniversity of Florida; Tianjin University; Kansas State UniversityStudent
GraciencosBarcelona Supercomputing CenterStudent
LesSemisCroustillantsCEA; University of Montpellier; Université of GrenobleStudent
LosFantasticosESPSMP ConsultoresIndustry
ML-CISALockheed MartinIndustry
NotATrojanRuhr-University BochumStudent
NYU #NYUStudent
NYU AZTECSNew York UniversityStudent
NYU-HDACNew York UniversityStudent
NYUSecNew York UniversityStudent
Purdue SoCETPurdue UniversityStudent
rising_edge(clk)Goldman Sachs & Co.Industry
roundcpuknightsBarcelona Supercomputing CenterStudent
SECNew York UniversityStudent
SECDAC-UPCUniversitat Politècnica de Catalunya (UPC)Student
securehardware@bi0sAmrita Vishwa VidhyapeethamStudent
SnxIndependent researchersIndustry
SoC RangersSankalp semiconductersIndustry
Team TIESThe University of Texas at DallasStudent
Team UECThe University of Electro-Communications; IndependentIndustry
Tennessee State UniversityTennessee State UniversityStudent
TigersAuburn UniversityStudent
TribeNew York UniversityStudent
twilightToshiba Information Systems (Japan) Corp.;Waseda Univ.Industry
USA JaguarsUniversity of South AlabamaStudent
VUbarVrije Universiteit AmsterdamStudent
VUSecVrije Universiteit AmsterdamStudent
XYZIndian Institute of Technology KanpurStudent

*Teams that mix industry professionals and students are shown as “Industry”.


You can contact the organizers via email at hackadac@gmail.com.

The competition has a Slack channel as well. Please check the invite page to join the channel.

Venue & Travel

The Hack@DAC2020 will be held in San Francisco in July 2020 and is co-located with the DAC 2020 conference.