profile picture

Seunghoon Woo

Dept. of Computer Science and Engineering, Korea University



Assistant Professor

Research Interests

  • Open-source Software Security
  • Software Composition Analysis
  • Code Clone Detection
  • Vulnerability Detection

Education

M.S & Ph.D Integrated Course in Computer & Communication Security Laboratory

Korea University
Sep 2016 - Aug 2022
Cumulative GPA: 4.45/4.5

Bachelor of Computer Science and Engineering (Great Honor)

Korea University
Mar 2010 - Feb 2016
Cumulative GPA: 4.22/4.5

Ph.D. Thesis

Detecting Software Vulnerabilities for Mitigating Risks of Open-Source Reuse

Korea University
Computer Science and Engineering
Computer & Communication Security Laboratory
Aug 2022
Advisor: Prof. Heejo Lee

CVE assignment

Publications

◆ INTERNATIONAL CONFERENCE PUBLICATIONS
V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-source Software Components Using Code Classification Techniques
Seunghoon Woo, Eunjin Choi, Heejo Lee, Hakjoo Oh
32nd USENIX Security Symposium (Security 2023)
[acceptance rate: 29.0%] [paper] [slide] [code]
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components
Seunghoon Woo, Hyunji Hong, Eunjin Choi, Heejo Lee
31st USENIX Security Symposium (Security 2022)
[acceptance rate: 18.0%] [paper] [slide] [code] [article1] [article2]
L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing
Haram Park, Carlos Nkuba Kayembe, Seunghoon Woo, Heejo Lee
52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022)
[acceptance rate: 18.7%] [paper] [slide] [code]
DICOS: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User Discussions
Hyunji Hong, Seunghoon Woo, Heejo Lee
Annual Computer Security Applications Conference (ACSAC 2021)
[acceptance rate: 24.5%] [paper] [slide] [code]
V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
Seunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, Sven Dietrich
30th USENIX Security Symposium (Security 2021)
[acceptance rate: 19.0%] [paper] [slide] [code] [article1] [article2]
OctoPoCs: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
Seongkyeong Kwon, Seunghoon Woo, Gangmo Seong, Heejo Lee
51st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)
[acceptance rate: 16.3%] [paper] [slide] [code]
CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse
Seunghoon Woo, Sunghan Park, Seulbae Kim, Heejo Lee, Hakjoo Oh
43rd International Conference on Software Engineering (ICSE 2021)
[acceptance rate: 22.4%] [paper] [slide] [code] [article1] [article2]
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
Seulbae Kim, Seunghoon Woo, Heejo Lee, Hakjoo Oh
38th IEEE Symposium on Security and Privacy (S&P 2017)
[acceptance rate: 12.9%] [paper] [slide] [code] [article1] [article2]
◆ INTERNATIONAL JOURNAL PUBLICATIONS
ZMAD: Lightweight Model-based Anomaly Detection for the Structured Z-Wave Protocol
Carlos Nkuba Kayembe, Seunghoon Woo, Heejo Lee, Sven Dietrich
IEEE ACCESS (2023, IF:3.476)
[acceptance rate: N/A] [link]
CIRCUIT: A JavaScript Memory Heap-Based Approach for Precisely Detecting Cryptojacking Websites
Seunghoon Woo*, Hyunji Hong*, Sunghan Park*, Jeongwook Lee, Heejo Lee (* contributed equally)
IEEE ACCESS (2022, IF:3.476)
[acceptance rate: N/A] [paper] [link]
xVDB: A High-Coverage Approach for Constructing a Vulnerability Database
Hyunji Hong, Seunghoon Woo, Eunjin Choi, Jihyun Choi, Heejo Lee
IEEE ACCESS (2022, IF:3.476)
[acceptance rate: N/A] [paper] [link]
◆ OTHERS
Blockchain Security Threats and Analysis in the Web 3.0 Era
Seunghoon Woo, Geonwoo Lee, Taejun Lee, Yunseong Choi, Heejo Lee, Kyeongsik Min, Jinsang Park
KISA INSIGHT (2023)
[acceptance rate: N/A]
Trends in Open-source Software Vulnerability Analysis and Detection Technology
Seunghoon Woo, Hyunji Hong, Heejo Lee
OSIA Standards & Technology Review (2022)
[acceptance rate: N/A]
Open-source Software Vulnerability Detection Techniques for Enhancing Supply Chain Security
Hyunji Hong, Seunghoon Woo, Heejo Lee
Review of KIISC (2022)
[acceptance rate: N/A]
Poster: IoTcube: an automated analysis platform for finding security vulnerabilities
Seulbae Kim, Seunghoon Woo, Heejo Lee, Hakjoo Oh
38th IEEE Symposium on Poster presented at Security and Privacy (S&P Poster 2017)
[acceptance rate: N/A] [paper]

Experiences

Korea University

Sep 2023 - Present
Assitant Professor

LABRADOR LABS Inc.

May 2022 - Present
Chief Scientist (https://labradorlabs.ai)

Center for Software Security and Assurance

Sep 2022 - Aug 2023
Research Professor

National University of Singapore

Jan 2017 - Feb 2017
Research Intern (Advisor: Prof. Minsuk Kang)

Center for Software Security and Assurance

Mar 2016 - Aug 2022
Researcher & Developer

The State University of New York (Korea campus), Songdo, Incheon

Jun 2015 - Aug 2015
Student intern

DoDotDo (startup)

Dec 2014 - Sep 2015
Core developer

Samsung Electronics, Suwon, Korea

Jun 2014 - Feb 2016
Student intern (Jun 2014 - Aug 2014) and Engineer (Dec 2015 - Feb 2016)

Projects

Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security (*2022 IITP outstanding performance project)

Project Manager & Researcher & Developer (Jun 2019 - Present)
International Joint Research

The Intelligent IoT Integrator (I3): LA Smart City Project

Researcher & Developer (Nov 2017 - Present)
University of Southern California

A Study on Verifying Open-Source Software Reliability for Reinforcing Operating System Security

Researcher (Apr 2020 - Oct 2020)

Development of DNS-based lightweight framework for automatic response to abnormal network behavior

Researcher & Developer (May 2018 - Oct 2018)

NICOP-Smokescreen : A study of a DDoS-resilient Network Architecture through Traffic Classification and Isolation

Project Manager (Sep 2017 - Sep 2019)
Office of Naval Research

Development of Vulnerability Discovery Technologies for IoT Software Security

Researcher & Developer (Feb 2016 - May 2018)
International Joint Research

Patents/Standards

METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Heejo Lee, Seunghoon Woo (KR Registration, 10-2476358, Dec 2022)
Structured Software Vulnerability Database Information Expression for Vulnerability Detection and Resolution
Heejo Lee, Seunghoon Woo, Hyunji Hong, Choonsik Park, Yunseong Choi (TTAK.KO-12.0384, Jun 2022)
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Heejo Lee, Seunghoon Woo (US Application, 17525126, Nov 2021)
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Heejo Lee, Seunghoon Woo (EU Application, EP21202849.2, Oct 2021)

Open-Source Contributions

Apple (Fixing Security Vulnerabilities) - with Haram Park
Discovered DoS vulnerabilities in Apple tvOS, watchOS, iOS, iPadOS, and macOS Monterey Bluetooth stack
Xpdf (Fixing Security Vulnerabilities) - with Seongkyeong Kwon
Detected a stack consumption vulnerability in XPDF (https://www.xpdfreader.com)
Stepmania (Fixing Security Vulnerabilities) - with Seongkyeong Kwon
Detected a vulnerability related to improper validation of array index in Stepmania (https://github.com/stepmania/stepmania)
Redis (Fixing Security Vulnerabilities)
Detected a possible stack-based buffer overflow vulnerability in Redis (https://github.com/redis/redis)
Godot (Fixing Security Vulnerabilities)
Detected a possible remote code execution vulnerability in Godot (https://github.com/godotengine/godot)
LibGDX (Fixing Security Vulnerabilities)
Detected a possible remote code execution vulnerability in LibGDX (https://github.com/libgdx/libgdx)

Talks and Presentations

Discovering Open-source Software Vulnerabilities for Supply Chain Security

NetSec-KR (Apr 2023)

Vulnerabilities and Security in Blockchain Software

Talk at Blockchain Grand Week (Dec 2022)
[presentation]

Vulnerabilities and Security in Open-Source Software

Talk at UNIST (Dec 2022)

Identifying Open-Source Software Components and Detecting Vulnerabilities

Talk at IoTcube Conference (Aug 2022)

MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components

Paper presentation at 31st USENIX Security Symposium (Aug 2022)
[presentation]

Open Source Vulnerability Detection for Supply Chain Security

Supply Chain Security Workshop (Jul 2022)
[presentation]

Analysis of Reused Open-Source Software Components for Software Bill of Materials

Talk at IoTcube Conference (Aug 2021)

V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities

Paper presentation at 30th USENIX Security Symposium (Aug 2021)
[presentation]

CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse

Paper presentation at 43rd International Conference on Software Engineering (May 2021)
[presentation]

Verification Technology for Open-Source Software Security

Talk at KIISC Online Short Course about System Reverse Engineering and Vulnerability Analysis (Nov 2020)

Automatic Vulnerability Analysis Framework Applied to LA Smart City Projects

Talk at IoTcube Conference (Aug 2019)

Identifying Constituent OSS in Software through Code Similarity Detection

Research presentation at 10th Workshop among Asian Information Security Labs (Jan 2018)

IoTcube: an automated analysis platform for finding security vulnerabilities

Poster presentation at 38th IEEE Symposium on Security and Privacy (May 2017)

External Reivewers

ACM Transactions on Software Engineering and Methodology (2023)

Software Practice and Experience (2023)

IEEE Transactions on Vehicular Technology (2022)

Journal of Communications and Networks (2021)