Abstract: The state of the art for hardware security verification relies heavily on manual inspection, code review, and functional verification techniques to identify security vulnerabilities. This labor-intensive process doesn’t scale, significantly reduces productivity, and provides no assurance that a security flaw will be found. Maintaining the status quo leaves hardware vulnerable to attacks exploiting hardware, firmware, and software weaknesses.

This presentation describes a framework for scalable hardware security verification. The methods focus on information flow tracking and include static analysis, simulation/emulation, and formal verification. The presentation discusses the challenges in hardware security verification, including developing and refining properties, creating security metrics, understanding vulnerabilities, debugging potential security flaws, and scaling to industry designs. The talk highlights our security verification efforts on the Caliptra and OpenTitan hardware roots of trust.

Ryan Kastner is a professor in the Department of Computer Science and Engineering at UC San Diego, where he holds the William Nachbar endowed chair. He received a Ph.D. in Computer Science at UCLA, a Master’s degree (MS) in engineering, and Bachelor’s degrees (BS) in Electrical Engineering and Computer Engineering, all from Northwestern University. He leads the Kastner Research Group whose current research interests fall into three areas: hardware acceleration, hardware security, and remote sensing. He is the co-director of the Wireless Embedded Systems Master of Advanced Studies Program. He also co-directs the Engineers for Exploration Program. He is the co-founder of Cycuity, which develops hardware security verification solutions. He is an IEEE Fellow.

Abstract: Modern superscalar execute a large number of instructions in parallel, and, like other massively parallel systems, exhibit numerous race conditions. While the illusion of sequential execution hides the architectural effects of these race conditions, observing microarchitectural state can expose these races. Transient execution attacks, such as Spectre and Meltdown, exploit such races to bypass security boundaries and leak information. However recent research extended the understanding of microarchitectural races identifying multiple use cases. This talk, explores microarchitectural races beyond transient execution attacks. It identifies basic primitives that allow inducing race conditions and exploiting them, showing that these primitives allow arbitrary computation over microarchitectural state. It then demonstrates some use cases for microarchitectural races, including code obfuscation, augmenting cache attacks, and reverse engineering.

Yuval Yarom is a Professor of Computer Security at Ruhr University Bochum. His research focuses on the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. Before that, he was an Associate Professor at the University of Adelaide, the Vice President of Research in Memco Software, and a co-founder and Chief Technology Officer of Girafa.com. Yuval earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively.

Junfeng Fan is an internationally renowned chip security expert, PhD in Cryptography from KU Leuven, Belgium, co-designer of the fully homomorphic cryptographic algorithm BFV, and chair of the CHES conference (2021). He has published a total of 30 papers in international conferences such as CHES and international journals such as IEEE Transactions on Computers.

Dr. Jeyavijayan (JV) Rajendran is an Associate Professor and an ASCEND Fellow in the Department of Electrical and Computer Engineering at Texas A&M University. He obtained his Ph.D. degree from New York University in August 2015. His research interests include hardware security and computer security. His research has won the NSF CAREER Award in 2017, the ONR Young Investigator Award in 2022, the IEEE CEDA Ernest Kuh Early Career Award in 2021, the ACM SIGDA Outstanding Young Faculty Award in 2019, the Intel Academic Leadership Award, along with several best student paper awards and best PhD dissertation awards. He is also an alumnus of the National Academy of Engineering s Frontiers of Engineering, 2023, and serves on NASEM/NAE committees. He organizes and has co-founded Hack@DAC, a student security competition co-located with DAC and SUSHI.

Ahmad-Reza Sadeghi is a Professor of Computer Science and head of the System Security Lab at the Technical University of Darmstadt, Germany. He led the university’s Cybersecurity Center from 2020 to 2023 and has directed multiple Intel Collaborative Research Labs since 2012. He holds a Ph.D. in Computer Science from the University of Saarland, Germany, as well as degrees in Industrial and Electrical Engineering. Before joining academia, he worked in R&D at leading IT companies, including Ericsson Telecommunications. His research spans security, privacy, and system design, with lasting impact across academia and industry. Prof. Sadeghi served as Editor-in-Chief of IEEE Security & Privacy Magazine and on the editorial boards of ACM TODAES, ACM TIOT, and ACM DTRAP. He is a member of the German Academy of Science and Engineering (acatech) and the ACM Europe Council. His achievements have been recognized with numerous awards, including the German Karl Heinz Beckurts Award for advancing Trusted Computing, the ACM SIGSAC Outstanding Contributions Award (2018), the Intel Academic Leadership Award (2021), the European Research Council Advanced Grant (2022), the DAC Service Award (2024), and the Synopsys Academic Award (2025).

Prof. Sandeep Kumar Shukla is currently the director of International Institute of Information Technology (IIIT), Hyderabad, and a professor at the the Cyber Security Center (IIITH). Prof. Shukla headed the department of Computer Science and Engineering at IIT Kanpur between 2017 and 2020, served as the Poonam & Prabhu Goel Chair Professor from 2016 to 2019, and was the Rajiv and Ritu Batra Chair Professor in Cyber Security between 2023-2025. He also acted as a joint coordinator of the National Interdisciplinary Centre for Cyber Security & Cyber Defense of Critical Infrastructures (C3i Center) at IIT Kanpur which he also founded and as a joint coordinator of the National Blockchain Project funded by the National Security Council Secretariat. He served as a project director of the C3i Hub—a Technology Innovation Hub on Cyber Security created by the DST, Government of India until March 2025. In August 2025, he moved from IIT Kanpur to IIIT Hyderabad. He worked at GTE Labs as a Principal Member of Technical Staff, as Senior Staff Design Engineer at Intel Corporation, as research faculty at the University of California, Irvine, and as a Professor of Computer Engineering at Virginia Tech, Blacksburg, USA. His major research areas are cybersecurity, cyber-resilient system design, risk assessment, critical infrastructure security, and blockchain technology. Prof. Shukla had published over 300 peer-reviewed conference papers, journal articles, and book chapters, authored 12 books, and served as editor for several noted journals and technical publications.