The process of getting your research published is not for the faint of heart. Before you, or your favorite LLM, can access a peer-reviewed research paper online, the researchers behind that paper typically spend months or even years of their lives (1) developing the core research idea, (2) evaluating it against existing state of the art solutions, and (3) preparing a research paper, including all figures, tables, plots, witty titles, etc., for submission to a peer reviewed publication venue such as a conference, journal, or magazine. After submitting to one of these publication venues, researchers must then wait weeks to months to receive the verdict of the peer review process. If the submitted paper is accepted, the researchers breathe a sigh of relief and begin finalizing the “camera-ready” version (the version that is published). However, if the submitted paper isn’t accepted, the researchers, after going through the five stages of grief, work to improve it based on feedback from the peer review process and resubmit the updated version at a later date. Regardless of the number of submissions, when a paper is accepted, it is cause for celebration because all of our hard work has paid off, and our research now has the potential to reach others in our field. As researchers, we can only hope that, once the paper is published and presented more broadly, others in our community see the value in our work just as the reviewers did. In this post, we get to celebrate just that.

Every year, researchers in the hardware and embedded security community organize an in-person workshop event known as the Top Picks in Hardware and Embedded Security. The goal of the Top Picks workshop is to recognize “the best of the best in hardware security, spanning the gamut from hardware to microarchitecture to embedded systems.” Hardware security papers published within the preceding six years at one of the leading venues in our field are eligible to be selected as a “Top Pick”. To be considered, authors of an eligible paper must submit a 2-page self-nomination letter that (1) summarizes the paper’s key contributions and (2) argues “for the potential of the work to have a long-term impact, clearly articulating why and how it will influence other researchers and/or industry.” After reviewing the self-nomination letters, the Top Picks organizers select a subset of the submitted papers to be “shortlisted papers”, meaning those papers are candidates for being a Top Pick. During the in-person workshop event, authors of shortlisted papers present their work and make the case for its long-term impact. Following the in-person presentations, the Top Picks organizers select a subset of the shortlisted papers as “Top Picks” for that year.

In September 2025, we submitted two of our multi-institution, hardware security papers for consideration: (1) “Pentimento: Data Remanence in Cloud FPGAs” (published 2024) and (2) “Security Verification of the OpenTitan Hardware Root of Trust” (published 2023). In mid October 2025, we were fortunate enough to have both papers shortlisted for the Top Pick award. However, with the in-person Top Picks workshop (co-located with ICCAD 2025 in Munich) happening on October 30th, we had to quickly decide if we would even be able to participate since (1) none of us (the authors for both papers) were planning on attending ICCAD, (2) we are all based in the west coast of the US, (3) we would have to organize and book international travel within a week of departure, and (4) we still had to prepare our presentations. Luckily, roadblocks 1-3 were taken care of when Andy Meza volunteered to go on this “last-minute research mission”. Since he is an author on both papers, he met the presentation requirements for our shortlisted papers. Roadblock 4 (preparing the presentations) was handled through classic teamwork from the “Pentimento” authors (led by Colin Drewes) and the “Security Verification of OpenTitan” authors (led by Andy Meza). Following the in-person presentations, we received news that “Security Verification of the OpenTitan Hardware Root of Trust” had been selected as a Top Pick.

Being shortlisted/selected as a Top Pick is a major honor, as it demonstrates the quality, relevance, and impact of the research we do. With that in mind, we congratulate: Colin Drewes, Olivia Weng, Andy Meza, Alric Althoff, David Kohlbrenner, Ryan Kastner, and Dustin Richmond for being shortlisted for a 2025 Top Pick for “Pentimento: Data Remanence in Cloud FPGAs”; and Andy Meza, Francesco Restuccia, Jason Oberg, Dominique Rizzo, and Ryan Kastner for being shortlisted and selected for a 2025 Top Pick for “Security Verification of the OpenTitan Hardware Root of Trust”. 

To learn more about these research projects:

• Pentimento: Previous Post, Technical Paper
• OpenTitan Security Verification: Previous Post, Technical Paper

Referenced Papers:

Colin Drewes, Olivia Weng, Andres Meza, Alric Althoff, David Kohlbrenner, Ryan Kastner, and Dustin Richmond, “Pentimento: Data Remanence in Cloud FPGAs“, ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2024

Andres Meza, Francesco Restuccia, Jason Oberg, Dominique Rizzo, and Ryan Kastner, “Security Verification of the OpenTitan Hardware Root of Trust“, IEEE Security & Privacy, Volume 21, Issue 3 May-June 2023

Post written by Andres Meza

This past week, Olivia Weng and lab alum Jennifer Switzer, journeyed to Pittsburgh to attend ASPLOS’26. Olivia presented her paper, PrioriFI (repo, paper), a software fault-injection tool that prioritizes flipping the most sensitive parameter bits of a neural network first. PrioriFI argues that neural network fault-injection tools should be mindful of relying on bit-level monotonicity: that a more significant bit is more sensitive than a less significant one. We show the many exceptions to this common assumption and present the PrioriFI algorithm as a method of avoiding its pitfalls.  The PrioriFI project was a collaboration that included lab member Andres Meza and Nhan Tran of Fermilab.

Olivia and Jen met many computer architects and had a great time attending ASPLOS, meeting up with former KRG undergrad researcher Subash Katel. Subash explained to them the cool quantum computing research he’s doing for his PhD at Princeton and introduced them to many researchers. It’s always great to reconnect. 

Dr. Jennifer Switzer successfully defended her Ph.D. thesis, which laid the foundation for repurposing smartphones to reduce their significant environmental impacts. Over their short lifetimes, smartphones consume an immense amount of carbon, which is a rough but good estimate of their environmental impact. The vast majority of that carbon consumption is due to their manufacturing. Manufacturing modern computer chips is an insanely complex, environmentally costly, and expensive undertaking.

Most of us purchase smartphones regularly; the average American gets a new one every 2 years or less. Our old smartphones are often discarded not because their processors are not valuable, but because the screens are broken, the user wants better cameras, the phone is no longer “en vogue”, and many other reasons. But the huge environmental impact of developing these processors is sadly discarded when the user upgrades to the latest and greatest smartphone. Jen’s thesis studied how to best repurpose these unwanted, but extremely useful and valuable phones.

It turns out, as Jen’s thesis succinctly outlines, the best way to repurpose older smartphones is to rebuild them into the data center. Jen outlined, prototyped, and demonstrated how this would be feasible.

Her thesis has been tremendously impactful to date, and I have no doubt that its impact will grow. In the popular press, her research was featured in articles on Hacker News and Hackaday. Her ASPLOS paper received a Distinguished Paper Award and has over 60,000 downloads, making it the most downloaded paper in ASPLOS history by a significant margin. We were awarded a National Science Foundation grant through the Design for Environmental Sustainability in Computing program. We were awarded several Google grants, which enabled us to work closely with Dave Patterson and other Googlers to develop racks of repurposed smartphones to be deployed at UCSD over the next 1-2 years.

It should be obvious that Jen is a tremendously unique Ph.D. student. I work with *a lot* of undergraduate students, and many of them ask about what a Ph.D. entails. Most are (rightfully) overwhelmed by the Ph.D. process. A common question is: how can I come up with a novel research idea on my own? I always tell them that it is not their goal. Their advisor will define the research direction and guide them along the process. Eventually, after 4-5 years, they will own the research area and define their research goals. Jen came to UCSD with her own vision and delivered on it in an amazing and substantial way. Jen was a unicorn in this regard. She came in knowing exactly what she wanted to do with her Ph.D. And she did what she said and more.

Luckily for us, Jen will move to Google to do a post-doc with Dave Patterson to continue developing this project to repurpose 10K+ smartphones into a UCSD data center. It is always bittersweet to see Ph.D. students graduate, but I’m certainly glad that Jen will continue to lead this impactful research project.

Francesco Restuccia recently presented our research project “BASTION: A Framework for Secure Third-Party IP Integration in NoC-based SoC Platforms” at the Conference on Cryptographic Hardware and Embedded Systems (CHES) 2025 in Kuala Lumpur, Malaysia.

BASTION addresses one of the most critical challenges in hardware security: access control. Access control vulnerabilities appear in 5 out of 11 entries on 2025 MITRE’s list of most important hardware CWEs. By combining hardware design with rigorous security verification, BASTION provides a comprehensive framework for building provably verifiable access control systems on NoC-based platforms.

BASTION is a collaborative project, and it would not have been possible without the key contributions of Zhenghua Ma and Andres Meza from our UCSD hardware security team, together with Joseph Zuckerman, Biruk Seyoum, and Luca Carloni from Columbia University.

BASTION is integrated with the ESP platform and is open-source. Check out our GitHub repo and paper.

Olivia Weng and Alexander Redding had two invited presentations to describe our group’s latest and greatest reearch on fault-tolerant neural networks at the Fast Machine Learning for Science Conference. Alexander introduced Arbolta, a tool that bridges the gap between software and hardware fault injection by simulating faults in accelerators at the gate-level. Arbolta was born out of Alexander’s AMD internship under the supervision of Ian Colbert. Olivia presented on PrioriFI, a software fault injection tool that prioritizes flipping the most sensitive parameter bits in a neural network first. PrioriFI is a joint project with Nhan Tran from FermiLab.

There were many interesting presentations this year from across computer science, engineering, and physics. Our group enjoys attending FastML every year, meeting up with our collaborators across seas and sciences.

The end of the academic year just finished and a couple of our group members received UCSD Department of Computer Science and Engineering Awards. Undergraduate researcher Subhash Katel was given the Award for Excellence in Research. Subash did outstanding research on the Junkyard Computing project and helped out with our parallel computing efforts. Subash will continue his studies at Princeton University as a Ph.D. student. Olivia Weng was given the award for Excellence in Service and Leadership. Amongst Liv’s many service and leadership roles are serving as the student representative for the department’s graduate commitee (gradcom), helping to running the social hour, and leading the DEI Book Club.

When developing a software, firmware, or hardware design, designers work to ensure the final design behaves and functions as required by the design’s specification (a list of desired behaviors/functionalities). While verifying the functionality of a design is certainly crucial, designers must also verify that the way they implemented the desired functionality does not introduce security or safety weaknesses. Identifying such weaknesses requires designers to have not only a broad knowledge of potential weaknesses but also a reliable way of detecting instances of these weakness in their code. This is by no means an easy task but there are resources to help point designers in the right direction. One invaluable resource is Mitre’s Common Weakness Enumeration (CWE), a community-developed list of software and hardware weaknesses that can become vulnerabilities.

On April 3, 2025, Mitre released CWE Version 4.17 which, among many other updates, contained a new CWE entry contributed by Andy Meza and Jason Oberg (CWE-1431: Driving Intermediate Cryptographic State/Results to Hardware Module Outputs). This CWE was developed based on our security analysis of the open-source hardware root of trust OpenTitan (see paper here). Using hardware information flow tracking enabled by Cycuity’s Radix-S, we discovered a weakness in the implementation of a crypto core in OpenTitan’s one-time programmable memory controller. Despite being a commonly seen weakness that is relevant to many systems, there was no corresponding CWE entry for the detected weakness. So, we submitted a CWE proposal to Mitre’s CWE team and eventually began working with them to prepare CWE-1431 for release.

The development of CWE-1431, along with the original security analysis, was a collaborative effort led by Andy Meza. It featured a great team of academic and industry researchers: Andy Meza, Francesco Restuccia, Jason Oberg, Dominic Rizzo, and Ryan Kastner. We look forward to contributing more CWEs in the future and encourage others in the community to do the same.

On-chip communication protocols like ARM AXI, RISC-V TileLink, and Wishbone govern communications between processors, memories, I/O, and accelerators. These protocols were developed to maximize performance. Their focus on performance leaves the protocols vulnerable to security risks as many implementations either do not follow the standard or the standard leaves important vulnerabilities underspecified. This is dangerous as it opens the door to exploits that can snoop on on-chip communication or lead to denial of service attacks.

eXpect was developed to systematically analyze AXI implementations for functional and security violations. Testing it on seven implementations, including AMD Xilinx and RISC-V PULP, revealed 135 violations, with 10 leading to seven significant exploits. These exploits demonstrated risks like using stale data and bypassing memory operations, which went undetected by AMD Xilinx’s protocol checkers in most cases.

eXpect was a collaboration started during Ryan’s Zurich sabbatical in 2022. The research was lead by Melisande Zonta-Roudes in Prof. Shweta Shinde‘s ETH Zurich research group. KRG members Francesco Restuccia played a key role in developing the initial ideas and Andy Meza helped with the implementation and testing.

eXpect was nominated for the Best Paper Award at the IEEE/ACM International Conference on Computer-Aided Design (ICCAD) 2024. Congrats to all the authors!

After a many year hiatus, our research group retreat returned to Mammoth Lakes in late August. The days were spent hiking, swimming, and sightseeing in the Eastern Sierras and the evenings were spent discussing research plans for the upcoming year.