pith. sign in

arxiv: 2606.03697 · v1 · pith:RT3TJEXFnew · submitted 2026-06-02 · 💻 cs.CY · cs.CR

Designing a Hardware Reverse Engineering Course: Lessons from Eight Years in a Rapidly Evolving Tech Domain

Zehra Karada\u{g} , Ren\'e Walendy , Carina Wiesen , Christof Paar , Nikol Rummel , Steffen Becker This is my paper

Pith reviewed 2026-06-28 07:58 UTC · model grok-4.3

classification 💻 cs.CY cs.CR
keywords hardware reverse engineeringcourse designlessons learnedrapidly evolving domainsiterative curriculumworkload managementundergraduate educationhardware security
0
0 comments X

The pith

Reflections on nine iterations of a hardware reverse engineering course yield design priorities for educators in fast-changing tech fields

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper describes a hardware reverse engineering course aimed at junior undergraduates and run for nine iterations from 2017 to 2025 at one European university. The authors track changes made to course organization, content, and assignments across those years and extract lessons from that process. They convert the lessons into concrete design priorities intended for teachers who develop courses in other rapidly evolving technology areas. The priorities center on allowing the course to develop through repeated cycles and on keeping the total workload reasonable for students and instructors. Some graduates of the course have entered hardware reverse engineering careers.

Core claim

By reflecting on the evolution of the course organization, content, and assignments over nine iterations, the authors derive key lessons learned and distill these insights into actionable design priorities for educators developing courses in rapidly evolving technological domains, emphasizing iterative growth and sustainable workload management for both students and instructors.

What carries the argument

The HRE course, refined iteratively through adjustments to organization, content, and assignments across nine years

If this is right

  • Courses in rapidly evolving domains can stay relevant through repeated cycles of adjustment based on prior runs.
  • Attention to sustainable workload supports continued participation by both students and instructors over multiple years.
  • Targeted undergraduate courses in hardware reverse engineering can increase the supply of domain experts needed for supply-chain security work.
  • The same reflection process on organization, content, and assignments can be repeated in future iterations to maintain the priorities.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The priorities may need local adaptation when transferred to institutions with different resources or student backgrounds.
  • Running a controlled trial of the design priorities in a course on a different fast-moving technology would test their transferability.
  • The same iterative reflection method could be applied to courses in neighboring areas such as embedded-systems security or software reverse engineering.

Load-bearing premise

That reflections from a single course at one institution yield generalizable design priorities that other educators can apply directly in different settings.

What would settle it

A comparison study in which educators in another rapidly evolving domain apply the stated design priorities and show no measurable improvement in course adaptation or workload balance compared with courses that do not follow them.

read the original abstract

Integrated Circuits (ICs) are omnipresent, yet their globalized manufacturing process remains vulnerable to supply chain threats. Hardware Reverse Engineering (HRE) is essential for detecting such threats and re-establishing trust; however domain experts remain scarce due to a lack of educational programs. To contribute educational insights in this critical and rapidly evolving technology domain, we present our HRE course focusing on digital circuit analysis and digital circuit extraction from ICs. The course targets junior-level undergraduates at a major European research university. The curriculum has been refined over nine iterations (2017-2025), with several alumni subsequently pursuing careers in the HRE field. By reflecting on the evolution of the course organization, content, and assignments, we derive key lessons learned. We further distill these insights into actionable design priorities for educators developing courses in rapidly evolving technological domains, emphasizing iterative growth and sustainable workload management for both students and instructors.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript presents a Hardware Reverse Engineering (HRE) course for junior undergraduates at a major European research university. The curriculum has been refined over nine iterations from 2017 to 2025. By reflecting on the evolution of course organization, content, and assignments, the authors derive key lessons and distill them into actionable design priorities for educators in rapidly evolving technological domains, focusing on iterative growth and sustainable workload management. Several alumni have pursued careers in HRE.

Significance. The paper addresses a gap in educational programs for a critical domain where experts are scarce. If the distilled priorities prove transferable, it could aid educators in similar fields. However, the reflective nature without quantitative metrics means the significance is primarily in sharing practical experiences rather than providing empirically validated guidelines.

major comments (2)
  1. [Abstract] Abstract: The central claim that reflections on nine iterations 'yield key lessons' which can be 'distilled into actionable design priorities' for other educators is load-bearing but unsupported; the abstract supplies no enrollment trends, completion rates, skill assessments, controlled comparisons, or external validation to substantiate effectiveness or transferability.
  2. [Abstract] Abstract: The weakest assumption—that single-institution reflections without outcome metrics or falsifiable criteria produce generalizable priorities—is not addressed or tested, leaving the distillation of insights into priorities without independent support in the available text.
minor comments (1)
  1. [Abstract] Abstract: The title refers to 'Eight Years' while the text states nine iterations (2017-2025); clarify the exact timeframe and iteration count for consistency.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for highlighting the need to clarify the scope and evidential basis of our claims in the abstract. The manuscript is an experience report drawing on nine iterations of course development; we will revise the abstract to more precisely characterize the nature of the contribution as reflective lessons rather than empirically validated or generalizable guidelines.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The central claim that reflections on nine iterations 'yield key lessons' which can be 'distilled into actionable design priorities' for other educators is load-bearing but unsupported; the abstract supplies no enrollment trends, completion rates, skill assessments, controlled comparisons, or external validation to substantiate effectiveness or transferability.

    Authors: We agree that the abstract should not imply empirical substantiation. The paper is explicitly positioned as an experience report that distills practical lessons from iterative course refinement. We will revise the abstract to state that the priorities are derived from observed challenges and adaptations across iterations and are offered as actionable considerations for educators facing similar domains, without claiming transferability or effectiveness metrics. The body of the manuscript already details the evolution of organization, content, and assignments that informed these priorities. revision: partial

  2. Referee: [Abstract] Abstract: The weakest assumption—that single-institution reflections without outcome metrics or falsifiable criteria produce generalizable priorities—is not addressed or tested, leaving the distillation of insights into priorities without independent support in the available text.

    Authors: We accept that the abstract does not explicitly qualify the single-institution, reflective basis of the work. We will revise the abstract to note that the design priorities emerge from sustained, single-institution experience and are presented as practitioner-derived insights rather than tested, generalizable results. No new outcome metrics or falsifiable criteria will be added, as the manuscript does not collect or analyze such data; the contribution remains the documentation of curriculum evolution and the resulting heuristics for workload and content management in rapidly changing technical fields. revision: partial

Circularity Check

0 steps flagged

No circularity: purely reflective distillation of experiential lessons

full rationale

The paper reports reflections on nine iterations of a single-institution HRE course and distills them into design priorities. No equations, parameters, predictions, or derivations exist that could reduce to inputs by construction. None of the enumerated circularity patterns (self-definitional, fitted-input prediction, self-citation load-bearing, uniqueness imported, ansatz smuggling, or renaming) apply. The central claim rests on the authors' own experience, which is the explicit subject of a reflective report and does not constitute a tautological reduction. External validation or metrics are absent, but that is an evidence-strength issue, not circularity. Score 0 is the appropriate finding for a self-contained reflective paper without mathematical or parametric claims.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No quantitative model, derivation, or data analysis is described; the paper is an experience report with no free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5708 in / 1032 out tokens · 14707 ms · 2026-06-28T07:58:28.102405+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

29 extracted references · 19 canonical work pages

  1. [1]

    Nils Albartus, Max Hoffmann, Sebastian Temme, Leonid Azriel, and Christof Paar. 2020. DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering.IACR Trans. Cryptogr. Hardw. Embed. Syst.2020, 4 (2020), 309–336. doi:10.13154/TCHES.V2020.I4.309-336

    work page doi:10.13154/tches.v2020.i4.309-336 2020

  2. [2]

    Leonid Azriel, Julian Speith, Nils Albartus, Ran Ginosar, Avi Mendelson, and Christof Paar. 2021. A survey of algorithmic methods in IC reverse engineering. Journal of Cryptographic Engineering11, 3 (2021), 299–315. doi:10.1007/s13389- 021-00268-5

    work page doi:10.1007/s13389- 2021

  3. [3]

    2022.Human factors in hardware reverse engineering

    Steffen Becker. 2022.Human factors in hardware reverse engineering. Ph. D. Dissertation. Ruhr-Universität Bochum, Universitätsbibliothek. doi:10.13154/294- 9414

    work page doi:10.13154/294- 2022

  4. [4]

    2019.Hardware Trojan

    Steffen Becker and Christof Paar. 2019.Hardware Trojan. Springer, Berlin, Heidelberg, 1–3. doi:10.1007/978-3-642-27739-9_1703-2

    work page doi:10.1007/978-3-642-27739-9_1703-2 2019

  5. [5]

    Hsiao, Mainak Banga, and Seetharam Narasimhan

    Swarup Bhunia, Michael S. Hsiao, Mainak Banga, and Seetharam Narasimhan

  6. [6]

    IEEE102, 8 (2014), 1229–1247

    Hardware Trojan Attacks: Threat Analysis and Countermeasures.Proc. IEEE102, 8 (2014), 1229–1247. doi:10.1109/JPROC.2014.2334493

    work page doi:10.1109/jproc.2014.2334493 2014

  7. [7]

    Albert, and Elizabeth A

    Brian Cohen, Michelle G. Albert, and Elizabeth A. McDaniel. 2018. The Need for Higher Education in Cyber Supply Chain Security and Hardware Assurance. International Journal of Systems and Software Security and Protection (IJSSSP)9, 2 (April 2018), 14–27. doi:10.4018/IJSSSP.2018040102

    work page doi:10.4018/ijsssp.2018040102 2018

  8. [8]

    European Parliament and Council. 2023.Regulation (EU) 2023/1781 of the European Parliament and of the Council of 13 September 2023 Establishing a Framework of Measures for Strengthening Europe’s Semiconductor Ecosystem and Amending Regulation (EU) 2021/694 (Chips Act) (Text with EEA Relevance). http://data. europa.eu/eli/reg/2023/1781/oj/eng Accessed: 2026-01-08

    2023

  9. [9]

    Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, and Christof Paar

  10. [10]

    doi:10.1109/TDSC.2018.2812183

    HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering, Lessons from Eight Years in a Rapidly Evolving Tech Domain Trojan Detection and Insertion.IEEE Transactions on Dependable and Secure Computing16, 3 (2019), 498–510. doi:10.1109/TDSC.2018.2812183

    work page doi:10.1109/tdsc.2018.2812183 2019

  11. [11]

    Ujjwal Guin, Ke Huang, Daniel DiMase, John M Carulli, Mohammad Tehranipoor, and Yiorgos Makris. 2014. Counterfeit integrated circuits: A rising threat in the global semiconductor supply chain.Proc. IEEE102, 8 (2014), 1207–1228. doi:10.1109/JPROC.2014.2332291

    work page doi:10.1109/jproc.2014.2332291 2014

  12. [12]

    Basel Halak. 2021. CIST: A Threat Modelling Approach for Hardware Supply Chain Security. InHardware Supply Chain Security: Threat Modelling, Emerging Attacks and Countermeasures, Basel Halak (Ed.). Springer, Cham, 3–65. doi:10. 1007/978-3-030-62707-2_1

    2021

  13. [13]

    Simon Klix, Nils Albartus, Julian Speith, Paul Staat, Alice Verstege, Annika Wilde, Daniel Lammers, Jörn Langheinrich, Christian Kison, Sebastian Sester-Wehle, Daniel Holcomb, and Christof Paar. 2024. Stealing Maggie’s Secrets-On the Challenges of IP Theft Through FPGA Reverse Engineering. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and...

    work page doi:10.1145/3658644.3690235 2024

  14. [14]

    Zsolt Lavicza, Robert Weinhandl, Theodosia Prodromou, Branko Anđić, Diego Lieban, Markus Hohenwarter, Kristof Fenyvesi, Christopher Brownell, and Jose Manuel Diego-Mantecón. 2022. Developing and Evaluating Educational Innovations for STEAM Education in Rapidly Changing Digital Technology Environments.Sustainability14, 12 (2022), 1–15. doi:10.3390/su14127237

    work page doi:10.3390/su14127237 2022

  15. [15]

    Bernhard Lippmann, Matthias Ludwig, Detlef Houdeau, Nicola Kovač, and Horst Gieser. 2023. Towards a Comprehensive System for Physical Hardware Inspection for Trust. In2023 IEEE Physical Assurance and Inspection of Electronics (PAINE). IEEE, Denver, CO, USA, 1–7. doi:10.1109/PAINE58317.2023.10318020

    work page doi:10.1109/paine58317.2023.10318020 2023

  16. [16]

    Souhail Mssassi, Anas Abou El Kalam, and Younes Jabrane. 2024. On FPGA Security and Bitstream Reverse Engineering. InInternational Conference on Connected Objects and Artificial Intelligence. Springer, Springer, Cham, 8–13. doi:10.1007/978-3-031-70411-6_2

    work page doi:10.1007/978-3-031-70411-6_2 2024

  17. [17]

    Katsikas

    Arne Roar Nygård and Sokratis K. Katsikas. 2024. Ethical Hardware Reverse Engineering for Securing the Digital Supply Chain in Critical Infrastructure. Information & Computer Security32, 3 (Jan. 2024), 365–377. doi:10.1108/ICS-10- 2023-0182

    work page doi:10.1108/ics-10- 2024

  18. [18]

    Raspberry Pi Foundation. 2021. The Big Book of Computing Ped- agogy. https://www.raspberrypi.org/hello-world/issues/the-big-book-of- computing-pedagogy

    2021

  19. [19]

    M. G. Rekoff. 1985. On Reverse Engineering.IEEE Transactions on Systems, Man, and CyberneticsSMC-15, 2 (March 1985), 244–252. doi:10.1109/TSMC.1985. 6313354

    work page doi:10.1109/tsmc.1985 1985

  20. [20]

    2022.H.R.4346 - 117th Congress (2021-2022): CHIPS and Science Act

    Jim Ryan. 2022.H.R.4346 - 117th Congress (2021-2022): CHIPS and Science Act. https://www.congress.gov/bill/117th-congress/house-bill/4346/text Accessed: 2026-01-08

    2022

  21. [21]

    Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A Survey of Hardware Trojan Taxonomy and Detection.IEEE Des. Test Comput.27, 1 (2010), 10–25. doi:10.1109/MDT.2010.7

    work page doi:10.1109/mdt.2010.7 2010

  22. [22]

    Randy Torrance and Dick James. 2009. The State-of-the-Art in IC Reverse Engineering. InCryptographic Hardware and Embedded Systems - CHES 2009, Christophe Clavier and Kris Gaj (Eds.). Springer, Berlin, Heidelberg, 363–381. doi:10.1007/978-3-642-04138-9_26

    work page doi:10.1007/978-3-642-04138-9_26 2009

  23. [23]

    Jeroen J. G. van Merriënboer. 2019.The Four-Component Instructional Design Model: An Overview of Its Main Design Principles. School of Health Profes- sions Education, Faculty of Health, Medicine and Life Sciences, Maastricht Uni- versity, The Netherlands. https://www.4cid.org/wp-content/uploads/2021/04/ vanmerrienboer-4cid-overview-of-main-design-principl...

    2019

  24. [24]

    René Walendy, Markus Weber, Steffen Becker, Christof Paar, and Nikol Rum- mel. 2025. An Evidence-Based Curriculum Initiative for Hardware Reverse Engineering Education. InProceedings of the 56th ACM Technical Symposium on Computer Science Education V. 1, SIGCSE TS 2025, Pittsburgh, PA, USA, 26 February 2025 - 1 March 2025, Jeffrey A. Stone, Timothy T. Yue...

    2025

  25. [25]

    doi:10.1145/3641554.3701797

    work page doi:10.1145/3641554.3701797

  26. [26]

    Sebastian Wallat, Nils Albartus, Steffen Becker, Max Hoffmann, Maik Ender, Marc Fyrbiak, Adrian Drees, Sebastian Maaßen, and Christof Paar. 2019. Highway to HAL: open-sourcing the first extendable gate-level netlist reverse engineering framework. InProceedings of the 16th ACM International Conference on Computing Frontiers(Alghero, Italy)(CF ’19). ACM, Ne...

    arXiv 2019

  27. [27]

    Carina Wiesen, Steffen Becker, Nils Albartus, Christof Paar, and Nikol Rummel

  28. [28]

    In 2019 IEEE Frontiers in Education Conference (FIE)

    Promoting the Acquisition of Hardware Reverse Engineering Skills. In 2019 IEEE Frontiers in Education Conference (FIE). IEEE, New York, NY, USA, 1–9. doi:10.1109/FIE43999.2019.9028668

    work page doi:10.1109/fie43999.2019.9028668 2019

  29. [29]

    Carina Wiesen, Steffen Becker, Marc Fyrbiak, Nils Albartus, Malte Elson, Nikol Rummel, and Christof Paar. 2018. Teaching Hardware Reverse Engineering: Edu- cational Guidelines and Practical Insights. In2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE). IEEE, Wollongong, NSW, 438–445. doi:10.1109/TALE.2018.8615270

    work page doi:10.1109/tale.2018.8615270 2018