Organizing The World's Largest Hardware Security Competition

Abstract

The recent trend of providing fast and flexible hardware platforms as-a-service coupled with the advancements in hardware design tools have significantly reduced the effort of designing new hardware. Additionally, with the advent of open-source Instruction Set Architectures (ISAs) such as OpenRISC and RISC-V, we witness the rise of a wide variety of open-source and commercial processor cores and System-On-Chip (SoC) designs in a short time. However, this development bears the risk of growing hardware security vulnerabilities. Indeed, we are witnessing new forms of sophisticated cross-layer attacks that use software to exploit hardware vulnerabilities and design flaws with fatal consequences. At the same time, the existing hardware verification techniques are unable to keep up with the increased complexity and diversity of SoC designs. In this paper, we present our efforts and insightful findings on taking a deep dive into hardware security and cross-layer attacks. Inspired by real-world vulnerabilities and insights from our industry collaborator, we have been conducting the world's largest hardware security competitions since 2018. The main goal is to significantly advance SoC vulnerability detection methods and techniques and their automation. Throughout this competition, we have provided a representative testbed of real-world software-exploitable RTL bugs based on RISC-V SoCs. We envision our RISC-V testbed of RTL bugs offered as a cloud-based service providing a rich exploratory ground for future research in hardware security verification and contributing to the open-source hardware landscape.