Prof. Dr. Seungjoo (Gabriel) Kim


Hello, I am Seungjoo (Gabriel) Kim (Nick: Pr0xy5kim). I am a professor of Graduate School of Information Security / Undergraduate Department of Cyber Defense in Korea University from 2011 and my research areas focus on efficiently integrating "Secure Software Development Lifecycle (or simply the SSDL)" and "Model-Driven Security Engineering" for the development of trustworthy software and hardware systems. Especially I am interested in : (1) Threat modeling techniques for identifying and addressing design flaws before their implementation into code, (2) Security testing : penetration testing, fuzzing, and test case development, (3) Techniques towards independent and trustworthy security evaluation and assertion of ICT product integrity, (4) Comparative analysis of existing security certification programs, (5) Methods and techniques for supply chain security, (6) Model-driven security, (7) Cryptography and blockchain.

For the past 7 years I was an associate professor of School of Information and Communication Engineering in Sungkyunkwan University and have 5 years of back ground of team leader of Cryptographic Technology Team and also IT Security Evaluation Team of KISA(Korea Internet & Security Agency).

In addition to being a professor, I am positioning a director of CHAOS(Center for High-Assurance Operating Systems), a head of SANE(Security Analysis aNd Evaluation) Lab, an adviser of hacking club 'CyKor (DEFCON CTF 2015 & 2018 winner)' of Department of Cyber Defense in Korea University, a founder/advisory director of an international security & hacking conference 'SECUINSIDE'. My numerous professional focus on a presidential committee member on the 4th industrial revolution and an advisory committee member of several public and private organizations such as NIS(National Intelligence Service), Ministry of National Defense, Ministry of Justice, Supreme Prosecutors' Office, Korea National Police Agency, Nuclear Safety and Security Commission, etc. I also taught at the Korea Military Academy.

I have written 9 books, 73 SCI(E) papers, 29 patents, and according to Google Scholar, the citations to my works are 4200+ (Published papers on cryptography, hacking, malware, security evaluation in premier conferences and journals : ACSAC (2015), AsiaCrypt (1996), BlackHat (2013, 2017, 2018, 2019a, 2019b), CT-RSA (2003a, 2003b, 2007), DEFCON (2019), ICCC (2008, 2010, 2013a, 2013b, 2014, 2019a, 2019b), IEEE TC (2003), Information Sciences (2007, 2012), VB (2018, 2019)), and have received the best lecturer award from Korea University in 2012, 2016 and from National Human Resources Development Institute in 2019. Furthermore, I technically advised the SBS TV drama, "Phantom" and the movie, "The Berlin File".

Our lab's R&Ds mainly focus on "Secure Software Development Lifecycle (or simply the SSDL)" and "Model-Driven Security Engineering". Till now we we have gotten some notable achievements :
  • Smart Card : In 2006, smart card O/S, co-worked with Samsung SDS, have earned the Common Criteria EAL4+ certification for the first time in Korea.

  • Printer (MFP) : In 2008, we co-developed the security modules of MFP (Multifunction Printer) with Samsung Electronics and guided them to get Common Criteria certification for the first time in Korea.

  • Database : In 2008, we (with WareValley) also received Common Criteria EAL4 certification for database security solution, 'Chakra' for the first time in Korea.
  • Smart TV : In 2017, LG electronics, which has been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! (For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))

  • Network-enabled Weapon Systems : From 2016 to 2017, we (with ROK Joint Chiefs of Staff) had developed the national strategy for securing the army's weapon systems and supply chain against cyber attack. (For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))

  • soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool will be shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)


Highlights of Recent Researches & Activities