The Hack@DAC Story: Learnings from Organizing the World’s Largest Hardware Hacking Competition

Posted on by Haco

Computing Stack

Challenges

Observed During Offensive Security Research at Intel

  • Awareness of Hardware Common Weaknesses [CONCEPTS]
  • Security-Aware Design Automation [TOOLS]
  • “Shift-Left” to Detect & Fix Bugs in RTL [BEST PRACTICES]

1. Limited Awareness of HW Security Weaknesses

2. Need for Security-Aware Design Automation Tools

3. Need to Detect/Fix Bugs at RTL Design Phase

  • SW bugs fixed with patches
  • HW bugs are complicated to fix
    • Time consuming
    • Expensive
    • Cause brand damage

System on a Chip(Soc)

  • Data Confidentiality
    • Protect secrets from unauthorized access
  • Data Integrity
    • Protect data modification by untrusted agents
  • Availablity
    • Protect against permanent damage to system
  • Security features examples
    • Execution core & debug privilege checks
    • Access control
    • Memory encryption & integrity
    • Secure data erase
    • Power and thermal critical trip alerts

Hack@DAC

  • A buggy SoC* framework for furthering innovation
    • Realistic security features, thread model, and security objectives
    • Vulnerabilities inspired by CVEs and real-world bugs
    • Open source and commercial tool support
  • Benchmark for developing and testing HW security tools
    • Closest to commercial chip designs
  • Participants gain hardware security assurance experience
    • Develop hacker mindset
    • Launchpad for researchers from adjacent areas (e.g., Firmware)

MITRE Hardware CWE

Security-Aware Tooling & Bug Detection

Hack@DAC SoC framework

  • Realistic threat model and security objectives
  • Closest available to commercial chip designs
  • Uncover new classes of security vulnerabilities
  • New tools for identifying weakness classes

Black Hat Sound Bytes

  • Increased HW Security Awareness
    • MITRE HW CWE
    • Corpus of weaknesses and code examples
  • Open-sourced buggy SoC design
    • Realistic security features
    • CVE-inspired vulnerabilities
    • Complexity matching commercial chips
  • Innovations in HW security tooling
    • Tools that detect and patch bugs at RTL
  • Participants developed hacker mindset

HACK THE SILICON

Post Views: 928

One thought on “The Hack@DAC Story: Learnings from Organizing the World’s Largest Hardware Hacking Competition

Leave a Reply

Your email address will not be published. Required fields are marked *