Yonghwi Kwon @ UMD
Software Security, Cyber Physical Systems Security, Cyber Forensics

Yonghwi Kwon University of Maryland

I am an Assistant Professor at the University of Maryland (Electrical and Computer Engineering, Maryland Cybersecurity Center (MC2), and UMIACS). I direct the SEED Research Group and am interested in software security, cyber physical systems security, and cyber forensics. I have been honored with NSF CAREER Award, NSF CRII Award, ACM SIGPLAN Distinguished Paper Award, Maurice H. Halstead Memorial Award, ASE Best Paper Award, ACM SIGSOFT Distinguished Paper Award, and Microsoft Most Valuable Professional.

CV (Resume) Research Group Website Email:
I am looking for motivated students. Please see this page.

2026/03: Death Is Not the End: A Longitudinal Study on the Impact of Automatic Updates on Container Vulnerability Lifespans accepted in S&P'26 (Oakland)!!
2026/01: Zelda: Feedback-driven Closed-box Fuzzing for Identifying Web Application Vulnerabilities accepted in WWW'26 (TheWebConf)!!
2025/09: 3 papers accepted in NDSS'26 and ASE'25!!
1. Connecting the Dots: An Investigative Study on Linking Private User Data Across Messaging Apps
2. IMUFUZZER: Resilience-based Discovery of Signal Injection Attacks on Robotic Aerial Vehicles
3. When Does Wasm Malware Detection Fail? A Systematic Analysis of Their Robustness to Evasion
2025/01: 2 papers accepted in WWW'25 (TheWebConf)!!
1. What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits
2. 7 Days Later: Analyzing Phishing-Site Lifespan After Detected
2024/09: 2 papers accepted in IEEE S&P'25 (Oakland)!!
1. RaceDB: Detecting Request Race Vulnerabilities in Database-Backed Web Applications
2. CMASan: Custom Memory Allocator-aware Address Sanitizer
2024/06: Scavy: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation accepted in USENIX'24!
2023/11: BTFuzzer (ICISC'23) wins the Best Paper Award!
2023/08: A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors accepted in IMC'23!
2023/04: FreePart: Hardening Data Processing Software via Framework-based Partitioning accepted in ASPLOS'24!
2023/04: UVA CCDC team win the MACCDC, advancing to the national!
2023/01: BFTDetector: Automatic Detection of Business Flow Tampering for Digital Content Service accepted in ICSE'23!
2022/12: SynthDB: Synthesizing Database via Program Analysis for Security Testing accepted in NDSS'23!
2022/11: PyFET: Forensically Equivalent Transformation for Python Binary Decompilation accepted in S&P'23 (Oakland)!
2022/08: Dazzle-attack (WISA'22) wins the Best Student Paper Award!
2022/07: DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing accepted in CCS'22!
2022/04: We (UVA CCDC team) win the wild-card competition (of the regional CCDC), advancing to the national!
2022/01: Proposal Awarded by NSF: CAREER: Automated Forensic-in-the-Loop Cyber Defense Infrastructure. Thanks NSF for support!
2021/12: Hiding Critical Program Components via Ambiguous Translation accepted in ICSE'22!
2021/11: SwarmFlawFinder: Discovering and Exploiting Logic Flaws of Swarm Algorithms accepted in S&P'22 (Oakland)!
2021/09: Proposal Awarded by Cisco: Securing the IoT Infrastructure via Execution Diversification and Active Deception. Thanks Cisco Systems for support!
2021/08: 2 papers accepted (ASE'21 NIER and ACSAC'21)
1. Defeating Program Analysis Techniques via Ambiguous Translation (ASE'21 NIER)
2. Sofware Watermarking via a Binary Function Relocation (ACSAC'21)
2021/07: An Empirical Study of Bugs in WebAssembly Compilers accepted in ASE'21!
2021/05: Swarmbug: Debugging Configuration Bugs in Swarm Robotics accepted in FSE'21!
2021/03: Spinner: Automated Dynamic Command Subsystem Perturbation accepted in CCS'21!
2021/02: Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem accepted in ASIACCS'21!
2021/01: TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet accepted in WWW'21!
2020/11: OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary accepted in S&P'21 (Oakland)!
2020/09: C2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis accepted in NDSS'21!
2020/05: We (UVA CCDC team) win the National CCDC (NCCDC)!! (Three times in a row, or Three-peat!)
2019/10: Featured on UVA Today and Distinguished Paper Award!
1. UVA Today covered my research group and projects!
2. BDA (OOPSLA'19) wins the ACM SIGPLAN Distinguished Paper Award!
2019/09: 3 papers (one CCS, two S&P) accepted!
1. MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis (CCS'19)
2. PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning (S&P'20)
3. TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks (S&P'20)
2019/08: 2 papers (ACSAC and OOPSLA) accepted!
1. CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis (ACSAC'19)
2. BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation (OOPSLA'19)
2019/07: NSF Proposal Awarded: Data Provenance Infrastructure towards Robust and Reliable Data Sharing and Analytics. Thanks NSF for support!
2019/06: NSF Proposal Awarded: Doctor WHO: Investigation and Prevention of Online Content Management System Abuse. Thanks NSF for support!
2019/04: We (UVA CCDC team) win the National CCDC (NCCDC)!!
2019/03: We (UVA CCDC team) win the MACCDC.
2019/02: NSF Proposal Awarded: Secure and Comprehensive Forensic Audit Infrastructure for Transparent Heterogeneous Computing. Thanks NSF for support!
Read more

Publications

- Top Venues in Security/Systems (S&P (Oakland) [], CCS [], NDSS [], USENIX [], ASPLOS []), in SE/PL (ICSE [], FSE [], ASE [], OOPSLA []), in Web (WWW [], IMC [])

S&P'26 - Death Is Not the End: A Longitudinal Study on the Impact of Automatic Updates on Container Vulnerability Lifespans In Proc. of the 47th IEEE Symposium on Security and Privacy BibTex

Simge Tekin, Octavian Suciu, Sungsu Kwag, Yonghwi Kwon, and Tudor Dumitraș

WWW'26 - Zelda: Feedback-driven Closed-box Fuzzing for Identifying Web Application Vulnerabilities In Proc. of 35th The Web Conference BibTex

Soyoung Lee, Sunnyeo Park, Yonghwi Kwon, and Sooel Son

NDSS'26 - Connecting the Dots: An Investigative Study on Linking Private User Data Across Messaging Apps In Proc. of 33rd Network and Distributed System Security Symposium BibTex

Junkyu Kang* (co-first author), Soyoung Lee* (co-first author), Yonghwi Kwon, and Sooel Son

ICISC'25 - AdvCodeGen: Adversarial Code Generation via Large Language Models In Proc. of the 28th Annual International Conference on Information Security and Cryptology BibTex

Eun Jung, Jiacheng Li, Yonghwi Kwon, and Hyoungshick Kim

ASE'25 - When Does Wasm Malware Detection Fail? A Systematic Analysis of Their Robustness to Evasion In Proc. of 40th IEEE/ACM International Conference on Automated Software Engineering BibTex

Taeyoung Kim, Sanghak Oh, Kiho Lee, Weihang Wang, Yonghwi Kwon, Sanghyun Hong, and Hyoungshick Kim

ASE'25 - IMUFUZZER: Resilience-based Discovery of Signal Injection Attacks on Robotic Aerial Vehicles In Proc. of 40th IEEE/ACM International Conference on Automated Software Engineering BibTex

Sudharssan Mohan, Kyeongseok Yang, Zelun Kong, Yonghwi Kwon, Junghwan Rhee, Tyler Summers, Hongjun Choi, Heejo Lee, and Chung Hwan Kim

WWW'25 - What's in Phishers: A Longitudinal Study of Security Configurations in Phishing Websites and Kits In Proc. of 34th The Web Conference BibTex

Kyungchan Lim, Kiho Lee, Fujiao Ji, Yonghwi Kwon, Hyoungshick Kim, and Doowon Kim

WWW'25 - 7 Days Later: Analyzing Phishing-Site Lifespan After Detected In Proc. of 34th The Web Conference BibTex

Kiho Lee* (co-first author), Kyungchan Lim* (co-first author), Hyoungshick Kim, Yonghwi Kwon, and Doowon Kim

S&P'25 - RaceDB: Detecting Request Race Vulnerabilities in Database-Backed Web Applications In Proc. of the 46th IEEE Symposium on Security and Privacy BibTex

An Chen, Yonghwi Kwon, and Kyu Hyung Lee

S&P'25 - CMASan: Custom Memory Allocator-aware Address Sanitizer In Proc. of the 46th IEEE Symposium on Security and Privacy BibTex

Junwha Hong, Wonil Jang, Mijung Kim, Lei Yu, Yonghwi Kwon, and Yuseok Jeon

USENIX'24 - Scavy: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation In Proc. of the 33rd USENIX Security Symposium BibTex

Erin Avllazagaj, Yonghwi Kwon, and Tudor Dumitraș

ASPLOS'24 - FreePart: Hardening Data Processing Software via Framework-based Partitioning and Isolation In Proc. of the 29th International Conference on Architectural Support for Programming Languages and Operating Systems BibTex

Ali Ahad, Gang Wang, Chung Hwan Kim, Suman Jana, Zhiqiang Lin, and Yonghwi Kwon

ICISC'23 - BTFuzzer: a profile-based fuzzing framework for Bluetooth protocols In Proc. of the 26th Annual International Conference on Information Security and Cryptology BibTex

Min Jang, Yuna Hwang, Yonghwi Kwon, and Hyoungshick Kim
Best Paper Award

IMC'23 - A Longitudinal Study of Vulnerable Client-side Resources and Web Developers' Updating Behaviors In Proc. of the 23rd ACM Internet Measurement Conference BibTex

Kyungchan Lim, Yonghwi Kwon, and Doowon Kim

ICSE'23 - BFTDetector: Automatic Detection of Business Flow Tampering for Digital Content Service In Proc. of the 45th International Conference on Software Engineering BibTex

I Luk Kim, Weihang Wang, Yonghwi Kwon, and Xiangyu Zhang

NDSS'23 - SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications In Proc. of the 30th Network and Distributed System Security Symposium BibTex

An Chen, JiHo Lee, Basanta Chaulagain, Yonghwi Kwon, and Kyu Hyung Lee

S&P'23 - PyFET: Forensically Equivalent Transformation for Python Binary Decompilation In Proc. of the 44th IEEE Symposium on Security and Privacy BibTex

Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon

CCS'22 (Poster) - Automated Discovery of Sensor Spoofing Attacks on Robotic Vehicles In Proc. of the 29th ACM Conference on Computer and Communications Security BibTex

Kyeongseok Yang (Co-first author), Sudharssan Mohan (Co-first author), Yonghwi Kwon, Heejo Lee, and Chung Hwan Kim

CCS'22 - DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing In Proc. of the 29th ACM Conference on Computer and Communications Security BibTex

Seulbae Kim, Major Liu, Junghwan Rhee, Yuseok Jeon, Yonghwi Kwon, and Chung Hwan Kim

WISA'22 - Dazzle-attack: Anti-Forensic Server-side Attack via Fail-free Dynamic State Machine In Proc. of the 23rd World Conference on Information Security Applications BibTex

Bora Lee (Co-first author), Kyungchan Lim (Co-first author), JiHo Lee, Chijung Jung, Doowon Kim, Kyu Hyung Lee, Haehyun Cho, and Yonghwi Kwon
Best Student Paper Award

ICSE'22 - Hiding Critical Program Components via Ambiguous Translation In Proc. of the 44th International Conference on Software Engineering BibTex

Chijung Jung, Doowon Kim, An Chen, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon

S&P'22 - SwarmFlawFinder: Discovering and Exploiting Logic Flaws of Swarm Algorithms In Proc. of the 43rd IEEE Symposium on Security and Privacy BibTex

Chijung Jung, Ali Ahad, Yuseok Jeon, and Yonghwi Kwon

ACSAC'21 - Sofware Watermarking via a Binary Function Relocation In Proc. of 37th Annual Conference on Computer Security Applications Slides | BibTex

Honggoo Kang, Yonghwi Kwon, Sangjin Lee, and Hyungjoon Koo

ASE-NIER'21 - Defeating Program Analysis Techniques via Ambiguous Translation In Proc. of 36th IEEE/ACM International Conference on Automated Software Engineering (New Ideas and Emerging Results Track) BibTex

Chijung Jung, Doowon Kim, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon

TIFS (Journal, IF: 6.211) - TRACE: Enterprise-Wide Provenance Tracking For Real-Time APT Detection IEEE Transactions on Information Forensics and Security BibTex

Hassaan Irshad, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Kyu Hyung Lee, Jignesh Patel, Somesh Jha, Yonghwi Kwon, Dongyan Xu, and Xiangyu Zhang

ASE'21 - An Empirical Study of Bugs in WebAssembly Compilers In Proc. of 36th IEEE/ACM International Conference on Automated Software Engineering BibTex

Alan Romano, Xinyue Liu, Yonghwi Kwon, and Weihang Wang

FSE'21 - Swarmbug: Debugging Configuration Bugs in Swarm Robotics In Proc. of the 29th ACM SIGSOFT International Symposium on the Foundations of Software Engineering BibTex

Chijung Jung, Ali Ahad, Jinho Jung, Sebastian Elbaum, and Yonghwi Kwon

CCS'21 - Spinner: Automated Dynamic Command Subsystem Perturbation In Proc. of 28th ACM Conference on Computer and Communications Security BibTex

Chijung Jung, Ali Ahad, and Yonghwi Kwon

ASIACCS'21 - Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem In Proc. of 16th ACM ASIA Conference on Computer and Communications Security BibTex

Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupe, Sooel Son, Gail-Joon Ahn, and Tudor Dumitraș

WWW'21 - TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet In Proc. of 30th The Web Conference Video | BibTex

Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon

S&P'21 - OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary In Proc. of the 42nd IEEE Symposium on Security and Privacy BibTex

Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, and Xiangyu Zhang

NDSS'21 - C2SR: Cybercrime Scene Reconstruction for Post-mortem Forensic Analysis In Proc. of the 28th Network and Distributed System Security Symposium Slides | Video | BibTex

Yonghwi Kwon, Weihang Wang, Jinho Jung, Kyu Hyung Lee, and Roberto Perdisci

S&P'20 - TARDIS: Rolling Back The Clock On CMS-Targeting Cyber Attacks In Proc. of the 41st IEEE Symposium on Security and Privacy Video | BibTex

Ranjita Pai Kasturi, Yiting Sun, Ruian Duian, Omar Alrawi, Ehsan Asdar, Victor Zhu, Yonghwi Kwon, and Brendan Saltaformaggio

S&P'20 - PMP: Cost-effective Forced Execution with Probabilistic Memory Pre-planning In Proc. of the 41st IEEE Symposium on Security and Privacy BibTex

Wei You, Zhuo Zhang, Yonghwi Kwon, Yousra Aafer, Fei Peng, Yu Shi, Carson Makena Harmon, and Xiangyu Zhang

CCS'19 - MalMax: Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis In Proc. of the 26th ACM Conference on Computer and Communications Security Slides | Code | BibTex

Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Ali Razmjoo-Qalaei, Mohammad-Reza Zamiri-Gourabi, and Jack W. Davidson

ACSAC'19 - CUBISMO: Decloaking Server-side Malware via Cubist Program Analysis In Proc. of the 35th Annual Conference on Computer Security Applications Slides | BibTex

Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, and Jack W. Davidson

OOPSLA'19 - BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation In Proc. of the 2019 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications BibTex

Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang
ACM SIGPLAN Distinguished Paper Award

ICSE'19 - Probabilistic Disassembly In Proc. of the 41st International Conference on Software Engineering Slides | BibTex

Kenneth Adam Miller, Yonghwi Kwon, Yi Sun, Zhuo Zhang, Xiangyu Zhang, and Zhiqiang Lin

ACSAC'18 - Lprov: Practical Library-aware Provenance Tracing In Proc. of the 34th Annual Conference on Computer Security Applications BibTex

Fei Wang, Yonghwi Kwon, Shiqing Ma, Xiangyu Zhang, and Dongyan Xu

ATC'18 - Kernel-Supported Cost-Effective Audit Logging for Causality Tracking In Proc. of the 2018 USENIX Annual Technical Conference BibTex

Shiqing Ma, Juan Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha

Ph.D. Thesis - Combatting Advanced Persistent Threat via Causality Inference and Program Analysis BibTex

Yonghwi Kwon

WWW'18 - AdBudgetKiller: Online Advertising Budget Draining Attack In Proc. of the 27th International World Wide Web Conference BibTex

I Luk Kim, Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, Weijie Meng, and Xiangyu Zhang

NDSS'18 - MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation In Proc. of the 25th Network and Distributed System Security Symposium Slides | BibTex

Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani, and Vinod Yegneswaran

ACSAC'17 - RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications In Proc. of the 33rd Annual Conference on Computer Security Applications BibTex

Taegyu Kim, Chung Hwan Kim, Hongjun Choi, Yonghwi Kwon, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu

ASE'17 - PAD: Programming Third-party Web Advertisement Censorship In Proc. of the 32nd IEEE/ACM International Conference on Automated Software Engineering BibTex

Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, I Luk Kim, Wen-Chuan Lee, Yingqi Liu, Weijie Meng, Xiangyu Zhang, and Patrick Eugster

ISSTA'17 - CPR: Cross Platform Binary Code Reuse via Platform Independent Trace Program In Proc. of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis Slides | BibTex

Yonghwi Kwon, Weihang Wang, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu

WWW'17 - J-Force: Forced Execution on JavaScript In Proc. of the 26th International World Wide Web Conference BibTex

Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu

NDSS'17 - A2C: Self Destructing Exploit Executions via Input Perturbation In Proc. of the 24th Network and Distributed System Security Symposium Slides | BibTex

Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu

OOPSLA'16 - Apex: Automatic Programming Assignment Error Explanation In Proc. of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications Website | BibTex

Dohyeong Kim, Yonghwi Kwon, Peng Liu, I Luk Kim, David Mitchel Perry, Xiangyu Zhang, and Gustavo Rodriguez-Rivera

FSE'16 - WebRanz: Web Page Randomization For Better Advertisement Delivery and Web-Bot Prevention In Proc. of the 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering Website | BibTex

Weihang Wang, Yunhui Zheng, Xinyu Xing, Yonghwi Kwon, Xiangyu Zhang, and Patrick Eugster

WOOT'16 - Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic In Proc. of the 10th USENIX Workshop on Offensive Technologies BibTex

Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, and John Qian

ASPLOS'16 - LDX: Causality Inference by Lightweight Dual Execution In Proc. of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems Slides | Demo Video | BibTex

Yonghwi Kwon, Dohyeong Kim, William N. Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu

ASPLOS'15 - Dual Execution for On the Fly Fine Grained Execution Comparison In Proc. of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems BibTex

Dohyeong Kim, Yonghwi Kwon, William N. Sumner, Xiangyu Zhang, and Dongyan Xu

NDSS'15 - P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions In Proc. of the 22nd Network and Distributed System Security Symposium Slides | BibTex

Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran, and John Qian

ASE'13 - PIEtrace: Platform Independent Executable Trace In Proc. of the 28th IEEE/ACM International Conference on Automated Software Engineering Slides | Website | BibTex

Yonghwi Kwon, Xiangyu Zhang, and Dongyan Xu
Best Paper Award ACM SIGSOFT Distinguished Paper Award

Team

Postdoctoral Researcher

1. Kyungchan Lim (University of Tennessee, PhD, 2025), focusing on Software Security/Security Measurement [IMC'23, WWW'25, WWW'25, WISA'22]


Graduate Students

1. Ali Ahad (UMD, PhD, Fall 2020~), focusing on Software Security [CCS'21, S&P'23, ASPLOS'24], Debugging/Testing [FSE'21, S&P'22]
2. Jiacheng Li (UMD, PhD, Fall 2024~), focusing on Software Security/CPS Security
3. Alexandros Antonakakis (UMD, PhD, Fall 2025~), focusing on Software Security


Undergraduate Students

1. Xavier Francois (UMD, Undergraduate, Fall 2024~), focusing on Software Security
2. Mikias Kelela (UMD, Undergraduate, Summer 2025~), focusing on Software Security


Former Students

Erin Avllazagaj (PhD, UMD, Co-advised with Prof. Tudor Dumitraș) [USENIX'21, USENIX'24]
Chijung Jung (PhD, UVA, Fall 2024), [FSE'21, S&P'22, CCS'21, WISA'22, S&P'23, ASE'21 (NIER), ICSE'22]
JiHo Lee (Master, UVA, 2024) [WISA'22, NDSS'23]
Bora Lee (Master, UVA, 2023) [WISA'22]
Sungjin Yi (Undergrad, UC Berkeley, Fall 2021~Summer 2022)
Abbas Naderi (PhD, UVA), Advisor: Prof. Jack W. Davidson
Jake Smith (Undergrad, UVA) - NCCDC Winner
Jack McDowell (Undergrad, UVA) - NCCDC Winner
Calvin Krist (Undergrad/Master, UVA) - NCCDC Winner
Rajiv Sarvepalli (Undergrad,UVA) - (Part of JUMP URI (Undergraduate Research Initiative) Program)
Haoxiang Zhang (Undergrad, UVA) - Next Step: Columbia University (Master)


Cyber Defense Competition Team

I am a faculty mentor of the UVA CCDC (Collegiate Cyber Defense Competition) Team.
      - April 1, 2023: We win the regional final!
      - May 24, 2020: We (UVA CCDC team) win the national!! (Three times in a row, or Three-peat!)
      - April 25, 2019: We win the national!
      - March 30, 2019: We win the regional final!


External Collaborators

In USA:
Columbia University (with Prof. Suman Jana)
Georgia Institute of Technology (with Prof. Taesoo Kim, Prof. Brendan Saltaformaggio)
The Ohio State University (with Prof. Zhiqiang Lin)
University of California, Irvine (with Prof. Alfred Chen)
University of Illinois Urbana-Champaign (with Prof. Gang Wang)
University of Southern California (with Prof. Weihang Wang)
University of Central Oklahoma (with Prof. Junghwan Rhee)
University of Georgia (with Prof. Kyu Hyung Lee)
University of Tennessee (with Prof. Doowon Kim)
University of Texas at Dallas (with Prof. Chung Hwan Kim and Prof. Wei Yang)
International Collaboration:
Korea Advanced Institute of Science and Technology (KAIST) (with Prof. Sooel Son)
Sejong University (with Prof. Giwoong Park)
Soongsil University (with Prof. Haehyun Cho)
Sungkyunkwan University (with Prof. Hyungjoon Koo, Prof. Hyoungshick Kim)
Korea University (with Prof. Yuseok Jeon)

Teaching/Services

Teaching

University of Maryland
Software Security via Program Analysis (Spring 2024, Graduate)
Computer Security and Reverse Engineering Lab (Fall 2023/2024/2025, Spring 2026, Undergraduate)

University of Virginia
Software Security via Program Analysis (Spring 2023, Fall 2019/2018, Graduate)
Cyber Forensics: Automated Software Approaches (Spring 2022/2021/2020, Undergraduate/Graduate)
Operating Systems (Fall 2021/2020, Spring 2019, Undergraduate)

Services

I have served for the following conferences.
Program Committee:
CCS'26, CCS'24, ACSAC'24, ACSAC'23, WISA'23, MADWeb'22, SecWeb'22, ACSAC'22,
ACSAC'21, ASIACCS'21, CODASPY'21, ESORICS'21, WISA'21, ESORICS'20,
ACSAC'20, ESORICS'20, OOPSLA'20 (ERC), NDSS'20, NDSS'19, ACSAC'19, ACSAC'18

I have participated in organizing the following events.
Registration Chair: ICSE'22
Poster Co-chair: ACSAC'24/23/22/21
Workshop Chair: MATE'21 (Man-At-The-Middle), Co-located with the ACM CCS'21 (DBLP)
Communication Co-chair: 2019 KOCSEA Technical Symposium

I have served for the following panelist.
NSF (National Science Foundation) Panelist

Miscellaneous

Great Reads

Two excellent suggestions for Ph.D. students by Matt Might:
1. 10 easy ways to fail a Ph.D.
2. 3 qualities of successful Ph.D. students: Perseverance, tenacity and cogency

There are some great and fun (and also educational) TED talks you can watch when you are bored:
1. Grit: the power of passion and perseverance (Grit is a key characteristic of a good researcher)
2. Inside the mind of a master procrastinator (Let's not be a procrastinator)
3. How to speak so that people want to listen
4. This is what happens when you reply to spam email

There are some ways to systematically generate good ideas:
1. TRIZ is "theory of the resolution of invention-related tasks"


Technical Articles and Books

I authored a book named Effective Windows Programming which covers various advanced techniques and tricks for Windows Programming (Win32 APIs).
I also enjoy coding and writing technical articles. Here are some of my articles explaining details about coding, debugging, and reverse-engineering.

1. Hooking the Real COM Objects: Intercepting IHTMLDocument3 Functions, Dec 2011
2. Phishing applications: Security threats regarding the SetParent function, Nov 2011