Associate Professor

Department of Electrical and Computer Engineering

Seoul National University (SNU)

CompSec Lab


Email: byoungyoung@snu.ac.kr

CV

PGP key


Short bio: I am an Associate Professor in Electrical and Computer Engineering at Seoul National University (SNU). I'm leading the CompSec Lab and associated with SOR. I am interested in general computer security and privacy related problems in general. My research focus is in systems security, namely attack mitigation, vulnerability finding, and confidential computing. More details can be found here


To prospective students: I'm looking for motivated students in system or security research. If you are interested in working with me, please contact me via byoungyoung@snu.ac.kr.

Honors and Awards

  • SOSP 2024 Best Paper Award, Nov. 2024
  • CCS 2023 Top Reviwer Award, ACM Conference on Computer and Communication Security, 2023
  • Ministerial citation for excellent researcher, Minister of Science and ICT (대한민국 과학기술부 장관 우수연구자 표창), 2020
  • Google ASPIRE Award ($30,000 award), 2019
  • Internet Defense Prize by Facebook and USENIX ($100,000 award), 2015
  • Qualified for DARPA Cyber Grand Challenge (Team Disekt, $750,000 award), 2015
  • Third place award by CSAW Best Applied Research Paper Award, 2015
  • Vulnerability Bounty Award by Firefox, Mozilla ($3,000 award), 2014
  • Vulnerability Bounty Award by Firefox, Mozilla ($3,000 award), 2013
  • Vulnerability Bounty Award by Chrome, Google ($3,000 award), 2013
  • The 8th place at DEFCON 19 CTF (Team PLUS@POSTECH), Las Vegas, USA, Aug. 2011
  • The 3rd place at DEFCON 17 CTF (Team PLUS@POSTECH), Las Vegas, USA, Aug. 2009
  • The 6th place at DEFCON 14 CTF (Team TheEastSea), Las Vegas, USA, Aug. 2006
  • 'Supereme Award' at Wowhacker Hacking Festival, Seoul, Korea, Jun. 2007
  • 'Special Prize' at KISA Hacking Defense Competition, Seoul, Korea, Mar. 2006
  • POSTECH Undergraduate Research Program Scholarship, 2005
  • Full undergraduate study scholarship, Korea Science and Engineering Foundation (KOSEF), 2003

Publication (Conference)

2025

  • DLBox: New Model Training Framework for Protecting Training Data (to appear)

    Jaewon Hur, Juheon Yi, Cheolwoo Myung, Sangyun Kim, Youngki Lee, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2025

  • Laputa: Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution (to appear)

    Byeongwook Kim⭑, Jaewon Hur⭑, Adil Ahmad, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2025

    ⭑ co-first authors

  • MalDev: Subverting Secure VM through Exploiting Address Translation Services (to appear)

    Sangyun Kim, Kyungwook Boo, Cheolwoo Myung, Sangho Lee, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2025

  • TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution (to appear) [ paper | code ]

    Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

    IEEE Symposium on Security and Privacy (SP) 2025

2024

  • PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux [ paper | slide | code ]

    Juhee Kim, Jinbum Park, Yoochan Lee, Chengyu Song, Taesoo Kim, and Byoungyoung Lee

    ACM Conference on Computer and Communications Security (CCS) 2024

  • OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access Reordering [ paper | slide | code ]

    Dae R. Jeong, Yewon Choi, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

    ACM Symposium on Operating Systems Principles (SOSP) 2024

    Best Paper Award at SOSP 2024 (link)

  • Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack [ slide ]

    Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

    BlackHat USA 2024

  • A Secure, Fast, and Resource-Efficient Serverless Platform with Function REWIND [ paper | slide ]

    Jaehyun Song, Bumsuk Kim, Minwoo Kwak, Byoungyoung Lee, Euiseong Seo, and Jinkyu Jeong

    USENIX Annual Technical Conference (ATC) 2024

  • SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer [ paper ]

    Gwangmu Lee, Duo Xu, Solmaz Salimi, Byoungyoung Lee, and Mathias Payer

    ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2024

2023

  • Metamong: Detecting Render-update Bugs in Web Browsers through Fuzzing [ paper | slide ]

    Suhwan Song, and Byoungyoung Lee

    ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2023

  • An Extensible Orchestration and Protection Framework for Confidential Cloud Computing [ paper | slide ]

    Adil Ahmad, Alex Schultz, Byoungyoung Lee, and Pedro Fonseca

    USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2023

  • SEGFUZZ: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing [ paper | code ]

    Dae R. Jeong, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

    IEEE Symposium on Security and Privacy (SP) 2023

  • GRAMINER: Fuzz Testing Gramine LibOS to Harden the Trusted Computing Base [ paper ]

    Jaewon Hur, and Byoungyoung Lee

    Workshop on System Software for Trusted Execution (SysTEX) 2023

  • Extending a Hand to Attackers: Browser Privilege Escalation Attacks via Extensions [ paper ]

    Young Min Kim, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2023

  • Pspray: Timing Side-Channel based Linux Kernel Heap Exploitation Technique [ paper ]

    Yoochan Lee, Jinhan Kwak, Junesoo Kang, Yuseok Jeon, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2023

  • Diagnosing Kernel Concurrency Failures with AITIA [ paper ]

    Dae R. Jeong, Minkyu Jung, Yoochan Lee, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

    ACM EuroSys Conference (EuroSys) 2023

2022

  • Perfect Spray: A Journey From Finding a New Type of Logical Flaw at Linux Kernel To Developing a New Heap Exploitation Technique

    Yoochan Lee, Byoungyoung Lee, Yuseok Jeon, Jinhan Kwak, and Junesoo Kang

    BlackHat Europe 2022

  • SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities [ paper | slide | code ]

    Jaewon Hur, Suhwan Song, Sunwoo Kim, and Byoungyoung Lee

    ACM Conference on Computer and Communications Security (CCS) 2022

  • FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing [ paper | slide | code ]

    Sunwoo Kim, Young Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2022

  • SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis [ paper | slide ]

    Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Yuxuan Chen, Chengyu Song, Byoungyoung Lee, Heng Yin, and Insik Shin

    USENIX Security Symposium (Security) 2022

  • MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference [ paper | slide ]

    Cheolwoo Myung, Gwangmu Lee, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2022

  • R2Z2: Detecting Rendering Regressions in Web Browsers through Differential Fuzz Testing [ paper | slide ]

    Suhwan Song, Jaewon Hur, Sunwoo Kim, Philip Rogers, and Byoungyoung Lee

    IEEE/ACM International Conference on Software Engineering (ICSE) 2022

  • FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks [ paper ]

    Kyungtae Kim, Taegyu Kim, Ertza Warraich, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, and Dave (Jing) Tian

    IEEE Symposium on Security and Privacy (SP) 2022

2021

  • DiFuzzRTL: Differential Fuzz Testing to Find CPU Bugs [ paper | slide | code ]

    Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, and Byoungyoung Lee

    IEEE Symposium on Security and Privacy (SP) 2021

  • ExpRace: Exploiting Kernel Races through Raising Interrupts [ paper | slide ]

    Yoochan Lee, Changwoo Min, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2021

  • Constraint-guided Directed Greybox Fuzzing [ paper | slide ]

    Gwangmu Lee, Woochul Shim, and Byoungyoung Lee

    USENIX Security Symposium (Security) 2021

  • M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [ paper ]

    Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave Tian

    USENIX Security Symposium (Security) 2021

  • KARD: Lightweight Data Race Detection with Per-Thread Memory Protection [ paper ]

    Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee

    International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2021

  • Chancel: Efficient Multi-client Isolation Under Adversarial Programs [ paper | slide ]

    Adil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2021

2020

  • BlackMirror: Preventing Wallhacks in 3D Online FPS Games [ paper | slide ]

    Seonghyun Park, Adil Ahmad, and Byoungyoung Lee

    ACM Conference on Computer and Communications Security (CCS) 2020

  • TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA [ paper | slide ]

    Hyunyoung Oh, Adil Ahmad, Seonghyun Park, Byoungyoung Lee, and Yunheung Paek

    ACM Conference on Computer and Communications Security (CCS) 2020

  • Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors [ paper ]

    Kyungtae Kim, Chung Hwan Kim, Junghwan Rhee, Xiao Yu, Haifeng Chen, Dave Tian, and Byoungyoung Lee

    ACM Symposium on Cloud Computing (SoCC) 2020

  • A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains [ paper ]

    Duc V. Le, Lizzy Tengana Hurtado, Adil Ahmad, Mohsen Minaei, Byoungyoung Lee, and Aniket Kate

    Privacy Enhancing Technologies Symposium (PETS) 2020

  • CrFuzz: Fuzzing Multi-purpose Programs through Input Validation [ paper ]

    Suhwan Song, Chengyu Song, Yeongjin Jang, and Byoungyoung Lee

    ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2020

  • Exploiting Kernel Races through Taming Thread Interleaving [ paper ]

    Yoochan Lee, Changwoo Min, and Byoungyoung Lee

    BlackHat USA 2020

  • HFL: Hybrid Fuzzing on the Linux Kernel [ paper | slide ]

    Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2020

2019

  • uXOM: Efficient eXecute-Only Memory on ARM Cortex-M [ paper | slide ]

    Donghyun Kwon, Jangseop Shin, Giyeol Kim, Byoungyoung Lee, Yeongpil Cho, and Yunheung Paek

    USENIX Security Symposium (Security) 2019

  • All Your Clicks Belong to Me: Investigating Click Interception on the Web [ paper ]

    Mingxue Zhang, Wei Meng, Sangho Lee, Byoungyoung Lee, and Xinyu Xing

    USENIX Security Symposium (Security) 2019

  • Razzer: Finding Kernel Race Bugs through Fuzzing [ paper | slide | code ]

    Dae R. Jeong, Kyungtae Kim, Basavesh Ammanaghatta Shivakumar, Byoungyoung Lee, and Insik Shin

    IEEE Symposium on Security and Privacy (SP) 2019

  • PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications [ paper ]

    Yuseok Jeon, Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, and Zhenyu Wu

    ACM Conference on Data and Application Security and Privacy (CODASPY) 2019

  • OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX [ paper | slide | code ]

    Adil Ahmad⭑, Byunggill Joe⭑, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2019

    ⭑ co-first authors

2018

  • Obliviate: A Data Oblivious Filesystem for Intel SGX [ paper | slide ]

    Adil Ahmad, Kyungtae Kim, Muhammad Sarfaraz, and Byoungyoung Lee

    Network and Distributed System Security Symposium (NDSS) 2018

  • Securing Real-Time Microcontroller Systems through Customized Memory View Switching [ paper | slide | code ]

    Chunghwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu

    Network and Distributed System Security Symposium (NDSS) 2018

  • Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing [ paper | slide | code ]

    Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, and Insik Shin

    Network and Distributed System Security Symposium (NDSS) 2018

2017

  • HexType: Efficient Detection of Type Confusion Errors for C++ [ paper | slide | code ]

    Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, and Mathias Payer

    ACM Conference on Computer and Communications Security (CCS) 2017

  • CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [ paper | slide ]

    Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim

    USENIX Annual Technical Conference (ATC) 2017

  • SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs [ paper | slide | code ]

    Jaebaek Seo, Byoungyoung Lee, Sungmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim

    Network and Distributed System Security Symposium (NDSS) 2017

2016

  • Instant OS Updates via Userspace Checkpoint-and-Restart [ paper | slide ]

    Sanidhya Kashyap, Changwoo Min, Byoungyoung Lee, Taesoo Kim, and Pavel Emelyanov

    USENIX Annual Technical Conference (ATC) 2016

  • HDFI: Hardware-assisted Data-Flow Isolation [ paper | slide | code ]

    Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek

    IEEE Symposium on Security and Privacy (SP) 2016

  • TrackMeOrNot: Enabling Flexible Control on Web Tracking [ paper | code ]

    Wei Meng, Byoungyoung Lee, Xinyu Xing, and Wenke Lee

    International Conference on World Wide Web (WWW) 2016

  • Enforcing Kernel Security Invariants with Data Flow Integrity [ paper | slide | code ]

    Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee

    Network and Distributed System Security Symposium (NDSS) 2016

2015

  • ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [ paper | slide | code ]

    Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee

    ACM Conference on Computer and Communications Security (CCS) 2015

  • Cross-checking Semantic Correctness: The Case of Finding File System Bugs [ paper | slide ]

    Changwoo Min, Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, and Taesoo Kim

    ACM Symposium on Operating Systems Principles (SOSP) 2015

  • Type Casting Verification: Stopping an Emerging Attack Vector [ paper | slide | code | demo ]

    Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee

    USENIX Security Symposium (Security) 2015

    Internet Defense Prize by Facebook and USENIX (link)

    Top 10 Finalists by CSAW Best Applied Research Paper Award (link)

  • Understanding Malvertising Through Ad-Injecting Browser Extensions [ paper ]

    Xinyu Xing, Wei Meng, Byoungyoung Lee, Udi Weinsberg, Anmol Sheth, Roberto Perdisci, and Wenke Lee

    International Conference on World Wide Web (WWW) 2015

  • Preventing Use-after-free with Dangling Pointers Nullification [ paper | slide | demo ]

    Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee

    Network and Distributed System Security Symposium (NDSS) 2015

    Third place award by CSAW Best Applied Research Paper Award (link)

2014

  • Abusing Performance Optimization Weaknesses to Bypass ASLR [ slide ]

    Byoungyoung Lee, Yeongjin Jang, Tielei Wang, Chengyu Song, Long Lu, Taesoo Kim, and Wenke Lee

    BlackHat USA 2014

  • Exploiting Unpatched iOS Vulnerabilities for Fun and Profit [ slide ]

    Yeongjin Jang, Tielei Wang, Byoungyoung Lee, and Billy Lau

    BlackHat USA 2014

  • From Zygote to Morula: Fortifying weakened ASLR on Android [ paper | slide | code ]

    Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee

    IEEE Symposium on Security and Privacy (SP) 2014

2011

  • Protecting Location Privacy Using Location Semantics [ paper | code ]

    Byoungyoung Lee, Jinoh Oh, Hwanjo Yu, and Jong Kim

    ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) 2011

2010

  • binOb+: A Framework for Potent and Stealthy Binary Obfuscation [ paper ]

    Byoungyoung Lee, Yuna Kim, and Jong Kim

    ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2010

Publication (Journal)

2019

  • PrOS: Light-weight Privatized Secure OSes in ARM TrustZone [ paper ]

    Donghyun Kwon, Jiwon Seo, Yeongpil Cho, Byoungyoung Lee, and Yunheung Paek

    IEEE Transactions on Mobile Computing 2019

2016

  • Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [ paper ]

    Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim

    ACM Computing Surveys (CSUR) 2016

Teaching

Students Advising

Alumni

  • Yuseok Jeon, PhD at Purdue, co-advised with Mathias Payer. Interned at Intel. Now assistant professor at UNIST
  • Adil Ahmad, PhD at Purdue, co-advised with Pedro Fonseca. Interned at NEC and Microsoft Research. Now Assistant Professor at Arizona State University (2022 Sep)
  • Gwangmu Lee, PhD (2022 Feb), Now Postdoc at EPFL
  • Kyungtae Kim, PhD at Purdue (2022 Aug), co-advised with Dave Tian. Assistant professor at Dartmouth
  • Jaewon Hur, PhD (2023 Aug). Now at SNU as PostDoc
  • Seonghyun Park, MS (2022 Feb). Now at Amazon
  • Sunwoo Kim, MS (2022 Feb). Now at Samsung Research
  • Jinwoo Lee, MS (2022 Aug). Now at Healthhub
  • Jinhan Kwak, MS (2023 Feb). Now at Start-up
  • ByeongWook Kim, MS (2024 Feb). Now at SK hynix
  • Hyokyung Kim, MS (2024. Aug).

Visitors

  • Jaeback Seo (2018, PhD at KAIST, Now at Google)
  • Yuxuan Chen (2018, Undergraduate at Purdue, Now at Facebook)
  • Wookhyun Han (2018, PhD student at KAIST, Interned at Google, Now at Amazon)
  • Byunggill Joe (2018, PhD student at KAIST)
  • Muhammad Ihsanulhaq Sarfaraz (2017, PhD student at Purdue EE)