Publications
◆ INTERNATIONAL CONFERENCE PUBLICATIONS
V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-source Software Components Using Code Classification Techniques
32nd USENIX Security Symposium (Security 2023)
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components
31st USENIX Security Symposium (Security 2022)
L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing
52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022)
DICOS: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User Discussions
Annual Computer Security Applications Conference (ACSAC 2021)
V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
30th USENIX Security Symposium (Security 2021)
OctoPoCs: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
51st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)
CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse
43rd International Conference on Software Engineering (ICSE 2021)
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
38th IEEE Symposium on Security and Privacy (S&P 2017)
◆ INTERNATIONAL JOURNAL PUBLICATIONS
ZMAD: Lightweight Model-based Anomaly Detection for the Structured Z-Wave Protocol
IEEE ACCESS (2023, IF:3.476)
[acceptance rate: N/A] [link]
CIRCUIT: A JavaScript Memory Heap-Based Approach for Precisely Detecting Cryptojacking Websites
IEEE ACCESS (2022, IF:3.476)
xVDB: A High-Coverage Approach for Constructing a Vulnerability Database
IEEE ACCESS (2022, IF:3.476)
◆ OTHERS
Blockchain Security Threats and Analysis in the Web 3.0 Era
KISA INSIGHT (2023)
[acceptance rate: N/A]
Trends in Open-source Software Vulnerability Analysis and Detection Technology
OSIA Standards & Technology Review (2022)
[acceptance rate: N/A]
Open-source Software Vulnerability Detection Techniques for Enhancing Supply Chain Security
Review of KIISC (2022)
[acceptance rate: N/A]
Poster: IoTcube: an automated analysis platform for finding security vulnerabilities
38th IEEE Symposium on Poster presented at Security and Privacy (S&P Poster 2017)
[acceptance rate: N/A] [paper]
Experiences
Projects
Patents/Standards
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Structured Software Vulnerability Database Information Expression for Vulnerability Detection and Resolution
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Open-Source Contributions
Apple (Fixing Security Vulnerabilities) - with Haram Park
Xpdf (Fixing Security Vulnerabilities) - with Seongkyeong Kwon
Stepmania (Fixing Security Vulnerabilities) - with Seongkyeong Kwon
Redis (Fixing Security Vulnerabilities)
Godot (Fixing Security Vulnerabilities)
LibGDX (Fixing Security Vulnerabilities)
Talks and Presentations
NetSec-KR (Apr 2023)
Talk at Blockchain Grand Week (Dec 2022)
Talk at UNIST (Dec 2022)
Talk at IoTcube Conference (Aug 2022)
Paper presentation at 31st USENIX Security Symposium (Aug 2022)
Supply Chain Security Workshop (Jul 2022)
Talk at IoTcube Conference (Aug 2021)
Paper presentation at 30th USENIX Security Symposium (Aug 2021)
Paper presentation at 43rd International Conference on Software Engineering (May 2021)
Talk at KIISC Online Short Course about System Reverse Engineering and Vulnerability Analysis (Nov 2020)
Talk at IoTcube Conference (Aug 2019)
Research presentation at 10th Workshop among Asian Information Security Labs (Jan 2018)
Poster presentation at 38th IEEE Symposium on Security and Privacy (May 2017)