Haehyun Cho

haehyun@ssu.ac.kr
CV
Jan 2025

About

I'm an Assistant Professor and the co-Director of the Cyber Security Research Center in the School of Software at Soongsil University, Seoul, Korea. My primary research interests lie in the field of systems security to discover and mitigate security concerns. I am, also, passionate about analyzing, finding and resolving security issues in a wide range of topics.
I am actively looking for self-motivated students (including Ph.D., master, and undergraduate students). Please email me if you’re interested in cyber security research.

Some of Publications

  1. Satellite: Effective and Efficient Stack Memory Protection Scheme for Unsafe Programming Languages. (pdf)
    Hongjoo Jin, Sumin Yang, Moon Chan Park, Haehyun Cho, and Dong Hoon Lee.
    The 39th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2024), Edinburgh, United Kingdom, Jun 2024.
    *Best Paper Award
  2. DryJIN: Detecting Information Leaks in Android Applications. (pdf)
    Minseong Choi, Yubin Im, Steve Ko, Yonghwi Kwon, Yuseok Jeon, and Haehyun Cho.
    The 39th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2024), Edinburgh, United Kingdom, Jun 2024.
  3. Beyond Phish: Toward Detecting Scam Websites at Scale. (pdf)
    Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Rana Pourmohamad, Jorij Abraham, Ruoyu “Fish” Wang, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé.
    The 44th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2023.
  4. I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users From Phishing by Intentionally Triggering Cloaking Behavior. (pdf)
    Penghui Zhang, Zhibo Sun, Sukhwa Kyung, Hans Behrens, Zion Leonahenahe Basque, Haehyun Cho, Adam Oest, Ruoyu “Fish” Wang, Tiffany Bao, Yan Shoshitaishvili, Gail-Joon Ahn, and Adam Doupé.
    The 29th ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, Nov 2022.
  5. Dazzle-attack: Anti-Forensic Server-side Attack via Fail-free Dynamic State Machine. (pdf)
    Bora Lee, Kyungchan Lim, JiHo Lee, Chijung Jung, Doowon Kim, Kyu Hyung Lee, Haehyun Cho, and Yonghwi Kwon.
    The 23rd World Conference on Information Security Applications (WISA), Jeju Island, Republic of Korea, Aug 2022.
  6. Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. (pdf)
    Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupé, Tiffany Bao, and Yan Shoshitaishvili.
    The 31st USENIX Security Symposium (SEC), Boston, MA, Aug 2022.
  7. ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. (pdf)
    Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Lausanne, Switzerland, Feb–Mar 2022.
  8. Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem. (pdf)
    Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupé, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras.
    The 16th ACM ASIA Conference on Computer and Communications Security (ASIA CCS), Online, Jun 2021.
  9. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. (pdf)
    Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 42nd IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2021.
    *Best Student Paper Award
  10. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. (pdf, code)
    Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Yihui Zeng, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Adam Doupé, Gail-Joon Ahn, Yan Shoshitaishvili
    The 2021 Network and Distributed System Security Symposium (NDSS), Online, Feb 2021.
  11. Scam Pandemic: How Attackers Exploit Public Fear through Phishing. (to appear)
    Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 2020 APWG Symposium on Electronic Crime Research (eCrime), Online, Nov 2020.
  12. Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers. (pdf, code)
    Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 14th USENIX Workshop on Offensive Technologies (WOOT), Online, Aug 2020.
  13. SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture. (pdf, code)
    Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 18th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Online, Jun 2020.
  14. Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. (pdf, code)
    Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.
  15. Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling. (pdf, code)
    Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.