For the list of ongoing projects => click!
https://github.com/PLASLaboratory/op-eliminator, https://github.com/ObfusKorea/Obfuscator, https://github.com/PLASLaboratory/WeakKeywordCpp, https://github.com/PLASLaboratory/PackerIdentificator, https://github.com/PLASLaboratory/CrashFilter
Program Analyses for Security and Safety Enhancement
We have analyzed binary programs to detect security related bugs from multiple crashes. Our static taint analyzer, called “CrashFilter,” for multi-platform binary code investigation works along the virtually entire paths from the crash site, in order to find exploitable program points.
We are also trying to help understanding malicious binary programs better. We found that proper adoption of static/dynamic analysis, program synthesis and deep learning techniques for binary code enhances the analysis results for some goals.
Recently, some of our recent works are based on analyzing vulnerable higher-level programs written in C/C++ at the level of LLVM IR, which include Android media framework analysis.
[Jeon23] "Assessing Opaque Predicates: Unveiling the Efficacy of Popular Obfuscators with a Rapid Deobfuscator," APSEC 2023 poster session, Dec. 5th, 2023
[Kim23] "Attention-based Cross-modal CNN using Non-disassembled Files for Malware Classification", IEEE Access, vol. 11, pp 22889 - 22903, Mar. 2023
[Kang22] "Program synthesis-based simplification of MBA obfuscated malware with restart strategies", The Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks Workshop (CheckMate) at ACM CCS, Nov. 2022
[Paik22] "Malware classification using a byte-granularity feature based on structural entropy", Computational Intelligence, Vol. 38 No.2, Wiley, doi:10.1111/coin.12521, Apr. 2022
[Kim22] "Byte Frequency based Indicators for Crypto-Ransomware Detection from Empirical Analysis", Journal of Computer Science and Technology (JCST), Vol. 37 No. 2, Springer, DOI: 10.1007/s11390-021-0263-x , 2022
[Kim21] "LOM: Lightweight classifier for obfuscation methods", The 22nd World Conference on Information Security Applications (WISA'21), Aug. 2021, Jeju Island, Korea, accepted for publication (acceptance rate = %38.7) best paper awarded
[Kang21] "OBFUS: Obfuscation tool for software copyright and vulnerability protection", Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy (CODASPY ’21), Apr. 2021, (poster)
[Yang20] "DBB-DSE : Dynamic Backward-Bound Dynamic Symbolic Execution", Network and Distributed System Security Symposium (NDSS), Feb. 2020 San Diego, CA, US. (poster)
[Paik19] "Buffer Management for Identifying Crypto-ransomware Attack in Environment with no Semantic Information," Joon-Young Paik, IEEE International Symposium on Parallel and Distributed Processing with Applications (IEEE ISPA 2019), Zimen, China, Dec, 2019
[Mok19] "TraceFilter: An Exploitability Analyzer of Vulnerabilities in Binary Code", The 17th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2019), Work-in-Progress Paper (6 pages, peer reviewed), Fukuoka, Japan, Aug. 2019
[Kim19] "Efficient SVM Based Packer Identification with Binary Diffing Measures ," IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC 2019) short paper (6 pages), Jul, 2019
[Lee19] "Toward Machine Learning based Analyses on Packed Firmware", The 13th IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA) at The 43rd IEEE COMPSAC, Milwaukee , WI, US, July, 2019
[Mok18] "Static analysis for more sophisticated crash risk classification," Student Research Competition, 16th Asian Symposium on Programming Languages and Systems (APLAS), Dec. 2018 (poster), Wellington, New Zealand
[Jung18] "A vulnerability analysis tool for Android Media Framework," Student Research Competition, 16th Asian Symposium on Programming Languages and Systems (APLAS), Dec. 2018 (poster), Wellington, New Zealand
[Paik18] "A Storage-level Detection Mechanism against Crypto-Ransomware", ACM CCS (The 25th ACM Conference on Computer and Communications Security) (poster), Toronto, Canada, Oct. 2018
[Lee18] "Toward Firmware Type Analysis Using Machine Learning Techniques ", Student Research Symposium (SRS 2018) at the 42th IEEE COMPSAC, Tokyo, Japan, July, 2018
[Mok18] "Building a CFG to include exceptions", Student Research Symposium (SRS 2018) at the 42th IEEE COMPSAC, Tokyo, Japan, July, 2018
[Jeon17] "Automated Crash Filtering using Interprocedural Static Analysis for Binary Codes.", in proc. of IEEE Computer Software and Applications Conference (COMPSAC2017), July, 2017, Turin, Italy (acceptance ratio < 20%)
[Kim17] "Measuring Similarity of Binary Programs using Hungarian Algorithm," in Proc. of Network and Distributed System Security Symposium (NDSS), Feb. 2017 San Diego, CA, US. (poster)
[Paik16] “Self-Defensible Storage Devices based on Flash memory against Ransomware,” 37th IEEE Symposium on Security and Privacy, May. 2016, San Jose, USA (poster)
[Jeon15] “A Lightweight Method for Memory Location Analysis in Binary Programs,” 13th Asian Symposium on Programming Languages and Systems (APLAS), Pohang, Korea, Nov. 30 – Dec. 2, 2015 (poster)
[Mok15] “A Reduction Method for Program Trace Sizes for Deobfuscation,” The 18th International Symposium on Research in Attaks, Intrusions and Defenses (RAID), 2-4, Nov. 2015, Kyoto, Japan (poster)
[Eom15]“Automated Crash Filtering for ARM Binary Programs,” in proc. of IEEE Computer Software and Applications Conference (COMPSAC2015), Taiwan, Jul. 2015
[Eom14]“An Efficient Static Taint-Analysis Detecting Exploitable-Points on ARM Binaries,” PhD. Forum paper, The 33rd IEEE Symposium on Reliable Distributed Systems (SRDS 2014), Oct. 2014, Nara, Japan
https://github.com/PLASLaboratory/EVM_plus, https://github.com/PLASLaboratory/solc_plus
Novel Programming Models and Language System Supports
This research started from seeking for proper programming models for well-describing and handling exceptional situations in pervasive systems. The programming model proposes exception definition strategies based on “situations”. It requires prompt detection of specific situations so we also elaborate on real time stream data processing .
Recently we are also focusing on safety/privacy-enhancement of EVM virtual machine-based programs like Solidity smart contracts, to support robustness of block-chain based financial digital eco systems by rewritting EVM byte code. By making the technique as platform independent as possible, we expect our technique to be applied to other distributed systems like cloud computing systems.
[Kim22]"Stone: A Privacy Policy Enforcement System for Smart Contracts ", the 5th International IEEE Workshop on Blockchain Oriented Software Engineering (BOSE), held within IEEE SANER, Mar. 2022
[Jeong22]"Dystone: Program Analysis-Based Privacy Enhancement System for Smart Contracts", ACSAC 2021 Work-in-Progress Talk (peer reviewed), Dec. 2021.
[Kim21]"Support for the safety of EVM bytecode via function-call interceptor", IEEE International Workshop on Blockchain and Smart Contracts (IEEE BSC@QRS), Dec. 2021.
[Lee21] "Lightweight extension of an execution environment for safer function calls in Solidity/EVM smart contracts", 4th International Workshop on Emerging Trends in Software Engineering for Blockchain (IWBOSS) at 28th IEEE International Conference on Software Analysis , Evolution and Reengineering (SANER), Mar. 2021
[Lee19] "A modified smart contract execution enviroment for safe function calls ", Student Research Symposium (SRS 2019) at the 43th IEEE COMPSAC, Milwaukee , WI, US, July, 2019
[Jung19] "Outlier Detection for Ship Trajectory Prediction", The 17th ACM International Conference on Mobile Systems, Applications and Services (MobiSys19) poster, June, 2019
[Jung18]"Grand Challenge: Bayesian Estimation on Destination Ports and Arrival Times of Vessels", ACM International Conference on Distributed and Event-Based Systems (ACM DEBS), Grand Challenge Competition, Hamilton, New Zealand, June, 2018
[Choi17]“Runtime Anomaly Detection Method in Smart Factories using Machine Learning on RDF Event Streams: Grand Challenge ,” ACM International Conference on Distributed and Event-Based Systems (ACM DEBS) Grand Challenge, June. 2017, Barcelona, Spain
[Choi16]“Grand Challenge: Experience of Event Stream Processing for Top-k Queries and Dynamic Graphs,” ACM International Conference on Distributed and Event-Based Systems (ACM DEBS) Grand Challenge, June. 2016, Irvine, CA, USA
[Choi14]“Performance-Aware API for Event Processing Queries”, REBLS (Workshop on Reactive and Event-based Languages & Systems) at ACM SIGPLAN conference on Systems, Programming, Languages and Applications: Software for Humanity (SPLASH), Portland, USA, Oct. 2014
[Yoon14]"A Formal Modeling on Exceptions for Context-Aware Systems,”Eun-Sun Cho and Sumi Helal, IEEE International Workshop on Modeling and Verifying of Distributed Applications (MVDA) at The 38th IEEE COMPSAC , Vasteras, Sweden, July, 2014
[Cho13]"Dynamic Parameter Filling for Semantic Exceptions in Context-Aware Systems,” The 10th IEEE International Conference on Ubiquitous Intelligence and Computing (UIC-2013), Vietrisul Mare, Italy, Dec. 2013
[Cho12]“Toward Efficient Detection of Semantic Exceptions in Context-Aware Systems,” The 2012 International Workshop on Embedded Intelligence and Smart Systems (WEISS 2012), Fukuoka, Japan, September 2012.
[Cho11]“A Situation-based Exception Detection Mechanism for Safety in Pervasive Systems”, in proc. of 11th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT 2011) Short Paper, pp196-201, Jul. 2011