Publications

2025

Jihee Park, Insu Yun, Sukyoung Ryu (2025). Bridging the Gap between Real-World and Formal Binary Lifting through Filtered-Simulation (to appear). Proceedings of the ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) 2025.

Suhwan Jeong, Beomseok Oh, Kwangmin Kim, Insu Yun, Yongdae Kim, CheolJun Park (2025). FirmState: Bringing Cellular Protocol States to Shannon Baseband Emulation (to appear). Proceedings of the 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec).

Sujin Han, Jinseo Kim, Sung-Ju Lee, Insu Yun (2025). Automated Attack Synthesis for Constant Product Market Makers (to appear). Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2025.

Junyoung Park, Yunho Kim, Insu Yun (2025). RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes (to appear). Proceedings of the 46th IEEE Symposium on Security and Privacy (Oakland).

2024

Haein Lee, Insu Yun (2024). From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory. TyphoonCon 2024.

Code Slides

2023

Dongok Kim, Seunghyun Lee, Insu Yun (2023). One shot, Triple kill: Pwning all three Google kernelCTF instances with a single 1-day Linux vulnerability. POC 2023.

Slides

Eunsoo Kim, Min Woo Baek, CheolJun Park, Dongkwan Kim, Yongdae Kim, Insu Yun (2023). BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software. Proceedings of the 32nd USENIX Security Symposium (Security).

Slides Paper

HyungSeok Han, JeongOh Kyea, Yonghwi Jin, Jinoh Kang, Brian Park, Insu Yun (2023). QueryX: Symbolic Query on Decompiled Code for Finding Bugs in COTS Binaries. Proceedings of the 44th IEEE Symposium on Security and Privacy (Oakland).

Slides Paper

2022

Juhyeng Han, Insu Yun, Seongmin Kim, Taesoo Kim, Sooel Son, Dongsu Han (2022). Scalable and Secure Virtualization of HSM with ScaleTrust. IEEE/ACM Transactions on Networking (ToN).

Daehee Jang, Ammar Askar, Insu Yun, Stephen Tong, Yiqin Cai, Taesoo Kim (2022). Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients. Proceedings of the 2022 International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

Slides Paper

CheolJun Park, Sangwook Bae, Beomseok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, Yongdae Kim (2022). DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices. Proceedings of the 31th USENIX Security Symposium (Security).

Code Slides Paper

2021

Insu Yun, Woosun Song, Seunggi Min, Taesoo Kim (2021). HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators. Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS).

Code Slides Paper

Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, Jungwon Lim, Sanidhya Kashyap, Taesoo Kim (2021). Preventing Use-After-Free Attacks with Fast Forward Allocation. Proceedings of the 30th USENIX Security Symposium (Security).

Code Slides Paper

Hyunsik Jung, Insu Yun, Yongdae Kim (2021). Analyzing Qualcomm Hexagon Emulators via Differential Testing. Proceedings of the Conference on Information Security and Cryptography Summer(CISC-S) 2021.

Eunsoo Kim, Dongkwan Kim, CheolJun Park, Insu Yun, Yongdae Kim (2021). BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS).

Code Slides Paper

2020

Insu Yun (2020). Concolic Execution Tailored for Hybrid Fuzzing.

Yonghwi Jin, Jungwon Lim, Insu Yun, Taesoo Kim (2020). Compromising the macOS kernel through Safari by chaining six vulnerabilities. Black Hat USA Briefings (Black Hat USA).

Code Slides

Insu Yun, Dhaval Kapil, Taesoo Kim (2020). Automatic Techniques to Systematically Discover New Heap Exploitation Primitives. Proceedings of the 29th USENIX Security Symposium (Security).

Code Slides Paper

Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, Taesoo Kim (2020). Fuzzing JavaScript Engines with Aspect-preserving Mutation. Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). Nominated as a finalist in CSAW Best Applied Research Paper Award 2020.

Slides Paper

2018

Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, Insu Yun (2018). REPT: Reverse Debugging of Failures in Deployed Software. Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Jay Lepreau Best Paper Award.

Slides Paper

Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, Taesoo Kim (2018). QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing. Proceedings of the 27th USENIX Security Symposium (Security). Distinguished Paper Award.

Code Slides Paper

2017

Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, Taesoo Kim (2017). CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems. Proceedings of the 2017 USENIX Annual Technical Conference (ATC).

Slides Paper

Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, Taesoo Kim (2017). AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically. Black Hat USA Briefings (Black Hat USA).

Code Slides

2016

Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik (2016). APISan: Sanitizing API Usages through Semantic Cross-checking. Proceedings of the 25th USENIX Security Symposium (Security). Nominated as a finalist in CSAW Best Applied Research Paper Award 2016.

Code Slides Paper

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung Paek (2016). HDFI: Hardware-Assisted Data-Fow Isolation. Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland).

Code Slides Paper

2014

Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, Yongdae Kim (2014). Analyzing Security of Korean USIM-based PKI Certificate Service. Proceedings of the 15th International Workshop on Information Security Applications (WISA).

2012

Muhammad Jamshed, Jihyung Lee, Sangwoo Moon, Insu Yun, Deokjin Kim, Sungryoul Lee, Yung Yi, KyoungSoo Park (2012). Kargus: A Highly-scalable Software-based Intrusion Detection System. Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS).

Slides Paper