Publications

2025

DLBox: New Model Training Framework for Protecting Training Data (to appear)

Jaewon Hur, Juheon Yi, Cheolwoo Myung, Sangyun Kim, Youngki Lee, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2025

Laputa: Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution (to appear)

Byeongwook Kim, Jaewon Hur, Adil Ahmad, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2025

TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution (to appear)

Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

IEEE Symposium on Security and Privacy (SP) 2025

2024

PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux

Juhee Kim, Jinbum Park, Yoochan Lee, Chengyu Song, Taesoo Kim, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2024

OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access Reordering

Dae R. Jeong, Yewon Choi, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

ACM Symposium on Operating Systems Principles (SOSP) 2024

Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack

Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

BlackHat USA 2024

A Secure, Fast, and Resource-Efficient Serverless Platform with Function REWIND

Jaehyun Song, Bumsuk Kim, Minwoo Kwak, Byoungyoung Lee, Euiseong Seo, and Jinkyu Jeong

USENIX Annual Technical Conference (ATC) 2024

SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer

Gwangmu Lee, Duo Xu, Solmaz Salimi, Byoungyoung Lee, and Mathias Payer

ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2024

2023

Metamong: Detecting Render-update Bugs in Web Browsers through Fuzzing

Suhwan Song, and Byoungyoung Lee

ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2023

An Extensible Orchestration and Protection Framework for Confidential Cloud Computing

Adil Ahmad, Alex Schultz, Byoungyoung Lee, and Pedro Fonseca

USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2023

SEGFUZZ: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing

Dae R. Jeong, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

IEEE Symposium on Security and Privacy (SP) 2023

GRAMINER: Fuzz Testing Gramine LibOS to Harden the Trusted Computing Base

Jaewon Hur, and Byoungyoung Lee

Workshop on System Software for Trusted Execution (SysTEX) 2023

Extending a Hand to Attackers: Browser Privilege Escalation Attacks via Extensions

Young Min Kim, and Byoungyoung Lee

USENIX Security Symposium (Security) 2023

Pspray: Timing Side-Channel based Linux Kernel Heap Exploitation Technique

Yoochan Lee, Jinhan Kwak, Junesoo Kang, Yuseok Jeon, and Byoungyoung Lee

USENIX Security Symposium (Security) 2023

Diagnosing Kernel Concurrency Failures with AITIA

Dae R. Jeong, Minkyu Jung, Yoochan Lee, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

ACM EuroSys Conference (EuroSys) 2023

2022

Perfect Spray: A Journey From Finding a New Type of Logical Flaw at Linux Kernel To Developing a New Heap Exploitation Technique

Yoochan Lee, Byoungyoung Lee, Yuseok Jeon, Jinhan Kwak, and Junesoo Kang

BlackHat Europe 2022

SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities

Jaewon Hur, Suhwan Song, Sunwoo Kim, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2022

FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing

Sunwoo Kim, Young Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, and Byoungyoung Lee

USENIX Security Symposium (Security) 2022

SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis

Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Yuxuan Chen, Chengyu Song, Byoungyoung Lee, Heng Yin, and Insik Shin

USENIX Security Symposium (Security) 2022

MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference

Cheolwoo Myung, Gwangmu Lee, and Byoungyoung Lee

USENIX Security Symposium (Security) 2022

R2Z2: Detecting Rendering Regressions in Web Browsers through Differential Fuzz Testing

Suhwan Song, Jaewon Hur, Sunwoo Kim, Philip Rogers, and Byoungyoung Lee

IEEE/ACM International Conference on Software Engineering (ICSE) 2022

FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks

Kyungtae Kim, Taegyu Kim, Ertza Warraich, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, and Dave (Jing) Tian

IEEE Symposium on Security and Privacy (SP) 2022

2021

DiFuzzRTL: Differential Fuzz Testing to Find CPU Bugs

Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, and Byoungyoung Lee

IEEE Symposium on Security and Privacy (SP) 2021

ExpRace: Exploiting Kernel Races through Raising Interrupts

Yoochan Lee, Changwoo Min, and Byoungyoung Lee

USENIX Security Symposium (Security) 2021

Constraint-guided Directed Greybox Fuzzing

Gwangmu Lee, Woochul Shim, and Byoungyoung Lee

USENIX Security Symposium (Security) 2021

M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles

Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave Tian

USENIX Security Symposium (Security) 2021

KARD: Lightweight Data Race Detection with Per-Thread Memory Protection

Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee

International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2021

Chancel: Efficient Multi-client Isolation Under Adversarial Programs

Adil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2021

2020

BlackMirror: Preventing Wallhacks in 3D Online FPS Games

Seonghyun Park, Adil Ahmad, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2020

TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA

Hyunyoung Oh, Adil Ahmad, Seonghyun Park, Byoungyoung Lee, and Yunheung Paek

ACM Conference on Computer and Communications Security (CCS) 2020

Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors

Kyungtae Kim, Chung Hwan Kim, Junghwan Rhee, Xiao Yu, Haifeng Chen, Dave Tian, and Byoungyoung Lee

ACM Symposium on Cloud Computing (SoCC) 2020

A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains

Duc V. Le, Lizzy Tengana Hurtado, Adil Ahmad, Mohsen Minaei, Byoungyoung Lee, and Aniket Kate

Privacy Enhancing Technologies Symposium (PETS) 2020

CrFuzz: Fuzzing Multi-purpose Programs through Input Validation

Suhwan Song, Chengyu Song, Yeongjin Jang, and Byoungyoung Lee

ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2020

Exploiting Kernel Races through Taming Thread Interleaving

Yoochan Lee, Changwoo Min, and Byoungyoung Lee

BlackHat USA 2020

HFL: Hybrid Fuzzing on the Linux Kernel

Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2020

2019

uXOM: Efficient eXecute-Only Memory on ARM Cortex-M

Donghyun Kwon, Jangseop Shin, Giyeol Kim, Byoungyoung Lee, Yeongpil Cho, and Yunheung Paek

USENIX Security Symposium (Security) 2019

All Your Clicks Belong to Me: Investigating Click Interception on the Web

Mingxue Zhang, Wei Meng, Sangho Lee, Byoungyoung Lee, and Xinyu Xing

USENIX Security Symposium (Security) 2019

Razzer: Finding Kernel Race Bugs through Fuzzing

Dae R. Jeong, Kyungtae Kim, Basavesh Ammanaghatta Shivakumar, Byoungyoung Lee, and Insik Shin

IEEE Symposium on Security and Privacy (SP) 2019

PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications

Yuseok Jeon, Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, and Zhenyu Wu

ACM Conference on Data and Application Security and Privacy (CODASPY) 2019

OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX

Adil Ahmad, Byunggill Joe, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2019

2018

Obliviate: A Data Oblivious Filesystem for Intel SGX

Adil Ahmad, Kyungtae Kim, Muhammad Sarfaraz, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2018

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Chunghwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu

Network and Distributed System Security Symposium (NDSS) 2018

Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing

Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, and Insik Shin

Network and Distributed System Security Symposium (NDSS) 2018

2017

HexType: Efficient Detection of Type Confusion Errors for C++

Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, and Mathias Payer

ACM Conference on Computer and Communications Security (CCS) 2017

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems

Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim

USENIX Annual Technical Conference (ATC) 2017

SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs

Jaebaek Seo, Byoungyoung Lee, Sungmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim

Network and Distributed System Security Symposium (NDSS) 2017

2016

Instant OS Updates via Userspace Checkpoint-and-Restart

Sanidhya Kashyap, Changwoo Min, Byoungyoung Lee, Taesoo Kim, and Pavel Emelyanov

USENIX Annual Technical Conference (ATC) 2016

HDFI: Hardware-assisted Data-Flow Isolation

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek

IEEE Symposium on Security and Privacy (SP) 2016

TrackMeOrNot: Enabling Flexible Control on Web Tracking

Wei Meng, Byoungyoung Lee, Xinyu Xing, and Wenke Lee

International Conference on World Wide Web (WWW) 2016

Enforcing Kernel Security Invariants with Data Flow Integrity

Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee

Network and Distributed System Security Symposium (NDSS) 2016

2015

ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks

Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee

ACM Conference on Computer and Communications Security (CCS) 2015

Cross-checking Semantic Correctness: The Case of Finding File System Bugs

Changwoo Min, Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, and Taesoo Kim

ACM Symposium on Operating Systems Principles (SOSP) 2015

Type Casting Verification: Stopping an Emerging Attack Vector

Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee

USENIX Security Symposium (Security) 2015

Understanding Malvertising Through Ad-Injecting Browser Extensions

Xinyu Xing, Wei Meng, Byoungyoung Lee, Udi Weinsberg, Anmol Sheth, Roberto Perdisci, and Wenke Lee

International Conference on World Wide Web (WWW) 2015

Preventing Use-after-free with Dangling Pointers Nullification

Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee

Network and Distributed System Security Symposium (NDSS) 2015

2014

Abusing Performance Optimization Weaknesses to Bypass ASLR

Byoungyoung Lee, Yeongjin Jang, Tielei Wang, Chengyu Song, Long Lu, Taesoo Kim, and Wenke Lee

BlackHat USA 2014

Exploiting Unpatched iOS Vulnerabilities for Fun and Profit

Yeongjin Jang, Tielei Wang, Byoungyoung Lee, and Billy Lau

BlackHat USA 2014

From Zygote to Morula: Fortifying weakened ASLR on Android

Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee

IEEE Symposium on Security and Privacy (SP) 2014

2011

Protecting Location Privacy Using Location Semantics

Byoungyoung Lee, Jinoh Oh, Hwanjo Yu, and Jong Kim

ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) 2011

2010

binOb+: A Framework for Potent and Stealthy Binary Obfuscation

Byoungyoung Lee, Yuna Kim, and Jong Kim

ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2010