Hyungsub Kim (김형섭) HAAS 274 FRIENDS and PurSec Lab 305 N. University Street West Lafayette, IN 47907 [Curriculum vitae] [Google Scholar Profile] [Robotic Vehicle Software Tutorial]

About Me

Recent News

• [Feb 17 2023] I will give a talk on robotic vehicle security at Ohio State University.
• [Nov 18 2022] I passed my preliminary examination, which means that I'm a Ph.D. candidate from now on!
• [Nov 10 2022] I gave a talk on robotic vehicle security at NYU Abu Dhabi.
• [Oct 2022] I'm a program committee member of WiSec 2023. (Please consider submitting your work in here)
• [Oct 2022] It's my pleasure to serve VehicleSec 2023 as a travel grant chair (Apply for the travel grant at here).

Education

• Purdue University, West Lafayette, IN, USA
  • Ph.D. in Computer Science
  • May. 2018 -


• POSTECH, Pohang, Republic of Korea
  • M.S. in Computer Science and Engineering
  • Mar. 2013 - Feb. 2015


• University of Seoul, Seoul, Republic of Korea
  • B.S. in School of Computer Science
  • Mar. 2011 - Feb. 2013


• Chonnam National University, Gwangju, Republic of Korea
  • Department of Mathematics
  • Mar. 2005 - Feb. 2011


• Pyeongchon Information Industry High School, Anyang, Republic of Korea
  • Department of Information Processing
  • Mar. 2002 - Feb. 2005

Work Experience

• Researcher, 3rd R&D Institute (Intelligence, Surveillance and Reconnaissance), Agency for Defense Development (2015.3 - 2018.3).
• Auxiliary Policeman (as mandatory military service), Gwangju Metropolitan Police Agency (2007.7 - 2009.5).

Publications

Conference

• PatchVerif: Discovering Faulty Patches in Robotic Vehicles [pdf]
  Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
  32nd USENIX Security Symposium (USENIX 2023), Anaheim, California, USA, August 9-11, 2023.
  (acceptance rate: TBA)


• PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles [pdf] [slide] [teaser video] [video] [github]
  Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu
  43rd IEEE Symposium on Security and Privacy (Oakland) (S&P 2022), San Francisco, California, USA, May 23-26, 2022.
  (acceptance rate: 147/1012=14.5%)


• M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [pdf] [github]
  Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian
  30th USENIX Security Symposium (USENIX 2021), Vancouver, British Columbia, Canada, August 11-13, 2021.
  (acceptance rate: 246/1316=18.7%)


• PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles [pdf] [slide] [video] [github]
  Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
  28th Network and Distributed System Security Symposium (NDSS 2021), San Diego, California, USA, February 21-24, 2021.
  (acceptance rate: 87/573=15.2%)


• Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage [pdf] [slide] [web page] [passive attack video] [active attack video]
  Hyungsub Kim, Sangho Lee, and Jong Kim
  32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, California, USA, December 5-9, 2016.
  (acceptance rate: 48/210=22.8%)


• Identifying Cross-origin Resource Status Using Application Cache [pdf] [demo video]
  Sangho Lee, Hyungsub Kim, and Jong Kim
  22nd Network and Distributed System Security Symposium (NDSS 2015), San Diego, California, USA, February 8-11, 2015.
  (acceptance rate: 50/302=16.6%)


• Exploring and Mitigating Privacy Threats of HTML5 Geolocation API [pdf] [slide] [demo video]
  Hyungsub Kim, Sangho Lee, and Jong Kim
  30th Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, Louisiana, USA, December 8-12, 2014.
  (acceptance rate: 47/236=19.9%)

Workshop

• Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles [pdf] [demo video] [github]
  Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu
  4th International Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022), San Diego, California, USA, April 24, 2022.
  

Thesis

• Privacy Threats in HTML5 Geolocation API: Case Studies and Countermeasures [pdf]
  Master's Thesis, Department of Computer Science and Engineering, POSTECH, 2015.
  

Interdisciplinary Work

• Community-based death preparation and education: A scoping review [pdf]
  Sungwon Park, Hyungkyung Kim, Min Kyeong Jang, Hyungsub Kim, Rebecca Raszewski & Ardith Z. Doorenbos
  Death Studies, March 11, 2022.
  

Talks

• Defeating Logic Bugs in Robotic Vehicles
  New York University Abu Dhabi, UAE, November 10, 2022.
  Purdue University, USA, November 18, 2022 (preliminary examination).


• Logic Bug-Finding and Patching Tools
  2nd Technology Innovation Institute (TII) Annual SSRC Research Partners Summit, Abu Dhabi, UAE, November 8, 2022.


• PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
  43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 25, 2022.


• PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
  28th Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, Feb 24, 2021.


• Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage
  32nd Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, Dec 8, 2016.


• Exploring and Mitigating Privacy Threats of HTML5 Geolocation API
  30th Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, USA, Dec 11, 2014.


• I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata
  Workshop among Asian Information Security Labs (WAIS), Shanghai, China, Jan 10, 2014.

Research Projects

Technical Experiences

Technical Skills

• Programming Languages
  • C, C++, C#, JAVA, Python, TensorFlow, MATLAB, JavaScript, HTML (good)
  • Shell scripts (Bash and PowerShell), SQL, Maple, LaTeX (intermediate)


• Miscellaneous Availabilities
  • Linux, SubVersion/Git

Honors and Awards

Professional Activities

Teaching Experience

Useful Resource

• How to emulate embedded devices? QEMU internals
• How to implement dynamic analysis on top of QEMU? PANDA
• How to control drones? Control theory
• How to convert errors into commands? PID control
• How to do sensor fusion? (1) Kalman Filters
• How to do sensor fusion? (2) Complementary Filter
• How to simulate drones? Intelligent quads tutorials
• How to read sensor datasheets? Read a gyro datasheet

• Introduction to Robotics@Princeton

• Software Defined Radio with HackRF
• RF spectrum with GNU radio
• GPS spoofing
• GPS jamming
• Open-sourced Global Navigation Satellite Systems software-defined receiver

• Advanced Compilers@Cornell (Adrian Sampson)
• Learning and Teaching Software Analysis and Verification via SVF@UTS (Yulei Sui)
• Software Analysis Lectures@UPenn (Mayur Naik)

• Information Security Lab (CTF)@Gatech (Taesoo Kim)

• Experienced people's opinions are always useful!
• Advice for researchers and students (Michael Ernst@UW)
• The academic job search for computer scientists in 10 questions (Nicolas Papernot and Elissa M. Redmiles)
• Computer science graduate job and interview guide (Wes Weimer@UM, Claire Le Goues@CMU, Zak Fry@GrammaTech, Kevin Leach@VU, Yu Huang@VU, and Kevin Angstadt@St. Lawrence U)
• Feibelman, Peter J, "A PhD Is Not Enough!: A Guide to Survival in Science"
• Build an open source tool/library as a grad student (Devin Petersohn)

• Security and Privacy Conference Deadlines
• Software Engineering Conference Deadlines
• Systematization of Knowledge (SoK)

• Hints for PhD Defenses (Columbia)
• Outline for presentations at final exams (NPS)
• An example slide deck (Yale)
• PhD Dissertation Defense Slides Design: Example slides (CMU)

Personal