S.A.N.E. LAB.

(Security Assessment aNd Engineering LABoratory │ www.KimLab.net)

Mission

Our research interests lie primarily in ⑴ Design and implementation of reliable and secure computing systems : Ensuring that security requirements are adequately addressed through all phases of the software development life-cycle including planning, defining, designing, building, testing, deploying as well as disposal. ⑵ Security validation : Evaluating the implementation and effectiveness of security controls, reporting on the achievement of control objectives, and recommending corrective action to address deficiencies identified in performance measurement and evaluations. ⑶ Threat and risk assessment (TRA) : Providing advice and guidance regarding the threat environment, the overall security risk management process, and security risk treatment options. As well, identifying assessment tools and interpreting the results of these assessments. ⑷ Blockchain & cryptocurrency.

For this, especially we focus on : ⑴ SDL (Security development lifecycle) & supply chain security, ⑵ Automated threat modeling and risk assessment, ⑶ Formal methods for analyzing and assuring safety and security of software systems, ⑷ Composable and scalable secure systems, ⑸ SOTA (Secure software updates over the air), ⑹ Security assessment & authorization such as Common Criteria, CMVP, SSE-CMM, RMF A&A, etc, ⑺ Blockchain & Crypto engineering.

Lab (SANE Lab) : www.KimLab.net | Lab (Army RMF Research Center) : www.HackProof.systems | Lab TV : www.YouTube.com | Blog : www.Crypto.kr

What we've done

Our lab's R&Ds mainly focus on "Security Assessment" and "Security Engineering". Till now we have gotten some notable achievements such as :


  • Smart TV : In 2017, LG electronics, which had been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! (For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))

  • Network-enabled Weapon Systems : From 2016 to 2017, we jointly developed the Korean RMF(Risk Management Framework) with the ROK Joint Chiefs of Staff. Through this, we had established the national strategy for securing the army's weapon systems and supply chain against cyber attack for the first time in Korea. (For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))

  • soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool was shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)

  • Secure SDLC : From 2019 to 2020, we had conducted R&D project for diagnosing and improving the current level of Samsung Research's Secure SDLC(Software Development Life Cycle). Through this project, we quantitatively analyzed the difference in Secure SDLC level between Samsung and its competitors, and suggested improvement plans for Secure SDLC optimized for Samsung.

  • CHAOS(ChibiOS-based High-Assurance Operating System) : Since 2018, we have been developing Korea's first secure micro kernel for drones with a security level above Common Criteria EAL6. (For detailed information refer to this site: github.com/HackProof/CHAOS)

  • TMoC(Threat Modelers on Chain) : Since 2021, we have been developing a tool that combines threat modeling with a blockchain-based collective intelligence system developed as a blockchain-based Web3 in the form of a decentralized web. Our tool was presented at DEFCON 2021 and Black Hat Asia 2022. (For detailed information refer to this site: github.com/HackProof/TMoC)


  • Published papers in premier conferences and journals : ACSAC (1 paper), BlackHat Asia (3 papers), BlackHat EU (3 papers), BlackHat USA (1 paper), DEFCON (4 papers), ICCC (6 papers), Virus Bulletin (2 papers) at Korea University / AsiaCrypt (1 paper), CT-RSA (3 papers), ICCC (2 papers), IEEE TC (1 paper) at Sungkyunkwan University


Year's highlights

Now, we're recruiting creative graduate students who possess a passion for learning, thinking, etc. If you are willing to work with us see the following : Introduction to SANE Lab., Introduction to Security Engineering, Must read items for new students at SANE Lab.


(Since 2011)