System-on-a-Chip (SoC) designers use third-party intellectual property (3PIP) cores and in-house IP cores to design SoCs. Trustworthiness of SoCs can be undermined by security bugs that are unintentionally introduced during the integration of the IPs. A security weakness, if discovered and exploited when the chips are in the field, can result in a compromise or bypass of one or more product security objectives. For example, an exploited security bug may lead to a deadlock or failure of the system, or create a backdoor through which an attacker can gain remote access to leak secrets from the system. The goal of this competition is to develop tools and methods for identifying security vulnerabilities in buggy SoCs.
In this 33-hour ordeal, the top scoring teams from phase I of the competition will compete live to find and report security bugs from an SoC that is released to them at the start of the day. These teams mimic the role of a security research team at the SoC integrator and try to find the security vulnerabilities and report them back to the design team quickly, so they can be addressed before the SoC goes to market. The bug submissions from the participating teams are scored in real time by an expert team from industry and academia.