(Security Assessment aNd Engineering LABoratory │ www.KimLab.net)


Our research interests lie primarily in building "secure and dependable software systems and services". For this, we are interested in theory,​ ​techniques,​ ​and​ ​tools​ to achieve dependability, quality, safety, and security of systems in the software development process.

Especially we focus on : ⑴ SDL (Security development lifecycle) & supply chain security, ⑵ Automated threat modeling and risk assessment, ⑶ Formal methods for analyzing and assuring safety and security of software systems, ⑷ Composable and scalable secure systems, ⑸ SOTA (Secure software updates over the air), ⑹ Security assessment & authorization such as Common Criteria, CMVP, SSE-CMM, RMF A&A, etc, ⑺ Blockchain & Crypto engineering.

Lab (SANE Lab) : www.KimLab.net | Lab (Army RMF Research Center) : www.HackProof.systems | Lab TV : www.YouTube.com | Blog : www.Crypto.kr

What we've done

Our lab's R&Ds mainly focus on "Security Assessment" and "Security Engineering". Till now we have gotten some notable achievements such as :

  • Smart TV : In 2017, LG electronics, which had been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! (For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))

  • Network-enabled Weapon Systems : From 2016 to 2017, we jointly developed the Korean RMF(Risk Management Framework) with the ROK Joint Chiefs of Staff. Through this, we had established the national strategy for securing the army's weapon systems and supply chain against cyber attack for the first time in Korea. (For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))

  • soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool will be shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)

  • Secure SDLC : From 2019 to 2020, we had conducted R&D project for diagnosing and improving the current level of Samsung Research's Secure SDLC(Software Development Life Cycle). Through this project, we quantitatively analyzed the difference in Secure SDLC level between Samsung and its competitors, and suggested improvement plans for Secure SDLC optimized for Samsung.

  • Published papers in premier conferences and journals : ACSAC (1 paper), BlackHat Asia (2 papers), BlackHat EU (3 papers), BlackHat USA (1 paper), DEFCON (4 papers), ICCC (6 papers), Virus Bulletin (2 papers) at Korea University / AsiaCrypt (1 paper), CT-RSA (3 papers), ICCC (2 papers), IEEE TC (1 paper) at Sungkyunkwan University

Year's highlights

Now, we're recruiting creative graduate students who possess a passion for learning, thinking, etc. If you are willing to work with us see the following : Introduction to SANE Lab., Introduction to Security Engineering, Must read items for new students at SANE Lab.

(Since 2011)