Publications

2025

(2025). Bridging the Gap between Real-World and Formal Binary Lifting through Filtered-Simulation (to appear). Proceedings of the ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) 2025.

(2025). FirmState: Bringing Cellular Protocol States to Shannon Baseband Emulation (to appear). Proceedings of the 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).

(2025). Automated Attack Synthesis for Constant Product Market Makers (to appear). Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2025.

(2025). RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes (to appear). Proceedings of the 46th IEEE Symposium on Security and Privacy (Oakland).

2024

2023

(2023). BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software. Proceedings of the 32nd USENIX Security Symposium (Security).

Slides Paper

(2023). QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland).

Slides Paper

2022

(2022). Scalable and Secure Virtualization of HSM with ScaleTrust. IEEE/ACM Transactions on Networking (ToN).

(2022). Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients. Proceedings of the 2022 International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

Slides Paper

(2022). DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices. Proceedings of the 31th USENIX Security Symposium (Security).

Code Slides Paper

2021

(2021). HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators. Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS).

Code Slides Paper

(2021). Preventing Use-After-Free Attacks with Fast Forward Allocation. Proceedings of the 30th USENIX Security Symposium (Security).

Code Slides Paper

(2021). Analyzing Qualcomm Hexagon Emulators via Differential Testing. Proceedings of the Conference on Information Security and Cryptography Summer(CISC-S) 2021.

(2021). BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS).

Code Slides Paper

2020

(2020). Compromising the macOS kernel through Safari by chaining six vulnerabilities. Black Hat USA Briefings (Black Hat USA).

Code Slides

(2020). Automatic Techniques to Systematically Discover New Heap Exploitation Primitives. Proceedings of the 29th USENIX Security Symposium (Security).

Code Slides Paper

(2020). Fuzzing JavaScript Engines with Aspect-preserving Mutation. Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). Nominated as a finalist in CSAW Best Applied Research Paper Award 2020.

Slides Paper

2018

(2018). REPT: Reverse Debugging of Failures in Deployed Software. Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Jay Lepreau Best Paper Award.

Slides Paper

(2018). QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Proceedings of the 27th USENIX Security Symposium (Security). Distinguished Paper Award.

Code Slides Paper

2017

(2017). CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems. Proceedings of the 2017 USENIX Annual Technical Conference (ATC).

Slides Paper

(2017). AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically. Black Hat USA Briefings (Black Hat USA).

Code Slides

2016

(2016). APISan: Sanitizing API Usages through Semantic Cross-checking. Proceedings of the 25th USENIX Security Symposium (Security). Nominated as a finalist in CSAW Best Applied Research Paper Award 2016.

Code Slides Paper

(2016). HDFI: Hardware-Assisted Data-Fow Isolation. Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland).

Code Slides Paper

2014

(2014). Analyzing Security of Korean USIM-based PKI Certificate Service. Proceedings of the 15th International Workshop on Information Security Applications (WISA).

2012

(2012). Kargus: A Highly-scalable Software-based Intrusion Detection System. Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS).

Slides Paper