S.A.N.E. LAB.

2026 Highlights : Our paper, "Towards Automated Threat Modeling for Space Systems via SPARTA Matrix", has been accepted for presentation at NDSS Symposium - SpaceSec 2026 (Workshop on the Security of Space and Satellite Systems 2026), co-located with the NDSS Symposium 2026. Another paper, "Beyond STRIDE: A Unified Multi-Attribute Framework for Trustworthy AI", has been accepted to the IEEE Symposium on Security and Privacy 2026 Posters. In addition, our paper, "Bridging Two TARAs: Integrating MITRE CTSA/CRRA Prioritization into ISO/SAE 21434 for Automotive Security", has been accepted at USENIX Symposium on VehicleSec 2026 (Vehicle Security and Privacy 2026).

2025 Highlights : We are delighted to announce that our paper, "Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea", has been accepted for the USENIX Security 2025, and two papers, "Improving CC Evaluation Efficiency Through MAL" and "Maintaining Assurance In Fast-Paced Software Development: Automation, Delta Evaluation, And Applicability To Common Criteria", are accepted to ICCC 2025 (The International Common Criteria Conference 2025), which is the leading forum for the community of professionals involved in cybersecurity evaluation/certification! In addition, our journal papers,  "Comprehensive​ ​Analysis​ ​and​ ​Recommendation​ ​of​ ​Supply​ ​Chain​ ​Risk​ ​Management​ ​Framework​ ​for​ ​the​ ​Military​ ​Domain", "Deriving Usability Evaluation Criteria for Threat Modeling Tools", and "Threat Modeling for the Defense Industry: Past, Present, and Future" were accepted to IEEE Access (IF:3.4).

2024 Highlights : Our work, "A Tip for IOTA Privacy: IOTA Light Node Deanonymization via Tip Selection" was accepted as a full paper at IEEE ICBC 2024 (IEEE International Conference on Blockchain and Cryptocurrency 2024), to be held in Dublin, Ireland, 27-31 May, 2024. In this year, 35 full papers were accepted among 181 of full paper submissions, yielding an acceptance rate of 19.34%! And our journal paper, "Challenges in Dynamic Analysis of Drone Firmware and Its Solutions" was accepted to IEEE Access (IF:3.4).

2023 Highlights : Professor Seungjoo Kim, SANE lab.'s advisor, has been appointed as the vice president for Digital Information of Korea University, and our paper, "Formally Verified Software Update Management System in Automotive" was presented at NDSS Symposium - VehicleSec 2023 (Inaugural Symposium on Vehicle Security and Privacy 2023)! 

2022 Highlights : Our papers, "TMoC: Threat Modelers on Chain" was presented at Black Hat Asia 2022 Arsenal, "Block Double-Submission Attack: Block Withholding Can Be Self-Destructive" was presented at ACM AFT 2022 (ACM Advances in Financial Technologies 2022),  "Do You Really Need to Disguise Normal Servers as Honeypots?" was accepted to IEEE MILCOM 2022 (40th IEEE Military Communications Conference 2022), and our paper, "Rethinking Selfish Mining under Pooled Mining" was accepted to ICT Express journal, the Impact Factor of which is 4.317, ranking it 22 out of 91 in Telecommunications.

2021 Highlights : Two papers from our lab were accepted in DEFCON Blockchain Village 2021! : "Blockchain as a Threat Modeling Thinking Tool" and "Will Secure Element Really Help Strengthen the Security of Cryptocurrency Wallets?". Congratulations to all the authors! And our journal papers, "CIA-Level Driven Secure SDLC Framework for Integrating Security into SDLC Process" and "Blockchain as a Cyber Defense", were accepted to Journal of Ambient Intelligence and Humanized Computing (IF:7.104), and IEEE Access (IF:3.367) respectively.

2020 Highlights : Our paper, "Blockchain for Cyber Defense: Will It Be As Good As You Think?" was presented at DEFCON Blockchain Village 2020, and the paper, "BinTyper: Type Confusion Detection for C++ Binaries", was accepted to Black Hat Europe 2020. In addition, another paper, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", was accepted at the 19th ICCC 2020 (The 19th International Common Criteria Conference 2020), and our journal paper, "Blockchain Based Sensitive Data Management by Using Key Escrow Encryption System from the Perspective of Supply Chain", was published at IEEE Access (IF:4.098).

2019 Highlights : Our paper, "When Voice Phishing met Malicious Android App (extended version)" was accepted to Black Hat Asia 2019 conference (acceptance ratio: 11.95% = 35 accepted / 293 submissions) (See press coverage at DARKReading and Heise), and another paper "Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit" was accepted to Black Hat Europe 2019 (Our discovery of an information leak vulnerability in Microsoft Remote Desktop Client, CVE-2019-1108, had received $10,000 bug bounty from HackerOne). Furthermore, our automated mobile cloud app analysis tool, "soFrida", was accepted to DEFCON Demo Labs 2019. By using this tool, we had analyzed 4 million Android apps and found 2,700+ potentially vulnerable apps that could leak sensitive personal information data and manipulate back-end cloud DB. For more details, see sofrida.github.io. And also two papers were accepted at the 18th ICCC 2019 (The 18th International Common Criteria Conference 2019) : "IoT Device Hacking and New Direction of IoT Security Evaluation Using Common Criteria" and "Verification of IVI Over-The-Air Using UML/OCL". One moer thing! Our graduate students, "JaeKi Kim" and "Min-Chang Jang", presented "Kimsuky Group: Tracking the King of the Spear-Phishing" at 29th VB2019 (Virus Bulletin conference 2019) again, after VB 2018. 

2018 Highlights : Our graduate students, "JaeKi Kim" and "Min-Chang Jang", presented "DOKKAEBI: Documents of Korean and Evil Binary" at 28th VB2018 (Virus Bulletin conference 2018), and "Min-Chang Jang" also presented "When Voice Phishing met Malicious Android App" at CODE BLUE 2018 (See press and book coverage at KBS1 and SBS). Furthermore, we opened a 'Center for High-Assurance Operating Systems(CHAOS)' in Korea University in order to develop the technologies needed to make and evaluate EAL6/EAL7 OS.

2017 Highlights : Yes, we did it again after Black Hat USA 2013 : See our talk, "Are you watching TV now? Is it real?: Hacking of smart TV with 0-day" at Hack in Paris 2017 (See press coverage at 01net.com and demo.), and "LG vs. Samsung Smart TV: Which Is Better for Tracking You?" at CODE BLUE 2017! Additionally, my graduate student, "Min-Chang Jang", gave a talk on forensic studies of "North Korean hacking" at Black Hat Europe 2017 (See press coverage at Sky News.) and also at Black Hat Asia 2018. Furthermore, we opened a 'Army RMF Research Center(AR²C)'. 

2016 Highlights :  The paper, "Deep Learning Based Real-Time DNS DDoS Detection System", was accepted to ACSAC 2016 (The 32nd Annual Computer Security Applications Conference 2016) as a poster presentation.

2015 Highlights : Our professor, "Seungjoo Kim" talked about the various cybersecurity educational and professional training programs of Korea at CODE BLUE 2015 (This presentation slide was selected as one of the 'Most Talked-About Slide on Facebook'!), and we discovered some critical vulnerabilities in LTE Femtocell and notified to the operator and manufacturer (Research Paper @ SECUINSIDE 2015). Additionally, our case studies submission on the "DDoS Attack to DNS Using Infected IoT Devices" to this year's ACSAC 2015 (The 31st Annual Computer Security Applications Conference 2015, which is one of the most important cyber security conferences in the world and the oldest information security conference held annually) was included in the program. 

2014 Highlights : Our paper, "Developing a Protection Profile for Smart TV" was accepted at The 15th ICCC 2014 (International Common Criteria Conference 2014), and another paper "(The First Experimental) Study on Smart TV Forensics" was presented at Journal of the KIISC (Korean Institute of Information Security and Cryptology) (English version is here! : "Further Analysis on Smart TV Forensics" at Journal of Internet Technology (SCI-E, IF:1.930)). 

2013 Highlights : "Smart TV Security - #1984 in 21st century" appeared at The 14th CanSecWest 2013 (The 14th CanSecWest Applied Security Conference 2013) (See press coverage at MBC, KBS, channelIT, inews24.com), and the extended version, "Hacking, Surveilling, and Deceiving Victims on Smart TV" was also presented at The 17th Black Hat USA 2013 (See press and book coverage at The Wall Street Journal, The Guardian, Fox News, ZDNet, Network World, Digital Trends, CBS, KBS, The Electronic Times, Nitesh Dhanjani's "Abusing the Internet of Things - Blackouts, Freakouts, and Stakeouts - (O'REILLY)", ENISA's report entitled "Security and Resilience of Smart Home Environments", and etc.). Furthermore, we had two papers accepted at The 14th ICCC 2013 (The 14th International Common Criteria Conference 2013). One was "Problem and Improvement of the Composition Documents for Smart Card Composite Product Evaluations", and the other one was "How the CC Harmonizes with Secure Software Development Lifecycle". One more thing! "SHRT - New method of URL shortening including relative word of target URL" was presented at SOUPS 2013 (The Symposium on Usable Privacy and Security 2013) as a poster. 

2012 Highlights : Our journal paper, "Efficient Certificateless Proxy Signature Scheme with Provable Security" was accepted at Information Sciences (IF:3.643). 

2011 Highlights : Prof. Seungjoo Kim moved to School of Cybersecurity, Korea University from School of Information and Communication Engineering, Sungkyunkwan University  and established his lab, "SANE (Security Automation aNd Engineering) Lab".