Modern computer hardware keeps paying a performance tax for vulnerabilities discovered too late. Each generation brings dozens to hundreds of post-silicon security issues, and fixes often arrive as heavyweight patches such as microcode updates, extra barriers, or tighter speculation controls. Over time, these mitigations permanently shift the performance and security balance. This talk presents pre-silicon hardware security validation techniques inspired by software testing and verification. The focus is on information-flow tracking and how it can be combined with formal analysis and fuzzing to surface security-relevant behavior, including secret leakage, cross-privilege flows, and architectural bugs such as crashes. The goal is to find these issues before tape-out, when they are still cheap to fix, do not require permanent performance trade-offs, and do not expose security risks in the wild. A major obstacle is evaluation. Hardware security still lacks a widely used public benchmark of vulnerabilities, which makes fair comparisons between techniques difficult. The talk discusses a step toward closing this gap through systematic bug injection. This direction also points to the exciting direction of adversarial validation loops where a verifier is trained against a bug injector, and both improve over time.
Speaker Info:
Flavien Solt is an Assistant Professor at the National University of Singapore. Previously, he was a postdoctoral researcher in the SLICE Lab at University of California, Berkeley, working with Chris Fletcher. He received his PhD from ETH Zurich in 2024 under the supervision of Kaveh Razavi, and was awarded the ETH Medal.