I’m an Assistant Professor in the Department of Electrical Engineering and Computer Science at the University of Tennessee, Knoxville. I received my Ph.D. in Computer Science from the University of Maryland, College Park in May 2020 where I worked with Prof. Tudor Dumitras.

My research interests include computer security (data-driven security and usable security), computer networks (Internet measurement), and the Web. I am interested in identifying the root causes of security threats by understanding the actors (e.g., adversary and end-users) involved, with data-driven and human-centered perspectives (i.e., usability study).

I have been awarded NSA Best Scientific Cybersecurity Paper (2017) and the Ann G. Wylie Dissertation Fellowship (2019). My works about the Code-Signing PKI have been featured in Ars Technica, The Register, Schneier on Security, Threatpost, etc.

I am actively looking for self-motivated undergraduate students and visiting scholars. Please email me if you’re interested in security, computer networks, and Web security.

doowon-kim

345 Min H. Kao Bldg
doowon@utk.edu
Twitter
Google Scholar
CV

Recent Research Areas & Interests

News

  • Oct. 2024: Congrats Jaehwan on winning third place in the Korea National Cryptography Competition!
  • Jun. 2024: Paper Backdoor Attacks against Code Generation LLMs accepted at Usenix Security ‘24. Congrats to Kiho.
  • Jun. 2024: Two female undergraduate summer interns joined our lab. Welcome Mercy (from Berea College) and Rishika (from University of Alabama).
  • Mar. 2024: Grant Kyungchan was awarded the travel grant from the Web Conf ‘24. Congrats to Kyungchan.
  • Mar. 2024: Paper Phishing kits paper accepted at AsiaCCS ‘24. Congrats to Woonghee.
  • Aug. 2023: My Ph.D. Student, Jaehwan Park, awarded The Graduate School Fellowship. Congrats to Jaehwan!
  • Jan. 2024: Paper Two papers (Phishing and Asian hate)accepted at the Web Conf ‘24. Congrats to Kyungchan and Jaehwan. Our phishing paper has been selected for an oral presentation.
  • Nov. 2023: Paper “Sharing cyber threat intelligence: Does it really help?” accepted at NDSS ‘24.
  • Oct. 2023: Paper “Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers’ Coding Practices with Insecure Suggestions from Poisoned AI Models” accepted at IEEE S&P’24.
  • Sep. 2023: Paper “A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs” accepted at SIGMETRICS’24.
  • Aug. 2023: Paper “A Longitudinal Study of Vulnerable Client-side Resources and Web Developers’ Updating Behaviors” accepted at IMC’23. Congrats to Kyungchan!
  • Aug. 2023: My Ph.D. Student, Lu Liu, was awarded The Graduate School Fellowship. Congrats to Lu!
  • May 2022: TPC of AsiaCCS 2023.
  • Mar. 2023: Paper “Evaluating Password Composition Policy and Password Meters of Popular Websites” accepted at SecWeb Workshop (co-located with IEEE S&P’23). Congrats to Kyungchan!
  • Mar. 2023: TPC of NDSS 2024, RAID 2023, and TMA 2023.
  • Nov. 2022: Grant Awarded supplemental funding and support from Google TensorFlow.
  • Nov. 2022: Paper PyFET: Forensically Equivalent Transformation for Python Binary Decompilation accepted at S&P’23 (Oakland).
  • Sep. 2022: Grant Awarded Google exploreCSR.
  • Sep. 2022: Grant Awarded StART (Support for Affiliated Research Teams) program in collaboration with Oak Ridge National Laboratory.
  • Aug. 2022: TPC of IEEE EuroS&P ‘23 and Best Student Paper Award of WISA’22.
  • May 2022: TPC of AsiaCCS ‘23
  • Apr. 2022: Grant NSF proposal awarded: EAGER: DCL: SaTC: Enabling Interdisciplinary Collaboration: Combatting Disinformation and Racial Bias: A Deep-Learning-Assisted Investigation of Temporal Dynamics of Disinformation
  • Apr. 2022: TPC of CheckMate ‘22, WISA ‘22, and NDSS ‘23
  • Apr. 2022: Grant My Ph.D. student, Kyungchan Lim was awarded IEEE S&P 2022 Travel Grant
  • Feb. 2022: TPC of WiSec ‘22, TMA ‘22, ICICS ‘22, and RAID ‘22
  • Dec. 2021: Paper “Hiding Critical Program Components via Ambiguous Translation” accepted to ICSE’22.
More
  • Oct. 2021: TPC of the Web Conf ‘21 (Security Track)
  • Aug. 2021: “Defeating program analysis techniques via Ambiguous Translation” accepted to ASE’21 (NIER).
  • May 2021: TPC of AsiaCCS ‘22.
  • Feb. 2021: Two papers accepted to AsiaCCS ‘21.
  • Feb. 2021: TPC of RAID ‘21.
  • Jan. 2021: “TLS 1.3 in Practice: How TLS 1.3 Contributes to Internet” accepted to the Web Conf. ‘21 (formerly WWW)

Selected Publications

  • [Usenix Security ‘24]: An LLM-Assisted Easy-to-Trigger Poisoning Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection.
    Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim and Yuan Hong.

  • [The Web Conf ‘24]: Phishing Vs. Legit: Comparative Analysis of Client-Side Resources of Phishing and Target Brand Websites. (Oral)
    Kyungchan Lim, Jaehwan Park, and Doowon Kim.

  • [The Web Conf ‘24]: Not All Asians are the Same: A Disaggregated Approach to Identifying Anti-Asian Racism in Social Media.
    Fan Wu, Sanyam Lakhanpal, Qian Li, Kookjin Lee, Doowon Kim, Heewon Chae, and K. Hazel Kwon.

  • [IEEE S&P ‘24]: Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers’ Coding Practices with Insecure Suggestions from Poisoned AI Models.
    Sanghak Oh, Kiho Lee, Seonhye Park, Doowon Kim, and Hyoungshick Kim.

  • [NDSS ‘24]: Sharing cyber threat intelligence: Does it really help?
    Beomjin Jin, Eunsoo Kim, Hyunwoo Lee, Elisa Bertino, Doowon Kim, and Hyoungshick Kim.

  • [ACM SIGMETRICS ‘24]: A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs.
    Euijin Choo, Mohamed Nabeel, Doowon Kim, Ravindu De Silva, Ting Yu, and Issa Khalil.

  • [ACM IMC ‘23]: A Longitudinal Study of Vulnerable Client-side Resources and Web Developers’ Updating Behaviors.
    Kyunchan Lim, Yonghwi Kwon, and Doowon Kim.

  • [IEEE S&P ‘23]: PyFET: Forensically Equivalent Transformation for Python Binary Decompilation.
    Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon.

  • [ICSE ‘22]: Hiding Critical Program Components via Ambiguous Translation.
    Chijung Jung, Doowon Kim, An Chen, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon.

  • [WWW ‘21]: TLS 1.3 in Practice: How TLS 1.3 Contributes to Internet.
    Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon.

  • [USENIX Security ‘18]: The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, and Tudor Dumitraș.

  • [ACM CCS ‘17]: Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, and Tudor Dumitraș.

  • [IEEE S&P ‘17]: Comparing the usability of cryptographic APIs.
    Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)

  • [SOUPS ‘16]: An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.

  • [IEEE S&P ‘16]: You get where you’re looking for: The impact of information sources on code security.
    Awarded the 5th annual NSA Best Scientific Cybersecurity Paper.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)

Professional Service

Review Panel

  • [NSF] National Science Foundation Proposal Review Panelist — 2023, 2024
Technical Program Committee
  • [CCS] ACM Conference on Computer and Communications Security — 2021, 2024
  • [NDSS] Network and Distributed System Security Symposium — 2023, 2024, 2025
  • [WWW] The Web Conference (security track) — 2022
  • [IMC] Internet Measurement Conference — 2025
  • [ACSAC] Annual Computer Security Applications Conference — 2024
  • [AsiaCCS] ACM Asia Conference on Computer and Communications Security — 2022, 2023, 2024
  • [Euro S&P] IEEE European Symposium on Security and Privacy — 2023
  • [RAID] International Symposium on Research in Attacks, Intrusions, and Defenses — 2021, 2022, 2023, 2024
  • [SOUPS] Symposium on Usable Privacy and Security — 2024
  • [ISC] Information Security Conference — 2023
  • [TMA] Network Traffic Measurement and Analysis Conference — 2022, 2023, 2024
  • [WiSec] ACM Conference on Security and Privacy in Wireless and Mobile Networks — 2021, 2022
  • [CODASPY] ACM Conference on Data and Application Security and Privacy — 2021
  • [WISA] World Conference on Information Security Applications — 2022, 2023
  • [ICICS] International Conference on Information and Communications Security — 2021, 2022
  • [MSN] International Conference on Mobility, Sensing and Networking — 2021
  • [CSET] Workshop on Cyber Security Experimentation and Test — 2020, 2021
  • [CheckMATE] Man-At-The-Middle Attacks Workshop — 2021, 2022
  • [WPES] Workshop on Privacy in the Electronic Society — 2022
  • [SecWeb] SecWeb Workshop — 2023
Program Chair/Co-Chair
  • Student Travel Grants Chair: ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2024
  • Publication Chair: IEEE Secure Development Conference (SecDev) 2022
  • Student Travel Grants Co-Chair: ACM Conference on Computer and Communications Security (CCS) 2021
  • Poster Session Chair: Korean Computer Scientists and Engineers Association in America Technical Symposium 2021
Journal Reviewer
  • IEEE Transactions on Computers
  • Institute of Electronics, Information and Communication Engineers
External Reviewer
  • [CCS] ACM Conference on Computer and Communications Security — 2017, 2018, 2019
  • [NDSS] The Network and Distributed System Security Symposium — 2018, 2019, 2020
  • [S&P] IEEE Symposium on Security and Privacy — 2018, 2019
  • [USENIX Security] USENIX Security Symposium — 2018
  • [CODASPY] ACM Conference on Data and Application Security and Privacy — 2020
  • [RAID] Research in Attacks, Intrusions and Defenses — 2018, 2019