S.A.N.E. LAB.

(Security Assessment aNd Engineering LABoratory │ www.KimLab.net)

Mission

Our research interests lie primarily in trustworthy system development methodology (a.k.a. Secure System Development Life Cycle). We focus on theory,​ ​techniques,​ ​and​ ​tools​ ​to secure the system by both "designing-in" the necessary countermeasures and "engineering-out" vulnerabilities throughout the life cycle of the system.​

Especially, we focus on : Security·Privacy by design ​(HW/SW/architecture), Security​ ​engineering​ ​processes,​ ​from​ ​requirements​ ​to​ ​maintenance, Security requirements engineering, Tools​ ​and​ ​methodology​ ​for secure architecture design & ​secure​ ​code​ ​development, Risk​ ​management​ ​and​ ​testing​ ​strategies​ ​to​ ​improve​ ​security, Formal​ ​verification​ ​and​ ​other​ ​high-assurance​ ​methods​ ​for​ ​security, Human-centered​ ​design​ ​for​ ​systems​ ​security, Security assessment & authorization such as Common Criteria, CMVP, SSE-CMM, RMF A&A, etc, Secure update, Supply chain security, Blockchain & Crypto engineering.

What we've done

Our lab's R&Ds mainly focus on "Security Assessment" and "Security Engineering". Till now we have gotten some notable achievements such as :


  • Smart TV : In 2017, LG electronics, which had been working with us, received 'world-first' Common Criteria EAL2 certification for home appliances (smart TV). CC EAL2 is the same security level as Samsung KNOX! (Prior to this, in 2015, we got TTA-verified security certification from TTA(Telecommunications Technology Association), which was well-known security testing and certification laboratory in Korea! (For detailed information refer to this article: "How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability", Symmetry 2017, 9(10), 233 (IF: 1.457))

  • Network-enabled Weapon Systems : From 2016 to 2017, we jointly developed the Korean RMF(Risk Management Framework) with the ROK Joint Chiefs of Staff. Through this, we had established the national strategy for securing the army's weapon systems and supply chain against cyber attack for the first time in Korea. (For detailed information refer to this article: "Security Evaluation Framework for Military IoT Devices", Security and Communication Networks 2018 (IF: 1.067))

  • soFrida : In 2019, we developed 'soFrida', which was an automatic vulnerability analysis tool against the mobile cloud app and, among the 4 million android apps, we had identified 2,700+ potentially vulnerable android apps. Our tool will be shown for the first time at DEFCON 2019. (For detailed information refer to this site: sofrida.github.io)

  • Secure SDLC : From 2019 to 2020, we had conducted R&D project for diagnosing and improving the current level of Samsung Research's Secure SDLC(Software Development Life Cycle). Through this project, we quantitatively analyzed the difference in Secure SDLC level between Samsung and its competitors, and suggested improvement plans for Secure SDLC optimized for Samsung.


  • Published papers in premier conferences and journals : ACSAC (1 paper), BlackHat (5 papers), DEFCON (2 papers), ICCC (6 papers), Virus Bulletin (2 papers) at Korea University / AsiaCrypt (1 paper), CT-RSA (3 papers), ICCC (2 papers), IEEE TC (1 paper) at Sungkyunkwan University


Year's highlights

Now, we're recruiting creative graduate students who possess a passion for learning, thinking, etc. If you are willing to work with us see the following : Introduction to SANE Lab., Introduction to Security Engineering, Must read items for new students at SANE Lab.


(Since 2011)