Publications

(2025). RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes (to appear). Proceedings of the 46th IEEE Symposium on Security and Privacy (Oakland).

(2023). QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland).

Slides Paper

(2022). Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients. Proceedings of the 2022 International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

Slides Paper

(2021). HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators. Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS).

Code Slides Paper

(2021). BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS).

Code Slides Paper

(2020). Automatic Techniques to Systematically Discover New Heap Exploitation Primitives. Proceedings of the 29th USENIX Security Symposium (Security).

Code Slides Paper

(2020). Fuzzing JavaScript Engines with Aspect-preserving Mutation. Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland).

Slides Paper

(2018). REPT: Reverse Debugging of Failures in Deployed Software. Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Jay Lepreau Best Paper Award.

Slides Paper

(2018). QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Proceedings of the 27th USENIX Security Symposium (Security). Distinguished Paper Award.

Code Slides Paper

(2016). APISan: Sanitizing API Usages through Semantic Cross-checking. Proceedings of the 25th USENIX Security Symposium (Security). Nominated as a finalist in CSAW Best Applied Research Paper Award 2016.

Code Slides Paper

(2016). HDFI: Hardware-Assisted Data-Fow Isolation. Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland).

Code Slides Paper

(2014). Analyzing Security of Korean USIM-based PKI Certificate Service. Proceedings of the 15th International Workshop on Information Security Applications (WISA).

(2012). Kargus: A Highly-scalable Software-based Intrusion Detection System. Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS).

Slides Paper