Malte Elson

Luisa Jansen, Tim Ulmann, Robine Jordi et al.

Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification attacks using the approach of red teaming versus blue teaming: a technique commonly employed in security testing, where one team tries to re-identify data, and the other team tries to prevent it. We discuss our experience applying this method to data collected in a mixed-methods study in human-centered privacy. We present usable materials for researchers to apply red teaming when anonymizing and publishing their studies' data.

Jamie Cummins, Beth Clarke, Ian Hussey et al.

Across the social and medical sciences, researchers recognize that specifying planned research activities (i.e., 'registration') prior to the commencement of research has benefits for both the transparency and rigour of science. Despite this, evidence suggests that study registrations frequently go unexamined, minimizing their effectiveness. In a way this is no surprise: manually checking registrations against papers is labour- and time-intensive, requiring careful reading across formats and expertise across domains. The advent of AI unlocks new possibilities in facilitating this activity. We present RegCheck, a modular LLM-assisted tool designed to help researchers, reviewers, and editors from across scientific disciplines compare study registrations with their corresponding papers. Importantly, RegCheck keeps human expertise and judgement in the loop by (i) ensuring that users are the ones who determine which features should be compared, and (ii) presenting the most relevant text associated with each feature to the user, facilitating (rather than replacing) human discrepancy judgements. RegCheck also generates shareable reports with unique RegCheck IDs, enabling them to be easily shared and verified by other users. RegCheck is designed to be adaptable across scientific domains, as well as registration and publication formats. In this paper we provide an overview of the motivation, workflow, and design principles of RegCheck, and we discuss its potential as an extensible infrastructure for reproducible science with an example use case.

Carina Wiesen, Steffen Becker, Marc Fyrbiak et al.

Since underlying hardware components form the basis of trust in virtually any computing system, security failures in hardware pose a devastating threat to our daily lives. Hardware reverse engineering is commonly employed by security engineers in order to identify security vulnerabilities, to detect IP violations, or to conduct very-large-scale integration (VLSI) failure analysis. Even though industry and the scientific community demand experts with expertise in hardware reverse engineering, there is a lack of educational offerings, and existing training is almost entirely unstructured and on the job. To the best of our knowledge, we have developed the first course to systematically teach students hardware reverse engineering based on insights from the fields of educational research, cognitive science, and hardware security. The contribution of our work is threefold: (1) we propose underlying educational guidelines for practice-oriented courses which teach hardware reverse engineering; (2) we develop such a lab course with a special focus on gate-level netlist reverse engineering and provide the required tools to support it; (3) we conduct an educational evaluation of our pilot course. Based on our results, we provide valuable insights on the structure and content necessary to design and teach future courses on hardware reverse engineering.

Marc Fyrbiak, Sebastian Strauß, Christian Kison et al.

Hardware reverse engineering is a universal tool for both legitimate and illegitimate purposes. On the one hand, it supports confirmation of IP infringement and detection of circuit malicious manipulations, on the other hand it provides adversaries with crucial information to plagiarize designs, infringe on IP, or implant hardware Trojans into a target circuit. Although reverse engineering is commonplace in practice, the quantification of its complexity is an unsolved problem to date since both technical and human factors have to be accounted for. A sophisticated understanding of this complexity is crucial in order to provide a reasonable threat estimation and to develop sound countermeasures, i.e. obfuscation transformations of the target circuit, to mitigate risks for the modern IC landscape. The contribution of our work is threefold: first, we systematically study the current research branches related to hardware reverse engineering ranging from decapsulation to gate-level netlist analysis. Based on our overview, we formulate several open research questions to scientifically quantify reverse engineering, including technical and human factors. Second, we survey research on problem solving and on the acquisition of expertise and discuss its potential to quantify human factors in reverse engineering. Third, we propose novel directions for future interdisciplinary research encompassing both technical and psychological perspectives that hold the promise to holistically capture the complexity of hardware reverse engineering.