Hyungsub Kim

HAAS 274
PurSec Lab
305 N. University Street
West Lafayette, IN 47907

[Email] [Curriculum vitae] [Google Scholar Profile] [Twitter]

Introduction

Hello, I am a fourth-year Ph.D. student in Department of Computer Science at Purdue University. I am co-advised by Prof. Dongyan Xu, Prof. Antonio Bianchi, and Prof. Z. Berkay Celik. Before joining the Ph.D. program I was a researcher at Agency for Defense Development. I received my M.S. from POSTECH under the supervision of Prof. Jong Kim. My research interests are all aspects of computer security including Cyber-Physical Systems security, systems security, and web security.

Education

Purdue University, West Lafayette, IN, USA
- Ph.D. in Computer Science
- May. 2018 -

POSTECH, Pohang, Republic of Korea
- M.S. in Computer Science and Engineering
- Mar. 2013 - Feb. 2015

University of Seoul, Seoul, Republic of Korea
- B.S. in School of Computer Science
- Mar. 2011 - Feb. 2013

Chonnam National University, Gwangju, Republic of Korea
- Department of Mathematics
- Mar. 2005 - Feb. 2011

Pyeongchon Information Industry High School, Anyang, Republic of Korea
- Department of Information Processing
- Mar. 2002 - Feb. 2005

Work experience

Researcher, 3rd R&D Institute (Intelligence, Surveillance and Reconnaissance), Agency for Defense Development (2015.3 - 2018.3).
Auxiliary Policeman (as mandatory military service), Gwangju Metropolitan Police Agency (2007.7 - 2009.5).

Publications

Conference

PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles [pdf] [teaser video] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
43rd IEEE Symposium on Security and Privacy (Oakland) (S&P 2022), San Francisco, California, USA, May 23-26, 2022.
(acceptance rate: TBA)

M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [pdf] [github]
Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian
30th USENIX Security Symposium (Security) (USENIX 2021), Vancouver, British Columbia, Canada, August 11-13, 2021.
(acceptance rate: 246/1316=18.7%)

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles [pdf] [slide] [video] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
28th Network and Distributed System Security Symposium (NDSS 2021), San Diego, California, USA, February 21-24, 2021.
(acceptance rate: 87/573=15.2%)

Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage [pdf] [slide] [web page] [passive attack video] [active attack video]
Hyungsub Kim, Sangho Lee, and Jong Kim
32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, California, USA, December 5-9, 2016.
(acceptance rate: 48/210=22.8%)

Identifying Cross-origin Resource Status Using Application Cache [pdf] [demo video]
Sangho Lee, Hyungsub Kim, and Jong Kim
22nd Network and Distributed System Security Symposium (NDSS 2015), San Diego, California, USA, February 8-11, 2015.
(acceptance rate: 50/302=16.6%)

Exploring and Mitigating Privacy Threats of HTML5 Geolocation API [pdf] [slide] [demo video]
Hyungsub Kim, Sangho Lee, and Jong Kim
30th Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, Louisiana, USA, December 8-12, 2014.
(acceptance rate: 47/236=19.9%)

Workshop

Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles [pdf] [github]
Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
4th International Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022), San Diego, California, USA, April 24, 2022.

Thesis

Privacy Threats in HTML5 Geolocation API: Case Studies and Countermeasures [pdf]
Master's Thesis, Department of Computer Science and Engineering, POSTECH, 2015.

Interdisciplinary Work

Community-based death preparation and education: A scoping review [pdf]
Sungwon Park, Hyungkyung Kim, Min Kyeong Jang, Hyungsub Kim, Rebecca Raszewski & Ardith Z. Doorenbos
Death Studies, March 11, 2022.

Research Projects

2017.7 - 2018.3: Automatic Video-based Target Detection and Classification, Agency for Defense Development (ADD).

2015.11 - 2017.10: Real-time Target Geo-positioning on multiple Videos, Agency for Defense Development (ADD).

2014.10 - 2014.12: Context-aware Unified IoT Platform for Security and Privacy, Samsung.

2014.4 - 2014.12: Resilient Cyber-Physical Systems Research, Ministry of Science, ICT and Future Planning (MSIP).

2013.9 - 2013.12: Next Generation Web Browser, Samsung.

Technical Experiences

ACSAC paper (2014). developed fine-grained permission and location models, and by inspecting the location sensitivity of each web page. JAVA, Android

Advanced Operating System (2013). modified Linux kernel to support I/O alignment for solid-state drives (SSD). C

Technical Skills

Programming Languages
- C, C++, C#, JAVA, Python, TensorFlow, MATLAB, JavaScript, HTML (good)
- Shell scripts (Bash and PowerShell), SQL, Maple, LaTeX (intermediate)

Miscellaneous Availabilities
- Linux, SubVersion/Git

Honors and Awards

IEEE S&P Student Travel Grant (US$1,300), San Francisco, California, USA, May, 2022.

CCS Student Conference Grant, Virtual Conference, November, 2021.

Ross Fellowship, Purdue University Graduate School, 2018.

ACSAC Student Conferenceship Award (US$1,200), New Orleans, Louisiana, USA, December, 2014.

Best Student Presentation Award, POSTECH CSE Student Workshop, 2014.

Semester High Honors, 2011 and 2012 2nd semester, University of Seoul.

Semester High Honors, 2007 2nd semester, Chonnam National University.

Ministry of Commerce, Industry and Energy grand prize (US$2,600), high school competitions in the field of computer science, 2004.

Professional Activities

Artifact Evaluation Committee (AEC)

USENIX Security Symposium (USENIX) 2022

External Reviewer

IEEE Symposium on Security and Privacy (Oakland) 2021, 2022
Network and Distributed System Security Symposium (NDSS) 2021, 2022
USENIX Security Symposium (USENIX) 2022
Annual Computer Security Applications Conference (ACSAC) 2021
European Symposium on Research in Computer Security (ESORICS) 2021
ACM ASIA Conference on Computer and Communications Security (ASIACCS) 2021, 2022
Dependable Systems and Networks (DSN) 2020
Security and Privacy in Communication Networks (SecureComm) 2020
Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
World Conference on Information Security Applications (WISA) 2014

Session Chair

Robotic Vehicles Security in Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022)

Volunteering participating in the international World Wide Web Conference 2014, April, 7-11, Seoul, Korea.

Teaching Experience

Guest Lecturer

Topic: Program Analysis for IoT/CPS (Dynamic, Static Analysis, and Symbolic Execution), IoT/CPS Security (CS 590) Purdue University, West Lafayette, IN, USA, Spring 2022.

Teaching Assistant (TA)

TA, Project Development (CS180 and CS251), Purdue University, West Lafayette, IN, USA, Fall 2019.
TA, Software Design Methods (CSED332), POSTECH, Pohang, Republic of Korea, Fall 2014.

Reported Vulnerabilities/bugs

207 bugs in ArduPilot, PX4, and Paparazzi, 2020. (link)

ArduPilot Bug #8783: NULL pointer dereference in libraries/AP_RangeFinder/AP_RangeFinder_BBB_PRU.cpp, July, 2018. (link)

ArduPilot Bug #8644: Memory leak in libraries/AP_HAL_ChibiOS/hwdef/common/posix.c, June, 2018. (link)

ArduPilot Bug #8642: Memory leak in libraries/AP_HAL_Linux/benchmarks/benchmark_videoin.cpp, June, 2018. (link)

ArduPilot Bug #8641: NULL pointer dereference in libraries/AP_HAL_F4Light/hardware/hal/timer.c, June, 2018. (link)

ArduPilot Bug #8640: Resource leak in libraries/AP_HAL/utility/srxl.cpp, June, 2018. (link)

Personal

The places I have visited: China (Beijing and Shanghai), Japan (Tokyo and Fukuoka), Canada (Vancouver), the U.S. (New Orleans, Orlando, Denver, Seattle, Los Angeles, Las Vegas, Kansas City, Chicago, Indianapolis, New York, Louisville, and San Diego)

The cities in each country are listed in the order I visited.

Last updated: April 18, 2022