About me

My name is Doowon Kim. I’m currently a Ph.D. Candidate in Computer Science at the University of Maryland, working with Prof. Tudor Dumitras.

My research interests are broadly in the areas of security and privacy. In particular, I empirically measure security threats in Public Key Infrastructures (e.g., the code signing PKI and the Web PKI), and design/build new better systems with usable security based on the empirical measurements. I have been awarded the 5th annual NSA Best Scientific Cybersecurity Paper in usable security. My work about the code signing PKI has been featured in Ars Technica, The Register, Schneier on Security, Threatpost, etc.

News

Selected Publications

  • [USENIX Security ‘18]: The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, and Tudor Dumitraș.

  • [ACM CCS ‘17]: Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, and Tudor Dumitraș.

  • [IEEE S&P ‘16]: Comparing the usability of cryptographic APIs.
    Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)

  • [SOUPS ‘16]: An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.

  • [IEEE S&P ‘15]: You get where you’re looking for: The impact of information sources on code security.
    Awarded the 5th annual NSA Best Scientific Cybersecurity Paper.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)