Fuzzing@Home is the first public/collaborative distributed fuzzing network, based on heterogeneous machines owned by potentially untrusted users. We build additional features on top of Google's ClusterFuzz to support untrusted/heterogeneous machines as a part of distributed network.
Daehee Jang, Ammar Askar, Insu Yun, Stephen Tong, Yiqin Cai, Taesoo Kim
25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
Address Space Layout Randomization (ASLR) is de-facto standard exploit mitigation technique. Ironically, although exceptional,there are rare edge cases where ASLR becomes handy for memory exploitation. This research dig into such theoretical set of cases and name it as BadASLR.
Daehee Jang
ELSEVIER Computers and Security Journal (Volume 112, January 2022, 102510)
Modern heap exploits often abuse the determinism in word alignment, and modern CPU architecture better supports unaligned access (since Nehalem). Based on such new developments, this research conducts an in-depth analysis of evaluating the efficacy of byte-granularity heap randomization.
Daehee Jang, Jonghwan Kim, Hojoon Lee, Minjoon Park, Yunjong Jung, Minsu Kim, Brent Byunghoon Kang
IEEE Transactions on Dependable and Secure Computing (Volume 18, Issue 5, 01 Sept.-Oct. 2021)
This research proposes new anti-emulation techniques that leverage CPU architecture properties such as instruction atomicity, memory alignment. To confirm the effectiveness, the paper applied its idea against 176 real Android devices in Amazon Device Farm and system emulators.
Daehee Jang, Yunjong Jung, Sungman Lee, Minjoon Park, Donguk Kim, Kuenhwan Kwak, Brent Byunghoon Kang
ELSEVIER Computers and Security Journal (Volume 83, June 2019, Pages 182-200)
Fuzzability Testing Framework for Incomplete Firmware Binary
Jiwon Jang, Gyeongjin Son, Hyeonsu Lee, Deokjin Kim, Sangwook Lee, Seongmin Kim, Daehee Jang
IEEE Access (Volume 11. 2023)
Detection Enhancement for Various Deepfake Types Based on Residual Noise and Manipulation Traces
Jihyeon Kang, Sangkeun Ji, Sangyeong Lee, Daehee Jang, Jong-Uk Hou
IEEE Access (Volume 10. 2022)
Fuzzing@Home: Distributed Fuzzing on Untrusted Heterogeneous Clients
Daehee Jang, Ammar Askar, Insu Yun, Stephen Tong, Yiqin Cai, Taesoo Kim
25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022)
Efficient Generation of Program Execution Hash
Eunyeong Ahn, Sunjin Kim, Saerom Park, Jong-Uk Hou, Daehee Jang
IEEE Access (Volume 10. 2022)
Badaslr: Exceptional cases of ASLR aiding exploitation
Daehee Jang
ELSEVIER Computers and Security Journal (Volume 112, January 2022, 102510)
EmuID: Detecting presence of emulation through microarchitectural characteristic on ARM
Yeseul Choi, Yunjong Jeong, Daehee Jang, Brent Byunghoon Kang, Hojoon Lee
ELSEVIER Computers and Security Journal (Volume 113, February 2022, 102569)
Preventing Use-After-Free Attacks with Fast Forward Allocation
Brian Wickman, Hong Hu, Insu Yun, Daehee Jang, JungWon Lim, Sanidhya Kashyap, Taesoo Kim
USENIX Security (2021)
On the Analysis of Byte-Granularity Heap Randomization
Daehee Jang, Jonghwan Kim, Hojoon Lee, Minjoon Park, Yunjong Jung, Minsu Kim, Brent Byunghoon Kang
IEEE Transactions on Dependable and Secure Computing (Volume 18, Issue 5, 01 Sept.-Oct. 2021)
Fuzzing JavaScript Engines with Aspect-preserving Mutation
Soyeon Park, Wen Xu, Insu Yun, Daehee Jang, Taesoo Kim
IEEE Symposium on Security and Privacy (2020)
PoLaR: Per-allocation Object Layout Randomization
Jonghwan Kim, Daehee Jang, Yunjong Jeong, Brent Byunghoon Kang
IEEE/IFIP International Conference on Dependable Systems and Networks (2019)
KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object
Hojoon Lee, Hyungon Moon, Ingoo Heo, Daehee Jang, Jinsoo Jang, Kihwan Kim, Yunheung Paek
IEEE Transactions on Dependable and Secure Computing (Volume 16, Issue 2, 01 March-April 2019)
Rethinking anti-emulation techniques for large-scale software deployment
Daehee Jang, Yunjong Jung, Sungman Lee, Minjoon Park, Donguk Kim, Kuenhwan Kwak, Brent Byunghoon Kang
ELSEVIER Computers and Security Journal (Volume 83, June 2019, Pages 182-200)
SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure
Deokjin Kim, Daehee Jang (co-first), Minjoon Park, Yunjong Jung, Jonghwan Kim, Seokjin Choi, Brent Byunghoon Kang
ELSEVIER Computers and Security Journal (Volume 82, May 2019, Pages 118-139)
Domain Isolated Kernel: A lightweight sandbox for untrusted kernel extensions
Valentin J.M. Manes, Daehee Jang, Brent Byunghoon Kang, Chanho Ryu
ELSEVIER Computers and Security Journal (Volume 74, May 2018, Pages 130-143)
S-OpenSGX: A system-level platform for exploring SGX enclave-based computing
Changho Choi, Nohyun Kwak, Jinsoo Jang, Daehee Jang, Kuenwhee Oh, Kyungsoo Kwag, Brent Byunghoon Kang
ELSEVIER Computers and Security Journal (Volume 70, September 2017, Pages 290-306)
ATRA: Address Translation Redirection Attack against Hardware-based External Monitors
Daehee Jang, Hojoon Lee, Minsu Kim, Daehyeok Kim, Daegyeong Kim, Brent Byunghoon Kang
ACM Conference on Computer and Communications Security (2014)
KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object
Hojoon Lee, HyunGon Moon, Daehee Jang, Kihwan Kim, Jihoon Lee, Yunheung Paek, Brent ByungHoon Kang
USENIX Security (2013)