Insu Yun (윤인수)

Assistant Professor,
School of Electrical Engineering,
Korea Advanced Institute of Science and Technology (KAIST)

I am looking for motivated students in system and security research. Please drop me an email if you are interested in.

News

  • [09/04/2021] DoLTEst is conditionally accepted to Usenix Security '22!
  • [07/21/2021] HardsHeap is conditionally accepted to CCS'21!
  • [02/01/2021] I join KAIST Electrical Engineering as an assistant professor!
  • [01/20/2021] BaseSpec is accepted to NDSS'21.
  • [09/28/2020] FFmalloc is accepted to Usenix Security '21.
  • [05/01/2020] Our Pwn2Own 2020 winning submission for Safari is accepted to Black Hat USA 2020!
  • [03/18/2020] Our team won Pwn2Own 2020 by exploiting Apple Safari with a kernel privilege escalation ($70K)!
  • [02/07/2020] DIE is accepted to Oakland'20!

Publication

1. HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators (to appear) [code]
    Insu Yun, Woosun Song, Seunggi Min, and Taesoo Kim
    Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS)
    November 2021
2. Preventing Use-After-Free Attacks with Fast Forward Allocation [paper] [slides] [code]
    Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, JungWon Lim, Sanidhya Kashyap, and Taesoo Kim
    Proceedings of the 30th USENIX Security Symposium (Security)
    August 2021
3. BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols [paper] [slides] [code]
    Eunsoo Kim*, Dongkwan Kim*, Cheoljun Park, Insu Yun, and Yongdae Kim (* co-first)
    Proceedings of the 2021  Annual Network and Distributed System Security Symposium (NDSS)
    February 2021
4. Concolic Execution Tailored for Hybrid Fuzzing [paper] [slides]
    Insu Yun
    Ph.D. thesis, Georgia Institute of Technology
    December 2020
5. Automatic Techniques to Systematically Discover New Heap Exploitation Primitives [paper] [slides] [code]
    Insu Yun, Dhaval Kapil, and Taesoo Kim
    Proceedings of the 29th USENIX Security Symposium (Security)
    August 2020
6. Compromising the macOS kernel through Safari by chaining six vulnerabilities [slides] [code]
    Yonghwi Jin, Jungwon Lim, Insu Yun, and Taesoo Kim
    Black Hat USA Briefings (Black Hat USA)
    August 2020
7. Fuzzing JavaScript Engines with Aspect-preserving Mutation [paper] [slides]
    Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, and Taesoo Kim
    Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland)
    May 2020
8. REPT: Reverse Debugging of Failures in Deployed Software [paper] [slides]
    Weidong Cui, Xinyang Ge, Baris Kasikci, Ben Niu, Upamanyu Sharma, Ruoyu Wang, and Insu Yun (alphabetical)
    Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI)
    October 2018
     * Jay Lepreau Best Paper Award 
9. QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing [paper] [slides] [code]
    Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim
    Proceedings of the 27th USENIX Security Symposium (Security)
    August 2018
     * Distinguished Paper Award 
10. AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically [slides] [code]
    Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, and Taesoo Kim
    Black Hat USA Briefings (Black Hat USA)
    July 2017
11. CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [paper] [slides]
    Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim
    Proceedings of the 2017 USENIX Annual Technical Conference (ATC)
    July 2017
12. APISan: Sanitizing API Usages through Semantic Cross-checking [paper] [slides] [code]
    Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, and Mayur Naik
    Proceedings of the 25th USENIX Security Symposium (Security)
    August 2016
     * Nominated as a finalist in CSAW Best Applied Research Paper Award 2016 
13. HDFI: Hardware-Assisted Data-Fow Isolation [paper] [slides] [code]
    Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek
    Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland)
    May 2016
14. Analyzing Security of Korean USIM-based PKI Certificate Service 
    Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, and Yongdae Kim
    Proceedings of the 15th International Workshop on Information Security Applications (WISA)
    August 2014
15. Kargus: A Highly-scalable Software-based Intrusion Detection System [paper] [slides] [web]
    Muhammad Jamshed, Jihyung Lee, Sangwoo Moon, Insu Yun, Deokjin Kim, Sungryoul Lee, Yung Yi, and KyoungSoo Park
    Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS)
    October 2012

Awards

  1. Pwn2Own 2020, Apple Safari with a kernel privilege escalation (SSLab_Gatech, $70K), Mar 2020
  2. DEFCON 27 CTF, 8th grade (r00timentary), Las Vegas, NV, Aug 2019
  3. DEFCON 26 CTF, 1st grade (DEFKOR00T), Las Vegas, NV, Aug 2018
  4. DEFCON 24 CTF, 3rd grade (DEFKOR), Las Vegas, NV, Aug 2016
  5. DARPA Cyber Grand Challenge (CGC), 7th grade (Disekt), Las Vegas, NV, Aug 2016
  6. Whitehat contest 2015, 1st place (SysSec), Seoul, Korea, Nov 2015
  7. DEFCON 23 CTF, 1st place (DEFKOR), Las Vegas, NV, Aug 2015
  8. DEFCON 22 CTF, 10th place (GoN), Las Vegas, NV, Aug 2014
  9. SECCON CTF 2014, 1st place(TOEFL Beginner), Tokyo, Japan, Feb 2014
  10. Codegate CTF 2012, 3rd place (GoN), Seoul, Korea, Apr 2012
  11. Secuinside CTF 2011, 3rd place (GoN), Seoul, Korea, Oct 2011
  12. ISEC CTF 2011, 1st place (GoN), Seoul, Korea, Sep 2011
  13. DEFCON 18 CTF, 3rd place (KAIST@Postech), Las Vegas, NV, Aug 2010
  14. Codegate CTF 2010, 5th place (GoN), Seoul, Korea, Apr 2010
  15. KISA HDCON 2009, 2nd place (GoN), Seoul, Korea, May 2009
  16. Codegate CTF 2009, 4th place (GoN), Seoul, Korea, Apr 2009