About Me
Hello, I am an assistant professor in
Department of Computer Science at
Indiana University Bloomington.
Previously, I earned my Ph.D. from
Purdue University in December 2023, where I was co-advised by
Prof. Dongyan Xu,
Prof. Antonio Bianchi, and
Prof. Z. Berkay Celik.
Before joining the Ph.D. program I was a researcher at
Agency for Defense Development.
I am a system security researcher. I develop program analysis and formal method techniques to tackle security threats in systems.
My research is best represented by my extensive work on robotic vehicles (RVs).
I was working on automatically finding logic bugs, patching them, and verifying the patches in RV control software.
In addition, I was uncovering the root causes and formulating countermeasures against physical sensor attacks that target RVs.
Currently, my efforts are dedicated to developing formal methods to address cyber and physical attacks against various cyber-physical systems, including satellites, autonomous vehicles, and industrial control systems.
If you are interested in a PhD position in my lab, please first submit your application to Indiana University and then email me [Link].
(info This website doesn't track any visitors, which means that you don't need to worry about disclosing your identity.)
Recent News
- [Sep 2025] I'm a program committee member of CCS 2026. (Please consider submitting your great work)
- [August 2025] It's my pleasure to serve VehicleSec 2026 as a general chair.
- [August 2025] I'll be teaching "Cyber-Physical System Security" for Fall 2025 at IU. The main topic is robotic vehicles security. Check out the syllabus for more details! [syllabus]
- [Mar 2025] It's my pleasure to serve NDSS 2026 as a publication chair.
- [Mar 2025] I'm a program committee member of NDSS 2026. (Please consider submitting your great work)
- [Mar 2025] I'm a program committee member of IEEE S&P 2026. (Please consider submitting your great work)
- [Feb 26, 2025] I got Distinguished Reviewer Award from NDSS'25.
- [November 2024] It's my pleasure to serve MSW 2025 as a chair. All IU faculties are very excited to host Midwest Security Workshop (MSW) 2025 in Bloomington, IN.
- [Feb 26, 2024] I got Outstanding Reviewer Award from VehicleSec'24.
- [October 19, 2023] It is my pleasure to be mentioned as one of the noteworthy reviewers at RAID’23.
- [April 20, 2023] I have been selected as a CPS (Cyber-Physical Systems) Rising Star, CPS-VO@NSF, 2023.
Education
-
Purdue University, West Lafayette, IN, USA
- Ph.D. in Computer Science
- May. 2018 - Dec. 2023
-
POSTECH, Pohang, Republic of Korea
- M.S. in Computer Science and Engineering
- Mar. 2013 - Feb. 2015
-
University of Seoul, Seoul, Republic of Korea
- B.S. in School of Computer Science
- Mar. 2011 - Feb. 2013
Full-time Work Experience
- Assistant Professor, Indiana University Bloomington (Aug. 2024 - ).
- Postdoctoral Research Associate, Purdue University (Jan. 2024 - Jul. 2024).
- Researcher, 3rd R&D Institute (Intelligence, Surveillance and Reconnaissance), Agency for Defense Development (Mar. 2015 - Mar. 2018).
- Auxiliary Policeman (as mandatory military service), Gwangju Metropolitan Police Agency (Jul. 2007 - May. 2009).
Publications
Conference
- Automated Discovery of Semantic Attacks in Multi-Robot Navigation Systems [pdf]
Doguhan Yeke, Kartik Anand Pant, Muslum Ozgur Ozmen, Hyungsub Kim, James Goppert, Inseok Hwang, Antonio Bianchi, Z. Berkay Celik
34th USENIX Security Symposium (USENIX 2025), Seattle, Washington, USA, August 13-15, 2025.
(acceptance rate: 407/2385=17.06%)
- Intent-aware Fuzzing for Android Hardened Application [pdf]
Seongyun Jeong, Minseong Choi, Haehyun Cho, Seokwoo Choi, Hyungsub Kim, Yuseok Jeon
32nd ACM Conference on Computer and Communications Security (CCS 2025), Taipei, Taiwan, October 13-17, 2025.
(acceptance rate: TBA)
- A Systematic Study of Physical Sensor Attack Hardness [pdf] [demo video] [talk] [github]
Hyungsub Kim, Rwitam Bandyopadhyay, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Yongdae Kim, Dongyan Xu
45th IEEE Symposium on Security and Privacy (Oakland) (S&P 2024), San Francisco, California, USA, May 20-23, 2024.
(acceptance rate: 261/1463=17.8%)
- Discovering Adversarial Driving Maneuvers against Autonomous Vehicles [pdf] [slide] [talk] [github]
Ruoyu Song, Muslum Ozgur Ozmen, Hyungsub Kim, Raymond Muller, Z. Berkay Celik, Antonio Bianchi
32nd USENIX Security Symposium (USENIX 2023), Anaheim, California, USA, August 9-11, 2023.
(acceptance rate: 442/1444=29.2%)
- PatchVerif: Discovering Faulty Patches in Robotic Vehicles [pdf] [slide] [demo videos] [talk] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
32nd USENIX Security Symposium (USENIX 2023), Anaheim, California, USA, August 9-11, 2023.
(acceptance rate: 442/1444=29.2%)
- PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles [pdf] [slide] [teaser video] [talk] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
43rd IEEE Symposium on Security and Privacy (Oakland) (S&P 2022), San Francisco, California, USA, May 23-26, 2022.
(acceptance rate: 147/1012=14.5%)
- M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [pdf] [slide] [talk] [github]
Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian
30th USENIX Security Symposium (USENIX 2021), Vancouver, British Columbia, Canada, August 11-13, 2021.
(acceptance rate: 246/1316=18.7%)
- PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles [pdf] [slide] [talk] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
28th Network and Distributed System Security Symposium (NDSS 2021), San Diego, California, USA, February 21-24, 2021.
(acceptance rate: 87/573=15.2%)
- Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage [pdf] [slide] [web page] [passive attack video] [active attack video]
Hyungsub Kim, Sangho Lee, and Jong Kim
32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, California, USA, December 5-9, 2016.
(acceptance rate: 48/210=22.8%)
-
Identifying Cross-origin Resource Status Using Application Cache [pdf] [slide] [demo video]
Sangho Lee, Hyungsub Kim, and Jong Kim
22nd Network and Distributed System Security Symposium (NDSS 2015), San Diego, California, USA, February 8-11, 2015.
(acceptance rate: 50/302=16.6%)
-
Exploring and Mitigating Privacy Threats of HTML5 Geolocation API [pdf] [slide] [demo video]
Hyungsub Kim, Sangho Lee, and Jong Kim
30th Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, Louisiana, USA, December 8-12, 2014.
(acceptance rate: 47/236=19.9%)
Short Paper
-
Short: Rethinking Secure Pairing in Drone Swarms [pdf] [video]
Muslum Ozgur Ozmen, Habiba Farrukh, Hyungsub Kim, Antonio Bianchi, Z. Berkay Celik
The Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec 2023), San Diego, California, USA, February 27, 2023.
Workshop/Demo/Poster Papers
-
Poster: A Multi-Agent Framework for Formal Specification of Robotic Vehicle Control Software [pdf]
Chaoqi Zhang, Hyungsub Kim
3rd USENIX Symposium on Vehicle Security and Privacy (VehicleSec 2025), Seattle, WA, USA, August 11-12, 2025.
-
Demo: Discovering Faulty Patches in Robotic Vehicle Control Software [pdf] [demo video 1] [demo video 2]
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
The Inaugural ISOC Symposium on Vehicle Security and Privacy (VehicleSec 2023), San Diego, California, USA, February 27, 2023.
-
Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles [pdf] [demo video] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
4th International Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022), San Diego, California, USA, April 24, 2022.
Dissertation/Thesis
-
Defeating Cyber and Physical Attacks in Robotic Vehicles [pdf]
PhD dissertation, Department of Computer Science, Purdue University, 2023.
-
Privacy Threats in HTML5 Geolocation API: Case Studies and Countermeasures [pdf]
Master's Thesis, Department of Computer Science and Engineering, POSTECH, 2015.
Interdisciplinary Work
-
Community-based death preparation and education: A scoping review [pdf]
Sungwon Park, Hyungkyung Kim, Min Kyeong Jang, Hyungsub Kim, Rebecca Raszewski & Ardith Z. Doorenbos
Death Studies, March 11, 2022.
Student Mentoring
At Indiana University
PhD
|
Abhishek Bisht
|
Fall 2025 - Now
|
Working on attacks and defenses for swarm control algorithms
|
|
Rodoshie Reheean
|
Fall 2025 - Now
|
Working on open-source CPS software security
|
|
Soyeon Lee
|
Fall 2025 - Now
|
Working on modeling and simulating attacks against CPS
|
Master
- Rajay Ravikumar (Spring 2025)
- Luke Harris (Fall 2024)
Undergraduate
- Anthony Grego (Fall 2024)
- Maryanne McGlone (Fall 2024)
- Thomas Goeyardi (Fall 2024)
Research Intern
- Insup Lee @Korea University (Spring 2025)
- Ho-Jin Choi @Sogang University (Spring 2025)
- Ho Jun Lee @Purdue University (Spring 2025)
- Md Rayhanul Islam @University of Connecticut (Spring 2025)
- Jewook Park @Georgia Tech (Spring 2025)
At Purdue University
PhD
- Ruoyu Song (Fall 2021 - Spring 2024)
Master
- Rwitam Bandyopadhyay (Fall 2022 - Spring 2023)
Undergraduate
- Faaiz Masood Memon (Fall 2023 - Spring 2024)
Teaching
Lecturer
- Cyber-Physical Systems Security (CSCI-B 649), Fall 2025 [syllabus]
- Systems and Protocol Security and Information Assurance (CSCI-B 547 & INFO-I 533), Spring 2025 [syllabus]
- Security for Networked Systems (CSCI-B 544 & INFO-I 520), Fall 2024 [syllabus]
Guest Lecturer
- Topic: Defeating Logic bugs in Robotic Vehicles, Software Security (CS 490) Purdue University, West Lafayette, IN, USA, Fall 2023. [slide]
- Topic: Static Analysis, Software Security (CS 490) Purdue University, West Lafayette, IN, USA, Fall 2022. [slide]
- Topic: Program Analysis for IoT/CPS (Dynamic, Static Analysis, and Symbolic Execution), IoT/CPS Security (CS 590) Purdue University, West Lafayette, IN, USA, Spring 2022. [slide]
Teaching Assistant (TA)
- TA, Project Development (CS180 and CS251), Purdue University, West Lafayette, IN, USA, Fall 2019.
- TA, Software Design Methods (CSED332), POSTECH, Pohang, Republic of Korea, Fall 2014.
Talks
-
Defeating Cyber and Physical Attacks in Robotic Vehicles
Georgia Institute of Technology, Indiana University Bloomington, Purdue University,
University of Illinois at Urbana-Champaign, Washington University in St. Louis, University of Florida,
University of California, Santa Barbara, New Jersey Institute of Technology, CISPA Helmholtz Center for Information Security,
University of Maryland, Georgia State University, Arizona State University,
UNIST, Agency for Defense Development, Korea University,
POSTECH, KAIST, National Security Research Institute, Sejong University
-
PatchVerif: Discovering Faulty Patches in Robotic Vehicles [video]
32nd USENIX Security Symposium (USENIX security 2023), Anaheim, CA, USA, August 10, 2023.
-
Defeating Logic Bugs in Robotic Vehicles
POSTECH, Pohang, Korea, June 1, 2023.
UNIST, Ulsan, Korea, May 31, 2023.
Ohio State University, OH, USA, February 17, 2023 (link).
Purdue University, IN, USA, November 18, 2022 (preliminary examination).
New York University Abu Dhabi, UAE, November 10, 2022.
-
Logic Bug-Finding and Patching Tools
2nd Technology Innovation Institute (TII) Annual SSRC Research Partners Summit, Abu Dhabi, UAE, November 8, 2022.
-
PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles [video]
43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 25, 2022.
-
PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles [video]
28th Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, Feb 24, 2021.
-
Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage
32nd Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, Dec 8, 2016.
-
Exploring and Mitigating Privacy Threats of HTML5 Geolocation API
30th Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, USA, Dec 11, 2014.
-
I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata
Workshop among Asian Information Security Labs (WAIS), Shanghai, China, Jan 10, 2014.
Fellowships, Awards, and Honors
Best Poster Award, Midwest Security Workshop (MSW) 2025 (link, poster).
Distinguished Reviewer Award, ISOC Network and Distributed System Security Symposium (NDSS) 2025 (link).
Outstanding Reviewer Award, ISOC Symposium on Vehicle Security and Privacy (VehicleSec) 2024.
Noteworthy Reviewer, International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2023 (link).
CPS Rising Stars, CPS-VO@National Science Foundation, 2023 (link).
Outstanding Reviewer Award, ISOC Symposium on Vehicle Security and Privacy (VehicleSec) 2023.
IEEE S&P Student Travel Grant (US$1,300), San Francisco, California, USA, May, 2022.
CCS Student Conference Grant, Virtual Conference, November, 2021.
Ross Fellowship, Purdue University Graduate School, 2018.
ACSAC Student Conferenceship Award (US$1,200), New Orleans, Louisiana, USA, December, 2014.
Best Student Presentation Award, POSTECH CSE Student Workshop, 2014.
Semester High Honors, 2011 and 2012 2nd semester, University of Seoul.
Semester High Honors, 2007 2nd semester, Chonnam National University.
Ministry of Commerce, Industry and Energy grand prize (US$2,600), high school competitions in the field of computer science, 2004.
Professional Services
Organizing Committee
- ISOC Network and Distributed System Security Symposium (NDSS), Publication Chair, 2026
- USENIX Vehicle Security and Privacy (VehicleSec), General Chair, 2026
- Midwest Security Workshop (MSW), Organizing Committee Chair, 2025
- USENIX Vehicle Security and Privacy (VehicleSec), Publicity Chair, 2025
- ISOC Network and Distributed System Security Symposium (NDSS), Publication Chair, 2025
- ISOC Symposium on Vehicle Security and Privacy (VehicleSec), Travel Grant Chair, 2024
- Midwest Security Workshop (MSW), Organizing Committee Member, 2024
- ISOC Symposium on Vehicle Security and Privacy (VehicleSec), Travel Grant Chair, 2023
Program Committee
- IEEE Symposium on Security and Privacy (S&P) 2025, 2026
- ACM Conference on Computer and Communications Security (CCS) 2026
- Network and Distributed System Security Symposium (NDSS) 2025, 2026
- Annual Computer Security Applications Conference (ACSAC) 2025
- IEEE European Symposium on Security and Privacy (EuroS&P) 2024, 2025
- ACM ASIA Conference on Computer and Communications Security (ASIACCS) 2024
- European Symposium on Research in Computer Security (ESORICS) 2023
- International Symposium on Research in Attacks, Intrusions and Defenses (RAID) 2023, 2024, 2025
- ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2023
- International Conference on Applied Cryptography and Network Security (ACNS) 2024
- ISOC Symposium on Vehicle Security and Privacy (VehicleSec) 2023, 2024
- ISOC Workshop on Security and Privacy in Standardized IoT (SDIoTSec) 2025
- IEEE/ACM Workshop on the Internet of Safe Things (SafeThings) 2024
- Workshop of Designing Security for the Web (SecWeb) 2023
Artifact Evaluation Committee (AEC)
- USENIX Security Symposium (USENIX) 2022, 2023
- ACM Conference on Computer and Communications Security (CCS) 2023
- European Conference on Computer Systems (EuroSys) 2023
- Annual Computer Security Applications Conference (ACSAC) 2022
- ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2023
- USENIX Workshop on Offensive Technologies (WOOT) 2023
Journal Reviewer
- IEEE Transactions on Dependable and Secure Computing (TDSC), 2023
- IEEE Transactions on Information Forensics and Security (T-IFS), 2023, 2024
External Reviewer
- IEEE Symposium on Security and Privacy (S&P) 2021, 2022, 2024
- Network and Distributed System Security Symposium (NDSS) 2021, 2022, 2023, 2024
- USENIX Security Symposium (USENIX) 2022, 2023
- Annual Computer Security Applications Conference (ACSAC) 2021
- European Symposium on Research in Computer Security (ESORICS) 2021
- ACM ASIA Conference on Computer and Communications Security (ASIACCS) 2021, 2022
- Dependable Systems and Networks (DSN) 2020
- Security and Privacy in Communication Networks (SecureComm) 2020, 2023
- Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
- World Conference on Information Security Applications (WISA) 2014
Session Chair
- "Autonomous Vehicle Security" Session, Symposium on Vehicle Security and Privacy (VehicleSec 2025)
- "Electromagnetic Attacks" Session, Network and Distributed System Security Symposium (NDSS 2025)
- "Side and Covert Channels" Session, IEEE/ACM Workshop on the Internet of Safe Things (SafeThings 2024)
- "Firewall and IDS" Session, Symposium on Vehicle Security and Privacy (VehicleSec 2024)
- "Autonomous Driving Security" Session, Symposium on Vehicle Security and Privacy (VehicleSec 2023)
- "Robotic Vehicles Security" Session, Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022)
Volunteering participating in the international World Wide Web Conference 2014, April, 7-11, Seoul, Korea.
University Services
Services for College
- Hosting the Cybersecurity Reading Group at the Luddy School from August 2024 to now, Indiana University, Bloomington, Indiana, USA.
- Research presentation for incoming undergraduate researchers, Luddy Student Research Fair, August 27, 2024, Indiana University, Bloomington, Indiana, USA.
Services for Department
- Graduate education committee, 2024-2025, Indiana University, Bloomington, Indiana, USA.
- Master student admission committee, 2024-2025, Indiana University, Bloomington, Indiana, USA.
- "Discovering Faulty Patches in Robotic Vehicles", Prospective PhD Visit Day Poster Session, March 23, 2023, Purdue University, West Lafayette, Indiana, USA.
Reported Vulnerabilities/bugs
115 bugs in ArduPilot and PX4, discoverd by PatchVerif, 2023. (link)
207 bugs in ArduPilot, PX4, and Paparazzi, discoverd by PGFuzz, 2021. (link)
ArduPilot Bug #8783: NULL pointer dereference in libraries/AP_RangeFinder/AP_RangeFinder_BBB_PRU.cpp, July, 2018. (link)
ArduPilot Bug #8644: Memory leak in libraries/AP_HAL_ChibiOS/hwdef/common/posix.c, June, 2018. (link)
ArduPilot Bug #8642: Memory leak in libraries/AP_HAL_Linux/benchmarks/benchmark_videoin.cpp, June, 2018. (link)
ArduPilot Bug #8641: NULL pointer dereference in libraries/AP_HAL_F4Light/hardware/hal/timer.c, June, 2018. (link)
ArduPilot Bug #8640: Resource leak in libraries/AP_HAL/utility/srxl.cpp, June, 2018. (link)
Useful Resource
One of the biggest beautiful things of computer science is that you can freely find open educational resources on the Internet.
Cyber-physical System (CPS)
Robotics
Physical Sensor Attacks
Compiler/Program Analysis
Exploiting Vulnerabilities
Formal Method
Sources of Advice
Conference
Research Statement
PhD Defense
Academic Interviews
Postdoc
Research Grant & Funding
Personal
The places I have visited: China (Beijing and Shanghai), Japan (Tokyo and Fukuoka), Canada (Vancouver), the U.S. (New Orleans, Orlando, Denver, Seattle, Los Angeles, Las Vegas, Kansas City, Chicago, Indianapolis, Bloomington, New York, Louisville, San Diego, San Francisco, Washington DC, Ann Arbor, Anaheim, Irvine, Atlanta, Urbana–Champaign, St. Louis, Gainesville, Santa Barbara, and Newark), UAE (Abu Dhabi), Germany (Saarbrücken)
(The cities in each country are listed in the order I visited)
The universities I have visited: China (Peking University, Tsinghua University, and Fudan University), Japan (Tokyo Institute of Technology), the U.S. (University of Washington, University of Chicago, University of Illinois Chicago, Indiana University, Georgetown University, University of Michigan, Georgia Institute of Technology, University of Illinois Urbana-Champaign, Washington University in St. Louis, University of Florida, UC Santa Barbara, and NJIT), UAE (New York University Abu Dhabi), Germany (Saarland University)
(The universities in each country are listed in the order I visited)
Last updated: October 1, 2025