Secure Systems Lab @ Yonsei University
Current Research Topics
Automated Vulnerability Scanning Systems
This research agenda is centered around enhancing the security of software systems by identifying and fixing vulnerabilities. We aim to achieve this goal by developing novel system-level techniques that can automatically detect latent vulnerabilities in low-level software. Our focus lies in improving the effectiveness, efficiency, or both, of vulnerability discovery. Our efforts have resulted in several notable contributions, including ReUSB [USENIX Security '23], Agamotto [USENIX Security '20], and PeriScope [NDSS '19]. These advancements have significantly improved the efficiency and effectiveness of OS kernel vulnerability scanning. Additionally, our survey paper [IEEE S&P '19] examines code sanitization techniques for low-level programming languages such as C/C++, showcasing our comprehensive efforts in this domain.
Trustworthy & Privacy-Preserving AI Systems
As software systems (including machine learning systems) handle increasingly sensitive data, such as personal and copyrighted information, it becomes crucial to ensure their protection within a trusted execution environment that is well-isolated from potential attackers. To address this challenge, this research agenda focuses on the design and implementation of systems that leverage hardware security features like ARM TrustZone as well as software techniques including compiler-based approaches to achieve trustworthy and confidential computing. An example of our work in this area is GuardiaNN [Middleware '22], which showcases our efforts in realizing these objectives.
Learning-based Binary Reverse Engineering
Reverse engineering is a labor-intensive task that heavily relies on human effort. While several automated solutions have been proposed, many of them rely on heuristics. Although heuristics serve as practical approximations of the decision-making process of skilled reverse engineers, they are not without limitations. In our ongoing project, we are actively investigating this research area with the goal of exploring novel approaches that leverage state-of-the-art machine learning techniques to address various challenges in reverse engineering. As a result of our research efforts, we developed XBA [ISSTA '22], which demonstrates our contribution in this direction.