Previous Story Next Story

Graduate students awarded second place at world's largest hardware security competition

By Alyssa Turner

Published: Sep 7, 2021 8:20:00 AM

Yadi Zhong (seated), Yuquiao Zhang and Ziqi Zhou, graduate students mentored by Dr. Ujjwal Guin, assistant professor in electrical and computer engineering, took second place at the HACK@SEC21 hardware and security competition. Yadi Zhong (seated), Yuquiao Zhang and Ziqi Zhou, graduate students mentored by Dr. Ujjwal Guin, assistant professor in electrical and computer engineering, took second place at the HACK@SEC21 hardware and security competition.

Three graduate students in electrical and computer engineering, Yadi Zhong, Yuquiao Zhang, and Ziqi Zhou, identified bugs and wrote code to exploit vulnerabilities within computer chips and took second place in the virtual, 33-team HACK@SEC21 – the world’s largest hardware and security competition on August 11-13.

Advised by Ujjwal Guin, assistant professor in electrical and computer engineering, the team operated under pseudonym “AubieTheTiger” and competed against peer teams from Europe, Asia, and the Americas.

HACK@SEC is committed to raising the bar for hardware security in the semiconductor industry. Co-located with the USENIX Security Symposium, contestants identify bugs and write code to exploit the security-critical vulnerabilities during sequenced trials. The competition is designed to expose students to real-world scenarios they might experience as industry professionals.

“Worldwide, we have a Common Weakness Enumeration (CWE) database. When problems are exposed – bugs, attacks – they go to that database,” Dr. Guin explained. “This is maintained by Mitre. The event organizer, Intel, choose a few of those vulnerabilities and place the on a System-on-Chip (SOC), then they distribute those SOCs to people so they can discover more. They are creating a cognizant workforce that can identify the bugs and fix them.”

During an advanced level of the competition, participants were provided 48 hours to identify bugs in the Hardware Description Language (HDL) of a System-on-Chip (SOC). The teams were encouraged to use all applications, tools or techniques to discover and exploit bugs during the live, capture-the-flag competition.

According to Dr. Guin, the team of Zhong, Zhang, and Zhou created a timely submission detailing the identity of a bug, its location, the security feature bypassed, the software code used to eliminate it, its security impact, adversary profile and the proposed mitigation.

In addition to being recognized by judges as second place worldwide, AubieTheTiger was commended for its findings on ROM Aliasing Issues.

“Our program has an excellent reputation within the security community,” Dr. Guin said. “The judges were especially impressed with our findings and mentioned it as the most interesting bug (ROM Aliasing Issues). “The team did an excellent job of finding bugs in the language of a System-on-Chip, and representing the Samuel Ginn College of Engineering.”
Media Contact: Joe McAdory, jem0040@auburn.edu, 334.844.3447

Recent Headlines