CompSec

Computer Security Lab at Seoul National University

Our research group works on general computer security and privacy problems. In particular, our research focus is systems security or systems hacking for commodity systems—desining and implementing secure systems for operating systems (Windows, Linux, Mac OS X) or user applications (Chrome, Firefox, Apache), or identifying or exploiting new vulnerabilities in popular computer systems.

Latest Updates

  • Aug 4, 2023: Metamong is accepted to ESEC/FSE 2023!
  • May 19, 2023: eOPF is accepted to OSDI 2023!
  • May 19, 2023: SegFuzz is accepted to IEEE S&P 2023!
  • Feb 2, 2023: FistBump is accepted to USENIX Security 2023!
  • Dec 8, 2022: Yoochan presented Perfect Spray at BlackHat EU. Note that this is the short-version of the full paper, PSpray, which will be presented at USENIX Security 23.
  • Aug 27, 2022: SpecDoctor is accepted to ACM CCS 2022!
  • Aug 27, 2022: AITIA is accepted to EuroSys 2023!
  • Jul 28, 2022: Youngjoo Lee received the bug bounty reward from Google Chrome: Use after free in Views (CVE-2022-2481)
  • Jul 28, 2022: Pspray is accepted to USENIX Secrutiy 2023!
  • May 25, 2022: Two papers, FuzzOrigin and SYMSAN, have been accepted to USENIX Security 2022!
  • May 11, 2022: Suhwan Song is interning at Google in San Francisco this summer, incorporating his R2Z2 into the Chrome development infrastructure.
  • Apr 01, 2022: Suhwan Song received the bug bounty reward ($3,000): Chrome: the contents of iframe is placed outside of iframe when CSS “column-width” is defined in main frame
  • Mar 22, 2022: Yoochan Lee received the bug bounty reward ($34,000): macOS - Kernel heap overflow leads to Local Privilege Escalation
  • Mar 09, 2022: Young Min Kim received the bug bounty reward ($3,133.7): Google Translate - Extension vulnerabilty
  • Mar 02, 2022: Yoochan Lee received the bug bounty reward ($10,000): Solidly - Drain tremendous funds using invalid type casting
  • Mar 01, 2022: R2Z2 has been accepted to ICSE 2022!
  • Mar 01, 2022: MundoFuzz has been accepted to USENIX Security 2022!
  • Feb 22, 2022: Young Min Kim received the bug bounty reward ($1,000): Metamask - Extension vulnerability
  • Feb 01, 2022: Young Min Kim received the bug bounty reward ($2,000): Mozilla Firefox - Side-channel attack against autofill preview (CVE-2022-26382)
  • Jan 11, 2022: Young Min Kim received the bug bounty reward ($1,400): Naver Whale - Component extension vulnerabilities (CVE-2022-24071, CVE-2022-24072, CVE-2022-24073, CVE-2022-24074, CVE-2022-24075)
  • Dec 15, 2021: Young Min Kim received the bug bounty reward ($1,000): Microsoft Edge - Tampering vulnerability (CVE-2022-23261)
  • Dec 07, 2021: Sunwoo Kim and Young Min Kim received the bug bounty reward ($3,000): Mozilla Firefox - URL Leakage (CVE-2021-43536)
  • Nov 24, 2021: Young Min Kim received the bug bounty reward ($4,000) Google Chrome - Side-channel attack against autofill preview (CVE-2022-0109)
  • Aug 17, 2021: Byoungyoung gave a talk at Samsung Security Tech Forum 2021
  • Mar 23, 2021: DiFuzzRTL has been accepted to IEEE S&P 2021!