Haehyun Cho

haehyun@ssu.ac.kr
CV
Feb 2021

About

Assistant Professor in the School of Software at Soongsil University, Seoul, Korea.
My primary research interests lie in the field of systems security to discover and mitigate security concerns [3, 4, 5, 6]. I am, also, passionate about analyzing, finding and resolving security issues in a wide range of topics [1, 2, 7].

News

* Feb 2021: ASIA CCS 2021 accepted our paper "Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem."
* Nov 2020: NDSS 2021 accepted our paper "Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases."
* Jul 2020: IEEE S&P 2021 accepted our paper "CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing."
* Jul 2020: Usenix WOOT 2020 accepted our paper "Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers."
* May 2020: Awarded the Engineering Graduate Fellowship by Ira A. Fulton Schools of Engineering, Arizona State University.
* Mar 2020: ACM MobiSys 2020 accepted our paper "SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture."
* Mar 2020: Awarded the CIDSE Doctoral Fellowship by the School of Computing, Informatics, and Decisions Systems Engineering (CIDSE), Arizona State University.

Recent Publications

  1. Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem. (pdf)
    Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupé, Sooel Son, Gail-Joon Ahn, and Tudor Dumitras.
    The 16th ACM ASIA Conference on Computer and Communications Security (ASIA CCS), Online, Jun 2021.
  2. CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing. (pdf)
    Penghui Zhang, Adam Oest, Haehyun Cho, Zhibo Sun, RC Johnson, Brad Wardman, Shaown Sarker, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 42nd IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2021.
  3. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. (pdf, code)
    Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Yihui Zeng, Alexandros Kapravelos, Tiffany Bao, Ruoyu “Fish” Wang, Adam Doupé, Gail-Joon Ahn, Yan Shoshitaishvili
    The 2021 Network and Distributed System Security Symposium (NDSS), Online, Feb 2021.
  4. Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers. (pdf, code)
    Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 14th USENIX Workshop on Offensive Technologies (WOOT), Online, Aug 2020.
  5. SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture. (pdf, code)
    Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 18th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), Online, Jun 2020.
  6. Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. (pdf, code)
    Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.
  7. Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling. (pdf, code)
    Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    The 34th Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, USA, Dec 2018.