• Publications
  • Influence
QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
A fast concolic execution engine, called QSYM, to support hybrid fuzzing, which does not just outperform state-of-the-art fuzzers, but also found 13 previously unknown security bugs in eight real-world programs like Dropbox Lepton, ffmpeg, and OpenJPEG. Expand
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
A new, yet critical, side-channel attack, branch shadowing, that reveals fine-grained control flows (branch granularity) in an enclave and develops two novel exploitation techniques, a last branch record (LBR)-based history-inferring technique and an advanced programmable interrupt controller (APIC)-based technique to control the execution of an enclave in a finegrained manner. Expand
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
T-SGX is implemented as a compiler-level scheme to automatically transform a normal enclave program into a secured enclave program without requiring manual source code modification or annotation, and is an order of magnitude faster than the state-of-the-art mitigation schemes. Expand
Spam Filtering in Twitter Using Sender-Receiver Relationship
A novel spam filtering system that detects spam messages in Twitter that uses relation features, such as the distance and connectivity between a message sender and a message receiver, to decide whether the current message is spam or not. Expand
Structural basis for viral late-domain binding to Alix
Overexpression of the V domain inhibits HIV-1 release from cells, and this inhibition of release is reversed by mutations that block binding of the Alix V domain to p6. Expand
Structural basis for ubiquitin recognition and autoubiquitination by Rabex-5
Rabex-5 is an exchange factor for Rab5, a master regulator of endosomal trafficking. Rabex-5 binds monoubiquitin, undergoes covalent ubiquitination and contains an intrinsic ubiquitin ligaseExpand
WarningBird: Detecting Suspicious URLs in Twitter Stream
This paper proposes WARNINGBIRD, a suspicious URL detection system for Twitter that considers correlated redirect chains of URLs in a number of tweets and trains a statistical classifier with features derived from correlated URLs and tweet context information. Expand
Breaking Kernel Address Space Layout Randomization with Intel TSX
A highly stable timing attack against KASLR, called DrK, that can precisely de-randomize the memory layout of the kernel without violating any such assumptions and is universally applicable to all OSes, even in virtualized environments, and generates no visible footprint. Expand
WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream
  • S. Lee, Jong Kim
  • Computer Science
  • IEEE Transactions on Dependable and Secure…
  • 1 May 2013
This paper develops methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness, and presents WarningBird as a near real-time system for classifying suspicious URLs in the Twitter stream. Expand
Molecular Architecture and Functional Model of the Complete Yeast ESCRT-I Heterotetramer
The results show how ESCRT-I uses a combination of a rigid stalk and flexible tethers to interact with lipids, cargo, and other ESCRT complexes over a span of approximately 25 nm. Expand