(www.KIMLAB.net or SANE.korea.ac.kr)

Our ultimate research objective is efficiently integrating "Secure Software Development Lifecycle (or simply the SSDL)" and "Model-Driven Security Engineering" for the development of trustworthy software and hardware systems.

Especially, we focus on : (1) Threat modeling techniques for identifying and addressing design flaws before their implementation into code, (2) Model-driven security : model-driven policy development, model-driven secure code, etc., (3) Automated security testing : penetration testing, fuzzing, and test case development, (4) Techniques towards independent and trustworthy security evaluation and assertion of ICT product integrity, (5) Comparative analysis of existing security certification programs such as Common Criteria, CMVP, SSE-CMM, RMF, etc, (6) Methods and techniques for supply chain security, (7) Secure architectures towards 'zero-trust' deployments, (8) Cryptography and blockchain.

Till now we have gotten some notable achievements :

- Smart Card: In 2006, smart card O/S, co-worked with Samsung SDS, have earned the Common Criteria EAL4+ certification for the first time in Korea.

- Printer (MFP): In 2008, we co-developed the security modules of MFP (Multifunction Printer) with Samsung Electronics and guided them to get Common Criteria certification for the first time in Korea.

- Database: In 2008, we (with WareValley) also received Common Criteria EAL4 certification for database security solution, 'Chakra' for the first time in Korea.

- Smart TV: In 2017, LG electronics, which has been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! 

- Network-enabled Weapon Systems: From 2016 to 2017, we (with ROK Joint Chiefs of Staff) had developed the national strategy for securing the army's weapon systems and supply chain against cyber attack.

- soFrida: In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool will be shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)

- Published papers on cryptography, hacking, malware, security evaluation in premier conferences and journals : ACSAC (1), AsiaCrypt (1), BlackHat (5), CT-RSA (3), DEFCON (1), ICCC (7), IEEE TC (1), Information Sciences (2), VB (2)

since March 2011