{"id":34,"date":"2024-09-27T07:50:54","date_gmt":"2024-09-27T07:50:54","guid":{"rendered":"https:\/\/haco.club\/?p=34"},"modified":"2024-12-28T14:55:48","modified_gmt":"2024-12-28T14:55:48","slug":"the-hackdac-story-learnings-from-organizing-the-worlds-largest-hardware-hacking-competition","status":"publish","type":"post","link":"https:\/\/haco.club\/?p=34","title":{"rendered":"The Hack@DAC Story: Learnings from Organizing the World&#8217;s Largest Hardware Hacking Competition"},"content":{"rendered":"\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"The Hack@DAC Story: Learnings from Organizing the World&#039;s Largest Hardware Hacking Competition\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/6S86MskqywE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"> Computing Stack<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large wp-duotone-unset-1\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"502\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-1024x502.png\" alt=\"\" class=\"wp-image-42\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-1024x502.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-300x147.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-768x377.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-1536x753.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/7CD39912A5FB629A292BD592F9411EF0-2048x1004.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Challenges<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Observed During Offensive Security Research at Intel<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Awareness of Hardware Common Weaknesses <strong>[CONCEPTS]<\/strong><\/li>\n\n\n\n<li>Security-Aware Design Automation <strong>[TOOLS]<\/strong><\/li>\n\n\n\n<li>&#8220;Shift-Left&#8221; to Detect &amp; Fix Bugs in RTL <strong>[BEST PRACTICES]<\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">1. Limited Awareness of HW Security Weaknesses<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"465\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-1024x465.png\" alt=\"\" class=\"wp-image-44\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-1024x465.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-300x136.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-768x349.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-1536x698.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/F4F732F60584D6884E4178F7AA77E19E-2048x930.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">2. Need for Security-Aware Design Automation Tools<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"471\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-1024x471.png\" alt=\"\" class=\"wp-image-45\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-1024x471.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-300x138.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-768x353.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-1536x706.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/2B68F58A0D0A855E6B8557892E61D944-2048x941.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"469\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-1024x469.png\" alt=\"\" class=\"wp-image-46\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-1024x469.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-300x137.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-768x352.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-1536x703.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/EAAB185B0BA2A07E723C8A13E7EA02EE-2048x937.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">3. Need to Detect\/Fix Bugs at RTL Design Phase<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"677\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/75577FA52FE97679F6430C78E0344CAE-1024x677.png\" alt=\"\" class=\"wp-image-49\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/75577FA52FE97679F6430C78E0344CAE-1024x677.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/75577FA52FE97679F6430C78E0344CAE-300x198.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/75577FA52FE97679F6430C78E0344CAE-768x508.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/75577FA52FE97679F6430C78E0344CAE.png 1346w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SW bugs fixed with patches<\/li>\n\n\n\n<li>HW bugs are complicated to fix\n<ul class=\"wp-block-list\">\n<li>Time consuming<\/li>\n\n\n\n<li>Expensive<\/li>\n\n\n\n<li>Cause brand damage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">System on a Chip(Soc)<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"951\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/9BC9A2652E9EDB37BEB11D9410757A08-1024x951.png\" alt=\"\" class=\"wp-image-54\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/9BC9A2652E9EDB37BEB11D9410757A08-1024x951.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/9BC9A2652E9EDB37BEB11D9410757A08-300x279.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/9BC9A2652E9EDB37BEB11D9410757A08-768x713.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/9BC9A2652E9EDB37BEB11D9410757A08.png 1236w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data Confidentiality\n<ul class=\"wp-block-list\">\n<li>Protect secrets from unauthorized access<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Data Integrity\n<ul class=\"wp-block-list\">\n<li>Protect data modification by untrusted agents<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Availablity\n<ul class=\"wp-block-list\">\n<li>Protect against permanent damage to system<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Security features examples\n<ul class=\"wp-block-list\">\n<li>Execution core &amp; debug privilege checks<\/li>\n\n\n\n<li>Access control<\/li>\n\n\n\n<li>Memory encryption &amp; integrity<\/li>\n\n\n\n<li>Secure data erase<\/li>\n\n\n\n<li>Power and thermal critical trip alerts<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Hack@DAC<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A buggy SoC* framework for furthering innovation\n<ul class=\"wp-block-list\">\n<li>Realistic security features, thread model, and security objectives<\/li>\n\n\n\n<li>Vulnerabilities inspired by CVEs and real-world bugs<\/li>\n\n\n\n<li>Open source and commercial tool support<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Benchmark for developing and testing HW security tools\n<ul class=\"wp-block-list\">\n<li>Closest to commercial chip designs<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Participants gain hardware security assurance experience\n<ul class=\"wp-block-list\">\n<li>Develop hacker mindset<\/li>\n\n\n\n<li>Launchpad for researchers from adjacent areas (e.g., Firmware)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"681\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9-1024x681.png\" alt=\"\" class=\"wp-image-59\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9-1024x681.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9-300x200.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9-768x511.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9-1536x1022.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/10C82D1AC1E7C1D23CCD2FF49495A6E9.png 1942w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">MITRE Hardware CWE<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"591\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/733F62AA5050BF105399AB993A219C82-1024x591.png\" alt=\"\" class=\"wp-image-60\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/733F62AA5050BF105399AB993A219C82-1024x591.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/733F62AA5050BF105399AB993A219C82-300x173.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/733F62AA5050BF105399AB993A219C82-768x443.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/733F62AA5050BF105399AB993A219C82.png 1112w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"867\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/0D592F3BDAA54128C9FCCC2A432FE0D6-1024x867.png\" alt=\"\" class=\"wp-image-61\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/0D592F3BDAA54128C9FCCC2A432FE0D6-1024x867.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/0D592F3BDAA54128C9FCCC2A432FE0D6-300x254.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/0D592F3BDAA54128C9FCCC2A432FE0D6-768x650.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/0D592F3BDAA54128C9FCCC2A432FE0D6.png 1316w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Security-Aware Tooling &amp; Bug Detection<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"487\" src=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-1024x487.png\" alt=\"\" class=\"wp-image-62\" srcset=\"https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-1024x487.png 1024w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-300x143.png 300w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-768x365.png 768w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-1536x730.png 1536w, https:\/\/haco.club\/wp-content\/uploads\/2024\/09\/25E2AD2E24802903456B80B1E5375CE8-2048x973.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Hack@DAC SoC framework<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Realistic threat model and security objectives<\/li>\n\n\n\n<li>Closest available to commercial chip designs<\/li>\n\n\n\n<li>Uncover new classes of security vulnerabilities<\/li>\n\n\n\n<li>New tools for identifying weakness classes<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Black Hat Sound Bytes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Increased HW Security Awareness\n<ul class=\"wp-block-list\">\n<li>MITRE HW CWE<\/li>\n\n\n\n<li>Corpus of weaknesses and code examples<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Open-sourced buggy SoC design\n<ul class=\"wp-block-list\">\n<li>Realistic security features<\/li>\n\n\n\n<li>CVE-inspired vulnerabilities<\/li>\n\n\n\n<li>Complexity matching commercial chips<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Innovations in HW security tooling\n<ul class=\"wp-block-list\">\n<li>Tools that detect and patch bugs at RTL<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Participants developed hacker mindset<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><a href=\"https:\/\/hackthesilicon.com\" data-type=\"link\" data-id=\"https:\/\/hackthesilicon.com\">HACK THE SILICON<\/a><\/p>\n<\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Computing Stack Challenges Observed During Offensive Security Research at Intel [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[4,5],"class_list":["post-34","post","type-post","status-publish","format-standard","hentry","category-black-hat","tag-hardware","tag-security"],"_links":{"self":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/34","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=34"}],"version-history":[{"count":13,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/34\/revisions"}],"predecessor-version":[{"id":67,"href":"https:\/\/haco.club\/index.php?rest_route=\/wp\/v2\/posts\/34\/revisions\/67"}],"wp:attachment":[{"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=34"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=34"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haco.club\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=34"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}