Haehyun Cho

haehyun@ssu.ac.kr
CV
Mar 2023

About

I'm an Assistant Professor and the co-Director of the Cyber Security Research Center in the School of Software at Soongsil University, Seoul, Korea. My primary research interests lie in the field of systems security to discover and mitigate security concerns. I am, also, passionate about analyzing, finding and resolving security issues in a wide range of topics.
I am actively looking for self-motivated students (including Ph.D., master, and undergraduate students). Please email me if you’re interested in cyber security research.

News

Mar 2023: IEEE S&P 2023 accepted our paper "BEYOND PHISH: Toward Detecting Fraudulent e-Commerce Websites at Scale."
Apr 2022: ACM CCS 2022 accepted our paper "I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users From Phishing by Intentionally Triggering Cloaking Behavior."
Feb 2022: Usenix Security 2022 accepted our paper "Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability."
Nov 2021: ASPLOS 2022 accepted our paper "ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection."
May 2021: Awarded the Best Student Paper Award by IEEE S&P (Oakland) for our paper "CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing."
Feb 2021: ASIA CCS 2021 accepted our paper "Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem."
Nov 2020: NDSS 2021 accepted our paper "Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases."
Jul 2020: IEEE S&P 2021 accepted our paper "CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing."
Jul 2020: Usenix WOOT 2020 accepted our paper "Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers."
May 2020: Awarded the Engineering Graduate Fellowship by Ira A. Fulton Schools of Engineering, Arizona State University.
Mar 2020: ACM MobiSys 2020 accepted our paper "SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture."

Some of Publications

  1. Beyond Phish: Toward Detecting Scam Websites at Scale. (to appear)
    Marzieh Bitaab, Haehyun Cho, Adam Oest, Zhuoer Lyu, Wei Wang, Rana Pourmohamad, Jorij Abraham, Ruoyu “Fish” Wang, Tiffany Bao, Yan Shoshitaishvili, and Adam Doupé.
    The 44th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2023.
  2. I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users From Phishing by Intentionally Triggering Cloaking Behavior. (pdf)
    Penghui Zhang, Zhibo Sun, Sukhwa Kyung, Hans Behrens, Zion Leonahenahe Basque, Haehyun Cho, Adam Oest, Ruoyu “Fish” Wang, Tiffany Bao, Yan Shoshitaishvili, Gail-Joon Ahn, and Adam Doupé.
    The 29th ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, Nov 2022.
  3. Dazzle-attack: Anti-Forensic Server-side Attack via Fail-free Dynamic State Machine. (pdf)
    Bora Lee, Kyungchan Lim, JiHo Lee, Chijung Jung, Doowon Kim, Kyu Hyung Lee, Haehyun Cho, and Yonghwi Kwon.
    The 23rd World Conference on Information Security Applications (WISA), Jeju Island, Republic of Korea, Aug 2022.
  4. Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. (pdf)
    Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doupé, Tiffany Bao, and Yan Shoshitaishvili.
    The 31st USENIX Security Symposium (SEC), Boston, MA, Aug 2022.
  5. ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. (pdf)
    Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Lausanne, Switzerland, Feb–Mar 2022.
  6. Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem. (pdf)
    Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupé, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras.
    The 16th ACM ASIA Conference on Computer and Communications Security (ASIA CCS), Online, Jun 2021.
  7. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. (pdf)
    Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 42nd IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2021.
    *Best Student Paper Award
  8. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. (pdf, code)
    Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Yihui Zeng, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Adam Doupé, Gail-Joon Ahn, Yan Shoshitaishvili
    The 2021 Network and Distributed System Security Symposium (NDSS), Online, Feb 2021.
  9. Scam Pandemic: How Attackers Exploit Public Fear through Phishing. (to appear)
    Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 2020 APWG Symposium on Electronic Crime Research (eCrime), Online, Nov 2020.
  10. Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers. (pdf, code)
    Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 14th USENIX Workshop on Offensive Technologies (WOOT), Online, Aug 2020.
  11. SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture. (pdf, code)
    Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 18th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Online, Jun 2020.
  12. Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. (pdf, code)
    Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.
  13. Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling. (pdf, code)
    Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.