This paper systematizes two decades of hardware reverse engineering research by analyzing 187 publications, identifying key technical methods and recommending improvements for reproducibility, standar…

This survey reviews hardware-rooted trust mechanisms, such as PUFs and TPMs, demonstrating that hardware-based solutions are superior to software-only methods for ensuring secure authentication and AI…

The paper introduces Constraint-Guided Semantic Testing (ConSeT), a novel framework that systematically finds critical, pre-authentication vulnerabilities in 5G User Equipment (UE) by exploiting seman…

The paper develops a quantitative scoring system, CRESS, to consistently and comparably rate the severity of novel hardware reverse engineering attack scenarios, proving it is more expressive than ind…

This study demonstrates that the publicly distributed firmware of ASIC cryptocurrency miners constitutes a primary and sufficient attack surface, allowing attackers to reconstruct internal architectur…

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

The paper proposes an on-device framework to detect and prevent the forwarding of images that have been physically recaptured (photographed) from a mobile screen, addressing the Screen Recaptured Anal…

CIPHR introduces a novel, fine-grain hardware redaction methodology inspired by cryptographic indistinguishability to protect intellectual property against structural attacks that exploit existing art…

The paper introduces a novel toolkit to enhance RISC-V Trusted Execution Environments (TEEs) by adding modular extensions for secure enclave update, migration, state continuity, and trusted time, ther…

This paper provides the first comprehensive review of threats and defenses specifically targeting on-device AI inference, revealing a significant imbalance where certain attack types, like adversarial…

The paper reverse-engineers Apple's Private Cloud Compute (PCC) implementation to independently benchmark its model and evaluate its privacy claims, addressing the lack of transparency in Apple's syst…

Space Fabric introduces a novel satellite-based Trusted Execution Architecture (TEE) that establishes trust for orbital computing by generating cryptographic secrets and binding workload execution to…

The paper introduces Sentinel, a novel proxy-based system that achieves comprehensive, type-agnostic reentrancy protection for smart contracts by intercepting all external calls.

This paper analyzes the impact of Tock's secure technical design, built using Rust and hardware protection, on its successful transition from academic research to a widely adopted, production-grade op…

The paper analyzes existing hardware Trojan datasets to demonstrate that standard cell libraries can be systematically exploited to create visually undetectable, stealthy hardware Trojans, exemplified…

The authors reverse-engineered and fuzz-tested the undocumented Apple Remote Invocation (ARI) interface, revealing a significant, untested Remote Code Execution (RCE) attack surface on iOS.

LIPPEN introduces a novel hardware-software co-design that provides strong, zero-overhead pointer encryption for enhanced memory safety, achieving comprehensive pointer integrity and confidentiality.

The paper introduces HarmChip, a novel benchmark to evaluate LLM vulnerability to domain-specific hardware security threats, revealing that current safety guardrails fail against semantically disguise…

zkSBOM introduces a zero-knowledge mechanism for sharing Software Bills of Materials (SBOMs) that allows consumers to check for vulnerabilities without suppliers revealing the full, sensitive contents…

MemMark introduces a state-evolution attribution watermark that embeds owner-controlled signals into latent memory-write decisions, enabling robust provenance tracking for agent memory even when all t…