PatchVerif: Discovering Faulty Patches in Robotic Vehicles [pdf] Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu 32nd USENIX Security Symposium (USENIX 2023), Anaheim, California, USA, August 9-11, 2023.
(acceptance rate: TBA)
PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles [pdf] [slide] [teaser video] [video] [github] Hyungsub Kim, Muslum Ozgur Ozmen, Z. Berkay Celik, Antonio Bianchi, Dongyan Xu 43rd IEEE Symposium on Security and Privacy (Oakland) (S&P 2022), San Francisco, California, USA, May 23-26, 2022.
(acceptance rate: 147/1012=14.5%)
M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [pdf] [github]
Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, Dave (Jing) Tian 30th USENIX Security Symposium (USENIX 2021), Vancouver, British Columbia, Canada, August 11-13, 2021.
(acceptance rate: 246/1316=18.7%)
PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles [pdf] [slide] [video] [github] Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu 28th Network and Distributed System Security Symposium (NDSS 2021), San Diego, California, USA, February 21-24, 2021.
(acceptance rate: 87/573=15.2%)
Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage [pdf] [slide] [web page] [passive attack video] [active attack video] Hyungsub Kim, Sangho Lee, and Jong Kim 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, California, USA, December 5-9, 2016.
(acceptance rate: 48/210=22.8%)
Identifying Cross-origin Resource Status Using Application Cache [pdf] [demo video]
Sangho Lee, Hyungsub Kim, and Jong Kim 22nd Network and Distributed System Security Symposium (NDSS 2015), San Diego, California, USA, February 8-11, 2015.
(acceptance rate: 50/302=16.6%)
Exploring and Mitigating Privacy Threats of HTML5 Geolocation API [pdf] [slide] [demo video] Hyungsub Kim, Sangho Lee, and Jong Kim 30th Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, Louisiana, USA, December 8-12, 2014.
(acceptance rate: 47/236=19.9%)
Workshop
Demo: Policy-based Discovery and Patching of Logic Bugs in Robotic Vehicles [pdf] [demo video] [github] Hyungsub Kim, Muslum Ozgur Ozmen, Antonio Bianchi, Z. Berkay Celik, Dongyan Xu 4th International Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022), San Diego, California, USA, April 24, 2022.
Thesis
Privacy Threats in HTML5 Geolocation API: Case Studies and Countermeasures [pdf]
Master's Thesis, Department of Computer Science and Engineering, POSTECH, 2015.
Interdisciplinary Work
Community-based death preparation and education: A scoping review [pdf]
Sungwon Park, Hyungkyung Kim, Min Kyeong Jang, Hyungsub Kim, Rebecca Raszewski & Ardith Z. Doorenbos Death Studies, March 11, 2022.
Talks
Defeating Logic Bugs in Robotic Vehicles
New York University Abu Dhabi, UAE, November 10, 2022.
Purdue University, USA, November 18, 2022 (preliminary examination).
Logic Bug-Finding and Patching Tools
2nd Technology Innovation Institute (TII) Annual SSRC Research Partners Summit, Abu Dhabi, UAE, November 8, 2022.
PGPATCH: Policy-Guided Logic Bug Patching for Robotic Vehicles
43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 25, 2022.
PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles
28th Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, Feb 24, 2021.
Inferring Browser Activity and Status Through Remote Monitoring of Storage Usage
32nd Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, Dec 8, 2016.
Exploring and Mitigating Privacy Threats of HTML5 Geolocation API
30th Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, USA, Dec 11, 2014.
I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata
Workshop among Asian Information Security Labs (WAIS), Shanghai, China, Jan 10, 2014.
Research Projects
2017.7 - 2018.3: Automatic Video-based Target Detection and Classification, Agency for Defense Development (ADD).
2015.11 - 2017.10: Real-time Target Geo-positioning on multiple Videos, Agency for Defense Development (ADD).
2014.10 - 2014.12: Context-aware Unified IoT Platform for Security and Privacy, Samsung.
2014.4 - 2014.12: Resilient Cyber-Physical Systems Research, Ministry of Science, ICT and Future Planning (MSIP).
2013.9 - 2013.12: Next Generation Web Browser, Samsung.
Technical Experiences
ACSAC paper (2014). developed fine-grained permission and location models, and by inspecting the location sensitivity of each web page. JAVA, Android
Advanced Operating System (2013). modified Linux kernel to support I/O alignment for solid-state drives (SSD). C
Technical Skills
Programming Languages
C, C++, C#, JAVA, Python, TensorFlow, MATLAB, JavaScript, HTML (good)
Shell scripts (Bash and PowerShell), SQL, Maple, LaTeX (intermediate)
Miscellaneous Availabilities
Linux, SubVersion/Git
Honors and Awards
IEEE S&P Student Travel Grant (US$1,300), San Francisco, California, USA, May, 2022.
European Symposium on Research in Computer Security (ESORICS) 2021
ACM ASIA Conference on Computer and Communications Security (ASIACCS) 2021, 2022
Dependable Systems and Networks (DSN) 2020
Security and Privacy in Communication Networks (SecureComm) 2020
Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
World Conference on Information Security Applications (WISA) 2014
Session Chair
Robotic Vehicles Security in Workshop on Automotive and Autonomous Vehicle Security (AutoSec 2022)
Volunteering participating in the international World Wide Web Conference 2014, April, 7-11, Seoul, Korea.
Teaching Experience
Guest Lecturer
Topic: Static Analysis, Software Security (CS 490) Purdue University, West Lafayette, IN, USA, Fall 2022.
Topic: Program Analysis for IoT/CPS (Dynamic, Static Analysis, and Symbolic Execution), IoT/CPS Security (CS 590) Purdue University, West Lafayette, IN, USA, Spring 2022.
Teaching Assistant (TA)
TA, Project Development (CS180 and CS251), Purdue University, West Lafayette, IN, USA, Fall 2019.
TA, Software Design Methods (CSED332), POSTECH, Pohang, Republic of Korea, Fall 2014.
Reported Vulnerabilities/bugs
207 bugs in ArduPilot, PX4, and Paparazzi, 2020. (link)
The places I have visited: China (Beijing and Shanghai), Japan (Tokyo and Fukuoka), Canada (Vancouver), the U.S. (New Orleans, Orlando, Denver, Seattle, Los Angeles, Las Vegas, Kansas City, Chicago, Indianapolis, New York, Louisville, San Diego, San Francisco, and Washington DC), UAE (Abu Dhabi)
(The cities in each country are listed in the order I visited)
The universities I have visited: China (Peking University, Tsinghua University, and Fudan University), Japan (Tokyo Institute of Technology), the U.S. (University of Washington, University of Chicago, University of Illinois Chicago, Indiana University, and Georgetown University), UAE (New York University Abu Dhabi)
(The universities in each country are listed in the order I visited)