Brent Byunghoon Kang

Associate Professor

brentkang (at)  


Hojoon Lee

Postdoc Fellow

hjlee228 (at)


Jinsoo Jang

Postdoc Fellow

jisjang (at)


Suyeon Yoo

Ph.D. Student

yoosuyeon (at)


Kihwan Kim

Ph.D. Student

abc (at)


Dongjae Jeong

Ph.D. Student

jjp1018 (at)


Deokjin Kim

Ph.D. Student (at)


Jonghwan Kim

Ph.D. Student

zzoru (at)


Jiseong Noh

Ph.D. Student

jiseong.noh (at)


Daehee Jang

Ph.D. Student

daehee87 (at)


Changho Choi

Ph.D. Student

zpzigi (at)


Daegyeong Kim

Ph.D. Student (at)


Seungyong Yang

Ph.D. Student

syyang (at)


Jaehyuk Lee

Ph.D. Student

jhl9105 (at)


Nohyun Kwak

Ph.D. Student

nhkwak (at)


Yeseul Choi

Ph.D. Student
yschoi46 (at)


Seongman Lee

Ph.D. Student
augustus92 (at)


Kuenwhee Oh

Ph.D. Student
okw1003 (at)


Minjoon Park

Ph.D. Student

dinggul (at)


Youngkwang Han

Ph.D. Student

sft_glory (at) 


Gunwoo Kim

Master's Student

signal (at)


Chihyun Song

Master's Student

ian0371 (at)


Yunjong Jeong

Master's Student

yunjong (at)


Sejin Jeong

Master's Student



Soohun Kim

Master's Student

soohunkim (at)


Seokjoo Mun

Master's Student



Seungyeop Lee

Master's Student



Eunjae Park


eunjae (at)

Jisoo Lee


jisoo (at)

Hyojung Lee


hyojunglee (at)

Minsu Kim

Ph.D. Graduate in 2018

Sunjune Kong

M.S. Graduate in 2015

Seunghyeon Lee

M.S. Graduate in 2015


POLaR: Per-allocation Object Layout Randomization

Jonghwan Kim, Daehee Jang, Yunjong Jeong, Brent Byunghoon Kang

IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2019 [to appear]

A novel covert channel attack using memory encryption engine cache

Youngkwang Han and John Kim

Annual Design Automation Conference (DAC) 2019 [to appear]

Revisiting a Debug Facility for Mobile Device Security

Jinsoo Jang and Brent Byunghoon Kang

Design Automation Conference (DAC) 2019 [to appear]

In-process Memory Isolation Using Hardware Watchpoint

Jinsoo Jang and Brent Byunghoon Kang

Design Automation Conference (DAC) 2019 [to appear]

Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86

Lee, Hojoon and Song, Chihyun, Brent Byunghoon Kang

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security [PDF] [BIBTEX]

Domain Isolated Kernel: A lightweightsandbox for untrusted kernel extensions

Valentin J.M. Manes, Daehee Jang, Chanho Ryu, Brent Byunghoon Kang

Computers & Security 2018 [PDF] [BIBTEX]

FriSM: Malicious Exploit Kit Detection via a Feature-based String-Similarity Matching

S. Kim, Brent Byunghoon Kang

SecureComm 2018 [to appear]

Malicious URL protection based on attackers' habitual behavioral analysis

S. Kim, J. Kim, Brent Byunghoon Kang

Computers & Security 2018 [PDF] [BIBTEX]

Retrofitting the Partially Privileged Mode for TEE Communication Channel Protection

Jinsoo Jang and Brent Byunghoon Kang


A Dynamic Per-context Verification of Kernel Address Integrity from External Monitors

H. Lee, M. Kim, Y. Paek, Brent Byunghoon Kang

Computers & Security 2018 [PDF] [BIBTEX]

Domain Isolated Kernel: A lightweight sandbox for untrusted kernel extensions

Valentin J.M. Man`es, D. Jang, C. Ryu, Brent Byunghoon Kang

Computers & Security 2018 [PDF] [BIBTEX]

Hacking in Darkness: Return-oriented Programming against Secure Enclaves

J. Lee, J. Jang, Y. Jang, N. Kwak, Y. Choi, C. Choi, T. Kim, M. Peinado, Brent Byunghoon Kang

USENIX Security 2017 [PDF] [BIBTEX]

S-OpenSGX: A System-level Platform for Exploring SGX Enclave-Based Computing

C. Choi, N. Kwak, J. Jang, D. Jang, K. Oh, K. Kwag, Brent Byunghoon Kang

Computers & Security 2017 [PDF] [BIBTEX]

KI-Mon ARM: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object

Hojoon Lee, Hyungon Moon, Ingoo Heo, Daehee Jang, Jinsoo Jang, Kihwan Kim, Yunheung Paek, Brent Byunghoon Kang


Invi-server: Reducing the attack surfaces by making protected server invisible on networks

Jaehyun Park, Jiseong Noh, Myungchul Kim, Brent Byunghoon Kang

Computers & Security 2017 [PDF] [BIBTEX]

PrivateZone: Providing a Private Execution Environment using ARM TrustZone

Jinsoo Jang, Changho Choi, Jaehyuk Lee, Nohyun Kwak, Seongman Lee, Yeseul Choi, Brent Byunghoon Kang


On-demand Bootstrapping Mechanism for Isolated Cryptographic Operations on Commodity Accelerators

Yonggon Kim, Ohmin Kwon, Jinsoo Jang, Seongwook Jin, Hyeongboo Baek, Brent Byunghoon Kang, Hyunsoo Yoon

Computers & Security 2016 [PDF] [BIBTEX]

OpenSGX: An Open Platform for SGX Research

Prerit Jain† Soham Desai† Seongmin Kim⋆ Ming-Wei Shih†

JaeHyuk Lee⋆Changho Choi⋆ Young Shin⋆ Taesoo Kim† Brent Byunghoon Kang⋆ Dongsu Han⋆

NDSS Symposium 2016 (15.4%)  [PDF] [BIBTEX]

Vulnerabilities of network OS and mitigation with state-based permission system

J. Noh, S. Lee, J. Park, S. Shin, and B. Kang

Security and Communication Networks 2015 [PDF] [BIBTEX]

Detecting and Preventing Kernel Rootkit Attacks with Bus Snooping

H. Moon, H. Lee, I. Heo, K. Kim, Y. Paek and B. Kang 

IEEE Transactions on Dependable and Secure Computing [PDF] [BIBTEX]

Implementing an Application Specific Instruction-set Processor for System Level Dynamic Program Analysis Engines

I. Heo, M. Kim, Y. Lee, C. Choi, J. Lee, B. Kang, and Y. Paek

ACM Transactions on Design Automation of Electronic Systems [PDF] [BIBTEX]

Efficient Kernel Integrity Monitor Design for Commodity Mobile Application Processors

I. Heo, D. Jang, H. Moon, H. Cho, S. Lee, B. Kang, and Y. Paek

Journal of Semiconductor Technology and Science [PDF] [BIBTEX]

SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment 

J. Jang, S. Kong, M. Kim, D. Kim and B. Kang 

NDSS Symposium 2015 (Acceptance rate 16.6% (50/302)) [PDF] [BIBTEX] [PRESENTATION]

ATRA: Address Translation Redirection Attack against Hardware-based External Monitors 

D. Jang, H. Lee, M. Kim, D. H. Kim, D. G. Kim and B. Kang

ACM CCS 2014 (Acceptance rate 19.5% (114/585)) [PDF] [BIBTEX] [PRESENTATION]

Rosemary: A Robust, Secure, and High-performance Network Operating System 

S. Shin, Y. Song, T. Lee, S. Lee, J. Chung, P. Porras, V. Yegneswaran, J. Noh and B. Kang

ACM CCS 2014 (Acceptance rate 19.5% (114/585)) [PDF] [BIBTEX] 

KI-Mon: A Hardware-assisted Event-triggered Monitoring Platform for Mutable Kernel Object

H. Lee, H. Moon, D. Jang, K. Kim, J. Lee, Y. Paek and B. Kang

USENIX Security 2013 (Acceptance rate: 15.9% (44/277)) [PDF] [BIBTEX] 

Vigilare: Toward Snoop-based Kernel Integrity Monitor. 

H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek and B. Kang

ACM CCS 2012 (Acceptance rates: 17.2%, 14%, 18.9%) [PDF] [BIBTEX] 

DoubleGuard: Detecting Intrusions In Multi-tier Web Applications. 

M. Le, A. Stavrou, B. Kang

IEEE Transactions on Dependable and Secure Computing, July-Aug. 2012, Volume: 9, Issue: 4 Page(s): 512-525. 


Identifying Users with Application-Specific Command Streams 

A. El-Masri, P. Likarish, H. Wechsler, B. Kang

Twelfth Annual International Conference on Privacy, Security and Trust (PST 2014) July 2014, REGULAR paper. (Acceptance rate 47/161 = 29%) [PDF] [BIBTEX] 

Developing and Refining Infected-Host Enumeration Methods for Advanced Botnets

C. Nunnery and B. Kang

2012.12.25, Telecommunications Review, Vol. 22 Issue 6.

Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet. 

R. Weaver, C. Nunnery, G. Singaraju, and B. Kang

CERT FloCon 2011 

Towards Complete Node Enumeration in a Peer-to-Peer Botnet. 

B. Kang, E. Chan-Tin, C. Lee, J. Tyra, H. Kang, C. Nunnery, Z. Wadler, G. Sinclair, N. Hopper, D. Dagon and Y. Kim

ACM Symposium on Information, Computer & Communication Security (ASIACCS 2009) [PDF] [BIBTEX]

Hash History Approach for Reconciling Mutual Inconsistency

B. Kang, R. Wilensky, J. Kubiatowicz, Proceedings of 23rd International Conference on Distributed Computing Systems (ICDCS), 2003 (Acceptance rates: 17.7%, 17.7%, 13.8%) 


Network Support for Mobile Multimedia using a Self-adaptive Distributed Proxy

Z. Mao, H. So, B. Kang and R. Katz

Proceedings of 11th International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV), 2001 (Acceptance rates: 33.3%, 30.5%, 30%) 


Toward a Model of Self-administering Data

B. Kang and R. Wilensky

Proceedings of the first ACM/IEEE-CS Joint Conference on Digital Libraries (JCDL), 2001 (Acceptance rates: 30%, 25%, 33%)


Dissertation: “S2D2: A Framework for Scalable and Secure Optimistic Replication.”

B. Kang

Ph.D. Dissertation, 2004. UC Berkeley TechReport, UCB/CSD-04-1351, Committee: Robert Wilensky, John Kubiatowicz, Eric Brewer, and John Chuang Qualification Exam Area: Operating Systems (with Security) [PDF]


Filed by George Mason University, January 12, 2012. 

Sole Inventor, Publication number: US 2012/0180127, Publication date: July 12, 2012 

Entropy-Based Measurement of IP Address Inflation in the Waledac Botnet

R. Weaver, C. Nunnery, G. Singaraju, and B. Kang, CERT/CC (Computer Emergency Readiness Team) Proceedings of FloCon 2011. [PDF]

Tumbling Down the Rabbit Hole: Exploring the Idiosyncrasies of Botmaster Systems in a Multi-Tier Botnet Infrastructure. 

C. Nunnery, G. Sinclair and B. Kang


The Waledac Protocol: The How and Why. 

G. Sinclair, C. Nunnery and B. Kang

IEEE Malware 2009 [PDF]

Tracking Email Reputation for Authenticated Sender Identities. 

G. Singaraju, J. Moss and B. Kang

CEAS 2008 [PDF]

Concord: A Secure Mobile Data Authorization Framework for Regulatory Compliance. 

G. Singaraju and B. Kang

LISA 2008 [PDF]

RepuScore: Collaborative Reputation Management Framework for Email Infrastructure. 

G. Singaraju and B. Kang

LISA 2007 [PDF]

Peer-to-Peer Botnets: Overview and Case Study. 

J. Grizzard, V. Sharma, C. Nunnery, B. Kang and D. Dagon. 

(Cited by 340 times since its publication in Fall 2007)


Privilege Messaging: An Authorization Framework over Email Infrastructure

B. Kang , G. Singaraju, and S. Jain

USENIX 20th Large Installation System Administration Conference (USENIX LISA), 2006 [PDF]

RegColl: Centralized Registry Framework for Infrastructure System Management

B. Kang, V. Sharma, and P. Thanki

USENIX 19th Large Installation System Administration Conference (USENIX LISA), 2005 [PDF]

Decentralized Peer-to-Peer Botnet Architectures

B. Kang and C. Nunnery

Book Chapter: "Advances in Information & Intelligent Systems", 2009 Springer Studies in Computational Intelligence, SCI 251, pp. 251?264. Springer-Verlag Berlin Heidelberg 2009

Spam Detection Using Network-Level Characteristics 

B. Kang and G. Singaraju

Encyclopedia of Cryptography and Security, 2nd Edition, Springer 2011

Unpacking Malware 

B. Kang and G. Sinclair

Encyclopedia of Cryptography and Security, 2nd Edition, Springer 2011

DNS-Based Botnet Detection 

B. Kang and M. Lim

Encyclopedia of Cryptography and Security, 2nd Edition, Springer 2011

Dynamic Analysis Of Malware

B. Kang and A. Srivastava

Encyclopedia of Cryptography and Security, 2nd Edition, Springer 2011

Teaching Security With Network Testbeds

J. Mirkovic, M. Ryan, J. Hickey, K. Sklower, P. Reiher, P. Peterson, B. Kang, M. Chuah, D. Massey, G. Ragusa

SIGCOMM 2011 Education Workshop. 

(Also appeared in SIGCOMM Computer Communication Review)

Interactive simulation tools for information assurance education

H. Yu, K. Williams, J. Xu, X. Yuan, B. Chu, B. Kang, T. Kombol

Proceedings of the Second Annual Conference on Education in Information Security (ACEIS), 2009

Unified Table Approach for Typographic Rendering

B. Kang (Sole Author)

Electronic Publishing, Artistic Imaging, and Digital Typography, 7th International Conference on Raster Imaging and Digital Typography (RIDT), 1998, Lecture Notes in Computer Science (LNCS), Springer Verlag, St. Malo, France, 1998. Volume 1375/1998, 55-65, DOI: 10.1007/BFb0053262


IS632: Hypervisor System Security (Spring)

Hypervisor is a software platform that virtualizes computer hardware to support multiple instances of operating system running concurrently on a shared hardware system. Hypervisors are also widely used for cloud-based hosting service. This hypervisor platform can be utilized for higher degree of isolation for computer security monitoring and analysis. It provides an adequate environment for building kernel integrity monitors. This course will provide the fundamentals and inner-workings of hypervisors in the context of designing new security, monitoring, and analysis tools.

IS631: Kernel System Security (Fall)

Operating system kernel is the most critical component in the system as it provides the basic functionalities and the secure environment in which applications run and operate. In this course, the fundamentals of OS kernel and system programming, principles and operation of the open-source Linux operating system are taught with an emphasis on security aspect, so that students can acquire a comprehensive understanding of operating system kernel, analysis methods and countermeasures against various rootkit malware that compromise and manipulate operating system.

N5 2320 at KAIST,

291 Daehak-ro,

Yuseong-gu, Daejeon,

Republic of Korea 305-701

Phone: +82 (42) 350-8338