SoK: From Silicon to Netlist and Beyond $-$ Two Decades of Hardware Reverse Engineering Research

TL;DR

This paper systematically reviews two decades of Hardware Reverse Engineering research, analyzing 187 publications to identify methods, challenges, and reproducibility issues, and offers recommendations for more coordinated future research.

Contribution

It provides a comprehensive systematization of HRE research, highlighting reproducibility problems and proposing stakeholder-centric strategies for improvement.

Findings

Only 4% of studies had reproducible artifacts

Reproducibility and standardization are major challenges

Legal clarity is needed for public HRE research

Abstract

As hardware serves as the root of trust in modern computing systems, Hardware Reverse Engineering (HRE) is foundational for security assurance. In practice, HRE enables critical security applications, including design verification, supply-chain assurance, and vulnerability discovery. Over the past two decades, academic research on Integrated Circuit (IC), Field-Programmable Gate Array (FPGA), and netlist reverse engineering has steadily grown. However, knowledge remains fragmented across domains and communities, which complicates assessing the state of the art and hampers identifying shared research challenges. In this paper, we present a systematization of knowledge based on an in-depth analysis of 187 peer-reviewed publications. Using this corpus, we characterize technical methods across the HRE workflow and identify technical and organizational challenges that impede research progress. We analyze all 30 artifacts from our corpus using established artifact evaluation practices. Key results could be reproduced for only seven publications (4%). Based on our findings, we derive stakeholder-centric recommendations for academia, industry, and government to enable more coordinated and reproducible HRE research. These recommendations target three cross-cutting opportunities: (i) improving reproducibility and reuse via artifact-centric practices, (ii) enabling rigorous comparability through standardized benchmarks and evaluation metrics, and (iii) improving legal clarity for public HRE research.