Byoungyoung Lee @SNU

Associate Professor

Department of Electrical and Computer Engineering

Seoul National University (SNU)

CompSec Lab

Email: byoungyoung@snu.ac.kr

CV

PGP key

Short bio: I am an Associate Professor in Electrical and Computer Engineering at Seoul National University (SNU). I'm leading the CompSec Lab and associated with SOR. I am interested in general computer security and privacy related problems in general. My research focus is in systems security, namely attack mitigation, vulnerability finding, and confidential computing. More details can be found here

To prospective students: I'm looking for motivated students in system or security research. If you are interested in working with me, please contact me via byoungyoung@snu.ac.kr.

Honors and Awards

CCS 2023 Top Reviwer Award, ACM Conference on Computer and Communication Security, 2023
Ministerial citation for excellent researcher, Minister of Science and ICT (대한민국 과학기술부 장관 우수연구자 표창), 2020
Google ASPIRE Award ($30,000 award), 2019
Internet Defense Prize by Facebook and USENIX ($100,000 award), 2015
Qualified for DARPA Cyber Grand Challenge (Team Disekt, $750,000 award), 2015
Third place award by CSAW Best Applied Research Paper Award, 2015
Vulnerability Bounty Award by Firefox, Mozilla ($3,000 award), 2014
Vulnerability Bounty Award by Firefox, Mozilla ($3,000 award), 2013
Vulnerability Bounty Award by Chrome, Google ($3,000 award), 2013
The 8th place at DEFCON 19 CTF (Team PLUS@POSTECH), Las Vegas, USA, Aug. 2011
The 3rd place at DEFCON 17 CTF (Team PLUS@POSTECH), Las Vegas, USA, Aug. 2009
The 6th place at DEFCON 14 CTF (Team TheEastSea), Las Vegas, USA, Aug. 2006
'Supereme Award' at Wowhacker Hacking Festival, Seoul, Korea, Jun. 2007
'Special Prize' at KISA Hacking Defense Competition, Seoul, Korea, Mar. 2006
POSTECH Undergraduate Research Program Scholarship, 2005
Full undergraduate study scholarship, Korea Science and Engineering Foundation (KOSEF), 2003

Publication (Conference)

2025

MalDev: Subverting Kernel and Secure VM through Exploiting Address Translation Services (to appear)

Sangyun Kim, Kyungwook Boo, Cheolwoo Myung, Sangho Lee, and Byoungyoung Lee

USENIX Security Symposium (Security) 2025
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution (to appear) [ code ]

Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

IEEE Symposium on Security and Privacy (SP) 2025

2024

PeTAL: Ensuring Access Control Integrity against Data-only Attacks on Linux (to appear) [ code ]

Juhee Kim, Jinbum Park, Yoochan Lee, Chengyu Song, Taesoo Kim, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2024
OZZ: Identifying Kernel Out-of-Order Concurrency Bugs with In-Vivo Memory Access Reordering (to appear)

Dae R. Jeong, Yewon Choi, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

ACM Symposium on Operating Systems Principles (SOSP) 2024
Bypassing ARM's Memory Tagging Extension with a Side-Channel Attack

Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee

BlackHat USA 2024
A Secure, Fast, and Resource-Efficient Serverless Platform with Function REWIND

Jaehyun Song, Bumsuk Kim, Minwoo Kwak, Byoungyoung Lee, Euiseong Seo, and Jinkyu Jeong

USENIX Annual Technical Conference (ATC) 2024
SyzRisk: A Change-Pattern-Based Continuous Kernel Regression Fuzzer

Gwangmu Lee, Duo Xu, Solmaz Salimi, Byoungyoung Lee, and Mathias Payer

ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2024

2023

Metamong: Detecting Render-update Bugs in Web Browsers through Fuzzing [ paper | slide ]

Suhwan Song, and Byoungyoung Lee

ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2023
An Extensible Orchestration and Protection Framework for Confidential Cloud Computing [ paper | slide ]

Adil Ahmad, Alex Schultz, Byoungyoung Lee, and Pedro Fonseca

USENIX Symposium on Operating Systems Design and Implementation (OSDI) 2023
SEGFUZZ: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing [ paper | code ]

Dae R. Jeong, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

IEEE Symposium on Security and Privacy (SP) 2023
GRAMINER: Fuzz Testing Gramine LibOS to Harden the Trusted Computing Base [ paper ]

Jaewon Hur, and Byoungyoung Lee

Workshop on System Software for Trusted Execution (SysTEX) 2023
Extending a Hand to Attackers: Browser Privilege Escalation Attacks via Extensions [ paper ]

Young Min Kim, and Byoungyoung Lee

USENIX Security Symposium (Security) 2023
Pspray: Timing Side-Channel based Linux Kernel Heap Exploitation Technique [ paper ]

Yoochan Lee, Jinhan Kwak, Junesoo Kang, Yuseok Jeon, and Byoungyoung Lee

USENIX Security Symposium (Security) 2023
Diagnosing Kernel Concurrency Failures with AITIA [ paper ]

Dae R. Jeong, Minkyu Jung, Yoochan Lee, Byoungyoung Lee, Insik Shin, and Youngjin Kwon

ACM EuroSys Conference (EuroSys) 2023

2022

Perfect Spray: A Journey From Finding a New Type of Logical Flaw at Linux Kernel To Developing a New Heap Exploitation Technique

Yoochan Lee, Byoungyoung Lee, Yuseok Jeon, Jinhan Kwak, and Junesoo Kang

BlackHat Europe 2022
SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities [ paper | slide | code ]

Jaewon Hur, Suhwan Song, Sunwoo Kim, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2022
FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing [ paper | slide | code ]

Sunwoo Kim, Young Min Kim, Jaewon Hur, Suhwan Song, Gwangmu Lee, and Byoungyoung Lee

USENIX Security Symposium (Security) 2022
SYMSAN: Time and Space Efficient Concolic Execution via Dynamic Data-flow Analysis [ paper | slide ]

Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Yuxuan Chen, Chengyu Song, Byoungyoung Lee, Heng Yin, and Insik Shin

USENIX Security Symposium (Security) 2022
MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference [ paper | slide ]

Cheolwoo Myung, Gwangmu Lee, and Byoungyoung Lee

USENIX Security Symposium (Security) 2022
R2Z2: Detecting Rendering Regressions in Web Browsers through Differential Fuzz Testing [ paper | slide ]

Suhwan Song, Jaewon Hur, Sunwoo Kim, Philip Rogers, and Byoungyoung Lee

IEEE/ACM International Conference on Software Engineering (ICSE) 2022
FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks [ paper ]

Kyungtae Kim, Taegyu Kim, Ertza Warraich, Byoungyoung Lee, Kevin Butler, Antonio Bianchi, and Dave (Jing) Tian

IEEE Symposium on Security and Privacy (SP) 2022

2021

DiFuzzRTL: Differential Fuzz Testing to Find CPU Bugs [ paper | slide | code ]

Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, and Byoungyoung Lee

IEEE Symposium on Security and Privacy (SP) 2021
ExpRace: Exploiting Kernel Races through Raising Interrupts [ paper | slide ]

Yoochan Lee, Changwoo Min, and Byoungyoung Lee

USENIX Security Symposium (Security) 2021
Constraint-guided Directed Greybox Fuzzing [ paper | slide ]

Gwangmu Lee, Woochul Shim, and Byoungyoung Lee

USENIX Security Symposium (Security) 2021
M2MON: Building an MMIO-based Security Reference Monitor for Unmanned Vehicles [ paper ]

Arslan Khan, Hyungsub Kim, Byoungyoung Lee, Dongyan Xu, Antonio Bianchi, and Dave Tian

USENIX Security Symposium (Security) 2021
KARD: Lightweight Data Race Detection with Per-Thread Memory Protection [ paper ]

Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee

International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2021
Chancel: Efficient Multi-client Isolation Under Adversarial Programs [ paper | slide ]

Adil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2021

2020

BlackMirror: Preventing Wallhacks in 3D Online FPS Games [ paper | slide ]

Seonghyun Park, Adil Ahmad, and Byoungyoung Lee

ACM Conference on Computer and Communications Security (CCS) 2020
TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA [ paper | slide ]

Hyunyoung Oh, Adil Ahmad, Seonghyun Park, Byoungyoung Lee, and Yunheung Paek

ACM Conference on Computer and Communications Security (CCS) 2020
Vessels: Efficient and Scalable Deep Learning Prediction on Trusted Processors [ paper ]

Kyungtae Kim, Chung Hwan Kim, Junghwan Rhee, Xiao Yu, Haifeng Chen, Dave Tian, and Byoungyoung Lee

ACM Symposium on Cloud Computing (SoCC) 2020
A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains [ paper ]

Duc V. Le, Lizzy Tengana Hurtado, Adil Ahmad, Mohsen Minaei, Byoungyoung Lee, and Aniket Kate

Privacy Enhancing Technologies Symposium (PETS) 2020
CrFuzz: Fuzzing Multi-purpose Programs through Input Validation [ paper ]

Suhwan Song, Chengyu Song, Yeongjin Jang, and Byoungyoung Lee

ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE) 2020
Exploiting Kernel Races through Taming Thread Interleaving [ paper ]

Yoochan Lee, Changwoo Min, and Byoungyoung Lee

BlackHat USA 2020
HFL: Hybrid Fuzzing on the Linux Kernel [ paper | slide ]

Kyungtae Kim, Dae R. Jeong, Chung Hwan Kim, Yeongjin Jang, Insik Shin, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2020

2019

uXOM: Efficient eXecute-Only Memory on ARM Cortex-M [ paper | slide ]

Donghyun Kwon, Jangseop Shin, Giyeol Kim, Byoungyoung Lee, Yeongpil Cho, and Yunheung Paek

USENIX Security Symposium (Security) 2019
All Your Clicks Belong to Me: Investigating Click Interception on the Web [ paper ]

Mingxue Zhang, Wei Meng, Sangho Lee, Byoungyoung Lee, and Xinyu Xing

USENIX Security Symposium (Security) 2019
Razzer: Finding Kernel Race Bugs through Fuzzing [ paper | slide | code ]

Dae R. Jeong, Kyungtae Kim, Basavesh Ammanaghatta Shivakumar, Byoungyoung Lee, and Insik Shin

IEEE Symposium on Security and Privacy (SP) 2019
PoLPer: Process-Aware Restriction of Over-Privileged Setuid Calls in Legacy Applications [ paper ]

Yuseok Jeon, Junghwan Rhee, Chung Hwan Kim, Zhichun Li, Mathias Payer, Byoungyoung Lee, and Zhenyu Wu

ACM Conference on Data and Application Security and Privacy (CODASPY) 2019
OBFUSCURO: A Commodity Obfuscation Engine on Intel SGX [ paper | slide | code ]

Adil Ahmad⭑, Byunggill Joe⭑, Yuan Xiao, Yinqian Zhang, Insik Shin, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2019

⭑ co-first authors

2018

Obliviate: A Data Oblivious Filesystem for Intel SGX [ paper | slide ]

Adil Ahmad, Kyungtae Kim, Muhammad Sarfaraz, and Byoungyoung Lee

Network and Distributed System Security Symposium (NDSS) 2018
Securing Real-Time Microcontroller Systems through Customized Memory View Switching [ paper | slide | code ]

Chunghwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu

Network and Distributed System Security Symposium (NDSS) 2018
Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing [ paper | slide | code ]

Wookhyun Han, Byunggill Joe, Byoungyoung Lee, Chengyu Song, and Insik Shin

Network and Distributed System Security Symposium (NDSS) 2018

2017

HexType: Efficient Detection of Type Confusion Errors for C++ [ paper | slide | code ]

Yuseok Jeon, Priyam Biswas, Scott Carr, Byoungyoung Lee, and Mathias Payer

ACM Conference on Computer and Communications Security (CCS) 2017
CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [ paper | slide ]

Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim

USENIX Annual Technical Conference (ATC) 2017
SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs [ paper | slide | code ]

Jaebaek Seo, Byoungyoung Lee, Sungmin Kim, Ming-Wei Shih, Insik Shin, Dongsu Han, and Taesoo Kim

Network and Distributed System Security Symposium (NDSS) 2017

2016

Instant OS Updates via Userspace Checkpoint-and-Restart [ paper | slide ]

Sanidhya Kashyap, Changwoo Min, Byoungyoung Lee, Taesoo Kim, and Pavel Emelyanov

USENIX Annual Technical Conference (ATC) 2016
HDFI: Hardware-assisted Data-Flow Isolation [ paper | slide | code ]

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek

IEEE Symposium on Security and Privacy (SP) 2016
TrackMeOrNot: Enabling Flexible Control on Web Tracking [ paper | code ]

Wei Meng, Byoungyoung Lee, Xinyu Xing, and Wenke Lee

International Conference on World Wide Web (WWW) 2016
Enforcing Kernel Security Invariants with Data Flow Integrity [ paper | slide | code ]

Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee

Network and Distributed System Security Symposium (NDSS) 2016

2015

ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [ paper | slide | code ]

Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee

ACM Conference on Computer and Communications Security (CCS) 2015
Cross-checking Semantic Correctness: The Case of Finding File System Bugs [ paper | slide ]

Changwoo Min, Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, and Taesoo Kim

ACM Symposium on Operating Systems Principles (SOSP) 2015
Type Casting Verification: Stopping an Emerging Attack Vector [ paper | slide | code | demo ]

Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee

USENIX Security Symposium (Security) 2015

Internet Defense Prize by Facebook and USENIX (link)

Top 10 Finalists by CSAW Best Applied Research Paper Award (link)
Understanding Malvertising Through Ad-Injecting Browser Extensions [ paper ]

Xinyu Xing, Wei Meng, Byoungyoung Lee, Udi Weinsberg, Anmol Sheth, Roberto Perdisci, and Wenke Lee

International Conference on World Wide Web (WWW) 2015
Preventing Use-after-free with Dangling Pointers Nullification [ paper | slide | demo ]

Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee

Network and Distributed System Security Symposium (NDSS) 2015

Third place award by CSAW Best Applied Research Paper Award (link)

2014

Abusing Performance Optimization Weaknesses to Bypass ASLR [ slide ]

Byoungyoung Lee, Yeongjin Jang, Tielei Wang, Chengyu Song, Long Lu, Taesoo Kim, and Wenke Lee

BlackHat USA 2014
Exploiting Unpatched iOS Vulnerabilities for Fun and Profit [ slide ]

Yeongjin Jang, Tielei Wang, Byoungyoung Lee, and Billy Lau

BlackHat USA 2014
From Zygote to Morula: Fortifying weakened ASLR on Android [ paper | slide | code ]

Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee

IEEE Symposium on Security and Privacy (SP) 2014

2011

Protecting Location Privacy Using Location Semantics [ paper | code ]

Byoungyoung Lee, Jinoh Oh, Hwanjo Yu, and Jong Kim

ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) 2011

2010

binOb+: A Framework for Potent and Stealthy Binary Obfuscation [ paper ]

Byoungyoung Lee, Yuna Kim, and Jong Kim

ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2010

Publication (Journal)

2019

PrOS: Light-weight Privatized Secure OSes in ARM TrustZone [ paper ]

Donghyun Kwon, Jiwon Seo, Yeongpil Cho, Byoungyoung Lee, and Yunheung Paek

IEEE Transactions on Mobile Computing 2019

2016

Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [ paper ]

Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim

ACM Computing Surveys (CSUR) 2016

Teaching

Fall 2023 (Tentative): Systems Programming
Fall 2023 (Tentative): Data Structures
Spring 2023 : Software and Systems Security
Fall 2022 : Systems Programming
Spring 2021 : Software and Systems Security
Spring 2021 : Data Structures
Fall 2020 : Data Structures
Spring 2020 : Computer Architecture
Fall 2019 : Software Security
Spring 2019 : System Security Seminar
Fall 2018 : Advance Computer Security Theories and Techniques
Spring 2018 : Operating Systems (CS 50300, Purdue)
Fall 2017 : Operating Systems (CS 50300, Purdue)
Spring 2017 : Secure And Trusted Systems (CS 59000-STS, Purdue)
Fall 2016: Software security (CS 52700, Purdue)

Students Advising

Jaewon Hur (PostDoc)
Cheolwoo Myeong (PhD Student)
Kyungwook Boo (PhD Student)
Suhwan Song (PhD Student, Interned at Google)
Yoochan Lee (PhD Student)
Juhee Kim (PhD Student)
Sangyun Kim (PhD Student)
Young Min Kim (PhD Student)
Youngjoo Lee (MS Student)
Chulmin Lee (MS Student)
Hyokyung Kim (MS Student)
Sihyun Roh (MS Student)
Jaeyoung Chung (MS Student)

Alumni

Yuseok Jeon, PhD at Purdue, co-advised with Mathias Payer. Interned at Intel. Now assistant professor at UNIST
Adil Ahmad, PhD at Purdue, co-advised with Pedro Fonseca. Interned at NEC and Microsoft Research. Now Assistant Professor at Arizona State University (2022 Sep)
Gwangmu Lee, PhD (2022 Feb), Now Postdoc at EPFL
Kyungtae Kim, PhD at Purdue (2022 Aug), co-advised with Dave Tian. Assistant professor at Dartmouth (from 2024 Aug)
Jaewon Hur, PhD (2023 Aug). Now at SNU as PostDoc
Seonghyun Park, MS (2022 Feb). Now at Amazon
Sunwoo Kim, MS (2022 Feb). Now at Samsung Research
Jinwoo Lee, MS (2022 Aug). Now at Healthhub
Jinhan Kwak, MS (2023 Feb). Now at Start-up
ByeongWook Kim, MS (2024 Feb). Now at SK hynix

Visitors

Jaeback Seo (2018, PhD at KAIST, Now at Google)
Yuxuan Chen (2018, Undergraduate at Purdue, Now at Facebook)
Wookhyun Han (2018, PhD student at KAIST, Interned at Google, Now at Amazon)
Byunggill Joe (2018, PhD student at KAIST)
Muhammad Ihsanulhaq Sarfaraz (2017, PhD student at Purdue EE)