Summary

John Knight Career Enhancement Assistant Professor, Department of Computer Science, University of Virginia
image

Solving System Security Problems via Program/Binary Analysis and Reverse-Engineering

I am the John Knight Career Enhancement Assistant Professor in the Department of Computer Science at the University of Virginia.

My research aims to solve system security problems via program analysis techniques (e.g., dynamic/static analysis, binary analysis, and reverse-engineering).

Contacts: yongkwon@virginia.edu (Preferred), yonghwi.kwon@hotmail.com

Awards and Recognitions

Maurice H. Halstead Memorial Award, Purdue University, 2017
ACM SIGSOFT Distinguished Paper Award, ACM, 2013
Best Paper Award, ASE'13, 2013
Microsoft MVP (Most Valuable Professional), Microsoft, 2008-2012

News

I am actively looking for students who are interested in systems security research and/or building systems.
If you are interested in (1) building secure systems, (2) preventing real-world attacks and exploits, (3) reverse-engineering up-to-date cyberattacks, or securing existing software through program analysis and compilers, we should chat (Multiple RA positions are available).

Publications

2019

ICSE'19 Probabilistic Disassembly
Kenneth Miller, Yonghwi Kwon, Xiangyu Zhang, and Zhiqiang Lin,
In Proc. of the 41st International Conference on Software Engineering
Paper

2018

ACSAC'18 Lprov: Practical Library-aware Provenance Tracing
Fei Wang, Yonghwi Kwon, Shiqing Ma, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 34th Annual Conference on Computer Security Applications
Paper
ATC'18 Kernel-Supported Cost-Eective Audit Logging for Causality Tracking
Shiqing Ma, Jun Zhai, Yonghwi Kwon, Kyu Hyung Lee, Xiangyu Zhang, Gabriela Ciocarlie, Ashish Gehani, Vinod Yegneswaran, Dongyan Xu, and Somesh Jha,
In Proc. of the 2018 USENIX Annual Technical Conference
Paper
WWW'18 AdBudgetKiller: Online Advertising Budget Draining Attack
I Luk Kim, Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, Weijie Meng, and Xiangyu Zhang,
In Proc. of the 27th International World Wide Web Conference
NDSS'18 MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation
Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani, and Vinod Yegneswaran,
In Proc. of the 25th Network and Distributed System Security Symposium
Paper | Slides

2017

ACSAC'17 RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications
Taegyu Kim, Chung Hwan Kim, Hongjun Choi, Yonghwi Kwon, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 33rd Annual Conference on Computer Security Applications
Paper
ASE'17 PAD: Programming Third-party Web Advertisement Censorship
Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, I Luk Kim, Wen-Chuan Lee, Yingqi Liu, Weijie Meng, Xiangyu Zhang, Patrick Eugster,
In Proc. of the 32nd IEEE/ACM International Conference on Automated Software Engineering
Paper
ISSTA'17 CPR: Cross Platform Binary Code Reuse via Platform Independent Trace Program
Yonghwi Kwon, Weihang Wang, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
Paper | Slides
WWW'17 J-Force: Forced Execution on JavaScript
Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 26th International World Wide Web Conference
Paper
NDSS'17 A2C: Self Destructing Exploit Executions via Input Perturbation
Yonghwi Kwon, Brendan Saltaformaggio, I Luk Kim, Kyu Hyung Lee, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 24th Network and Distributed System Security Symposium
Paper | Slides

2016

OOPSLA'16 Apex: Automatic Programming Assignment Error Explanation
Dohyeong Kim, Yonghwi Kwon, Peng Liu, I Luk Kim, David Mitchel Perry, Xiangyu Zhang, and Gustavo Rodriguez-Rivera,
In Proc. of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
Paper | Website
FSE'16 WebRanz: Web Page Randomization For Better Advertisement Delivery and Web-Bot Prevention
Weihang Wang, Yunhui Zheng, Xinyu Xing, Yonghwi Kwon, Xiangyu Zhang, and Patrick Eugster,
In Proc. of the 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering
Paper | Website
WOOT'16 Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic
Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, John Qian,
In Proc. of the 10th USENIX Workshop on Offensive Technologies
Paper
ASPLOS'16 LDX: Causality Inference by Lightweight Dual Execution
Yonghwi Kwon, Dohyeong Kim, William N. Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 21st International Conference on Architectural Support for Programming Languages and Operating Systems
Paper | Slides | Demo video (available upon on request)

2015

ASPLOS'15 Dual Execution for On the Fly Fine Grained Execution Comparison
Dohyeong Kim, Yonghwi Kwon, William N. Sumner, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems
Paper
NDSS'15 P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions
Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran, and John Qian,
In Proc. of the 22nd Network and Distributed System Security Symposium
Paper | Slides

2013

ASE'13 PIEtrace: Platform Independent Executable Trace
Yonghwi Kwon, Xiangyu Zhang, and Dongyan Xu,
In Proc. of the 28th IEEE/ACM International Conference on Automated Software Engineering
Paper | Slides | Website
Best Paper Award, ACM SIGSOFT Distinguished Paper Award

Resume

Systems Security, Program/Binary Analysis, Reverse-engineering

Education

May 2012 - Aug 2018

Ph.D. in Computer Science, Purdue University, USA

Advisors: Prof. Xiangyu Zhang and Prof. Dongyan Xu

May 2017

Master in Computer Science, Purdue University, USA

March 2004 - July 2011

Bachelor in Computer Engineering, Konkuk University, Seoul, South Korea

Summa Cum Laude. (Includes 3 years of military service at a software company for developing system security products)

Professional Experience

Sep 2011 - Dec 2011

Part-Time Developer, National Forensic Service, South Korea

I developed digitizers that extract important evidences from dash-cam videos for forensic analysis.

July 2006 - July 2009

Researcher, SETTEC Inc.

I developed security solutions such as DRM (Digital Rights Management) systems, on-the-fly binary protection techniques which encrypt and decrypt executable code at runtime to prevent reverse-engineering attempts. Also, I have developed anti-malware software in both kernel and user-mode.

Aug 2004 - June 2006

Student Researcher, Samsung Electronics

I developed and led many commercial projects including system utilities, network firewalls, file-filter drivers, and image processing applications. I also have developed programs on various platforms including x86, MIPS, and ARM.

Part-Time Developer, Korea Telecom/Thurunet/Nowcom

I have extensive industry experience. I developed various products (e.g., system utilities, network modules, and security solutions) in several companies during my undergraduate years.

Invited Talks

2017

CERIAS Security Seminar, Purdue University

A2C: Self Destructing Exploit Executions via Input Perturbation.

2015

CERIAS Security Seminar, Purdue University

P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions

2011

Microsoft Technical Seminar, Microsoft Korea

Migration to the Visual Studio 2010

2010

Microsoft Technical Seminar, Microsoft Korea

Effective Windows Programming

2009

Microsoft Technical Seminar, Microsoft Korea

Advanced topics in Windows Programming

Samsung Eletronics Technical Seminar (Private), Samsung Electronics

Debugging Applications in Windows

Highlights

2018

Joined the University of Virginia

2017

Maurice H. Halstead Memorial Award

2013

ACM SIGSOFT Distinguished Paper Award

ASE Best Paper Award

2010

Authored a book: Effective Windows Programming

2008

Microsoft Most Valuable Professional Award (5 Time Awardee: 2008~2012)

2003

4th Prize in the Korea Informatics Olympiad

Excellence Award in the the Creative Software Contest, Konkuk University - 2 years of scholarship

2000

Wrote my first popular program which now has millions of users (Click To Tweak)

Services

Program Committee

Network and Distributed System Security Symposium (NDSS'19)

Annual Conference on Computer Security Applications (ACSAC'18)

International Workshop on Theory and Practice of Provenance (TaPP'17)

External Reviewer

IEEE Transactions on Dependable and Secure Computing (TDSC)

The USENIX Security Symposium (USENIX'18)

ACM Conference on Computer and Communications Security (CCS’16/15/13)

The Network and Distributed System Security Symposium (NDSS’17/14)

The International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’17)

The ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’17)

IEEE Conference on Communications and Network Security (CNS’16)

The International Conference on Software Engineering (ICSE’17)

The ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE’16,'18)

The International Symposium on Software Testing and Analysis (ISSTA’17/16/14)

The IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’16)

The International Symposium on Research in Attacks, Intrusions and Defenses (RAID’16)

Research

Summary of My Research Projects

My research aims to solve system security problems via program analysis techniques (e.g., binary analysis, reverse-engineering, and instrumentation).

I build systems that can analyze and prevent sophisticated cyber attacks such as Advanced Persistent Threats (e.g., Stuxnet). Specifically, (1) I build systems that harden existing programs to prevent advanced attacks (e.g., zero-day exploits). (2) I build reverse-engineering techniques that uncover malicious behaviors (e.g., compromising systems and leaking secret information) of sophisticated malware on various architectures (e.g., x86, ARM, MIPS) with little to no knowledge on the malware. (3) my research recovers forensic evidence of sophisticated attacks to reveal attack paths (e.g., how the attacks happened, who are the attackers, and what are the ramifications).

Preventing Malicious Payload Injection Attacks
Malicious attackers (remotely) inject malicious payloads into the victim systems in order to achieve their goals such as disrupting systems and exfiltrating secret information.
My research aims to proactively prevent them regardless of attack methods and vectors to protect various systems from even unknown zero-day exploits.

NDSS'17 A2C: Self Destructing Exploit Executions via Input Perturbation | Paper | Slides
ASE'17 PAD: Programming Third-party Web Advertisement Censorship | Paper
Weihang Wang, Yonghwi Kwon, Yunhui Zheng, Yousra Aafer, I Luk Kim, Wen-Chuan Lee, Yingqi Liu, Weijie Meng, Xiangyu Zhang, Patrick Eugster


Reconstructing Attack Paths of Advanced Cyberattacks (e.g., Advanced Persistent Threats)
Recent cyber attacks become more and more sophisticated. In particular, advanced persistent threat or APT is a special kind of attack that leverages most advanced stealthy attack methods. They lurk in systems for a long time (e.g., weeks or months), infecting other systems through complex and large programs such as web-browsers.
My research aims to precisely uncover attack paths of such advanced cyber attacks. I proposed a novel causal analysis technique called LDX which precisely infers causality between system events (e.g., system calls) via input perturbation.

NDSS'18 MCI: Modeling-based Causality Inference in Audit Logging for Attack Investigation | Paper | Slides
Yonghwi Kwon, Fei Wang, Weihang Wang, Kyu Hyung Lee, Wen-Chuan Lee, Shiqing Ma, Xiangyu Zhang, Dongyan Xu, Somesh Jha, Gabriela Ciocarlie, Ashish Gehani, and Vinod Yegneswaran
ASPLOS'16 LDX: Causality Inference by Lightweight Dual Execution | Paper | Slides | Demo video (available upon on request)
Yonghwi Kwon, Dohyeong Kim, William N. Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu
ASPLOS'15 Dual Execution for On the Fly Fine Grained Execution Comparison | Paper
Dohyeong Kim, Yonghwi Kwon, William N. Sumner, Xiangyu Zhang, and Dongyan Xu


Analyzing Malicious Binaries via Binary Analysis and Reverse-Engineering (across Multiple Platforms)
Analyzing malicious binaries are difficult because these binaries are obfuscated and/or input/environment sensitive. Moreover, recent attacks happen across multiple platforms while tools that can analyze malicious binaries often do not support such new platforms.
My research aims to analyze malicious binaries via dynamic analysis and program transformation. I proposed a novel program transformation technique which can transform a platform-dependent program execution (e.g., an IoT malware execution) into a platform-independent program so that it can be analyzed by existing program analysis tools. Also, I reverse engineer malicious binaries to discover message/file formats of various malicious software such as botnets.

ASE'13 PIEtrace: Platform Independent Executable Trace | Paper | Slides | Website
Yonghwi Kwon, Xiangyu Zhang, and Dongyan Xu | Best Paper Award, ACM SIGSOFT Distinguished Paper Award
NDSS'15 P2C: Understanding Output Data Files via On-the-Fly Transformation from Producer to Consumer Executions | Paper | Slides
Yonghwi Kwon, Fei Peng, Dohyeong Kim, Kyungtae Kim, Xiangyu Zhang, Dongyan Xu, Vinod Yegneswaran, and John Qian
ISSTA'17 CPR: Cross Platform Binary Code Reuse via Platform Independent Trace Program | Paper | Slides
ACSAC'17 RevARM: A Platform-Agnostic ARM Binary Rewriter for Security Applications | Paper
Taegyu Kim, Chung Hwan Kim, Hongjun Choi, Yonghwi Kwon, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu

Personal

Things keep me alive

Personal Projects

I have been maintaining my own projects such as anti-malware software, system optimizers, and my own programming language and its IDE for more than 10 years.
These applications have millions of users and have been distributed through my website [open].

Media Coverage

1. Interview (Microsoftware , monthly magazine for developers in South Korea), 2008
2. Featured in etnews, one of the major Korean software industry newspapers, as a software developer, 2008
3. Interview (PC Love, monthly magazine for end-users in South Korea), 2002

Things keep me alive

beer

Dark beers

I love dark beers, my favorites are Murphy's and Rogue HazelNut.

coffee

Coffee

I am a coffee addict. I love dark roasted coffee beans from Ethiopia and Indonesia.

Quakelive

Quakelive

I am a big fan of Quake3 and Rocket Arena since 2000. Now I play quakelive.

LouisCK

Stand-up comedy shows

Louis CK is my favorite. Click this to my favorite clip.

southpark

Southpark

SouthPark is the best animation! Love their sarcasm!

kitchen nightmares

Kitchen Nightmares

Kitchen Nightmares secretly teaches about everyday problems and solutions for Ph.D!