(www.KIMLAB.net or SANE.korea.ac.kr)

Our research areas focus on SDL(Security Development Lifecycle), security engineering, cryptography and blockchain. 

Especially Our lab's R&Ds mainly focus on (1) Secure design and architecture : attack surface analysis, threat-risk modelling, and software composition analysis (2) Secure development : code reviews and SAST(Static Application Security Testing) (3) Security testing/QA : penetration testing, fuzzing, and test case development (4) Security evaluation/certification & security audit : CMVP, CC, ISMS, C&A, etc. (5) Secure Over-The-Air software updates.

Till now we have gotten some notable achievements :

- Smart Card: In 2006, smart card O/S, co-worked with Samsung SDS, have earned the Common Criteria EAL4+ certification for the first time in Korea.

- Printer (MFP): In 2008, we co-developed the security modules of MFP (Multifunction Printer) with Samsung Electronics and guided them to get Common Criteria certification for the first time in Korea.

- Database: In 2008, we (with WareValley) also received Common Criteria EAL4 certification for database security solution, 'Chakra' for the first time in Korea.

- Smart TV: In 2017, LG electronics, which has been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! 

- Network-enabled Weapon Systems: From 2016 to 2017, we (with ROK Joint Chiefs of Staff) had developed the national strategy for securing the army's weapon systems and supply chain against cyber attack.

- soFrida: In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ vulnerable android apps. Our tool will be shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)

- Published papers on cryptography, hacking, malware, security evaluation in premier conferences and journals : ACSAC (2015), AsiaCrypt (1996), BlackHat (2013, 2017, 2018, 2019), CT-RSA (2003a, 2003b, 2007), DEFCON (2019), ICCC (2008, 2010, 2013a, 2013b, 2014), IEEE TC (2003), Information Sciences (2007, 2012), VB (2018, 2019)


since March 2011