C Conference Proceeding | J Journal Article | W Workshop Proceeding

*Underline: my advisee students.

2024

  • An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection.
    Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, and Yuan Hong.
    USENIX Security ‘24: The 33rd USENIX Security Symposium (USENIX Security) 2024. C
    PDF Code
    Media: DarkReading

  • Beneath the Phishing Scripts: A Script-Level Analysis of Phishing Kits and Their Impact on Real-World Phishing Websites.
    Woonghee Lee, Junbeom Hur, and Doowon Kim.
    AsiaCCS ‘24: The 19th ACM ASIA Conference on Computer and Communications Security 2024. C
    PDF
    Media: Cyber + Financial Risk

  • Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers’ Coding Practices with Insecure Suggestions from Poisoned AI Models.
    Sanghak Oh*, Kiho Lee*, Seonhye Park, Doowon Kim, and Hyoungshick Kim.
    * equally contributions.
    IEEE S&P ‘24: The 45th IEEE Symposium on Security and Privacy. C
    PDF Slides One-page Summary

  • Phishing Vs. Legit: Comparative Analysis of Client-Side Resources of Phishing and Target Brand Websites.
    Kyungchan Lim, Jaehwan Park, and Doowon Kim.
    The Web Conference ‘24 (TheWebConf 2024, formerly WWW). Acceptance rate: 20.2% (out of 2008). C
    Oral PDF Slides One-page Summary

  • Not All Asians are the Same: A Disaggregated Approach to Identifying Anti-Asian Racism in Social Media.
    Fan Wu, Sanyam Lakhanpal, Qian Li, Kookjin Lee, Doowon Kim, Heewon Chae, and K. Hazel Kwon.
    The Web Conference ‘24 (TheWebConf 2024, formerly WWW). Acceptance rate: 20.2% (out of 2008). C
    PDF

  • Sharing Cyber Threat Intelligence: Does It Really Help?
    Beomjin Jin, Eunsoo Kim, Hyunwoo Lee, Elisa Bertino, Doowon Kim, and Hyoungshick Kim.
    NDSS ‘24: The 31st Network and Distributed System Security Symposium. C
    PDF

  • A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs.
    Euijin Choo, Mohamed Nabeel, Doowon Kim, Ravindu De Silva, Ting Yu, and Issa Khalil.
    ACM SIGMETRICS ‘24: ACM Special Interest Group on Measurement and Evaluation 2024. C
    PDF

  • Demystifying the Regional Phishing Landscape in South Korea.
    Hyunjun Park, Kyungchan Lim, Doowon Kim, Donghyun Yu, and Hyungjoon Koo.
    IEEE Access J
    PDF

2023

  • A Longitudinal Study of Vulnerable Client-side Resources and Web Developers’ Updating Behaviors.
    Kyungchan Lim, Yonghwi Kwon, and Doowon Kim.
    ACM IMC ‘23: The 23rd ACM Internet Measurement Conference. C
    PDF Website

  • Evaluating Password Composition Policy and Password Meters of Popular Websites.
    Kyungchan Lim, Joshua H. Kang, Matthew Dixson, Hyungjoon Koo, and Doowon Kim.
    SecWeb ‘23: SecWeb Workshop 2023 co-located with IEEE S&P’23. W
    PDF

  • PyFET: Forensically Equivalent Transformation for Python Binary Decompilation.
    Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon
    IEEE S&P ‘23: The 44th IEEE Symposium on Security and Privacy (Oakland). C
    PDF

2022

  • Deep Sequence Models for Packet Stream Analysis and Early Decisions.
    Minji Kim, Dongeun Lee, Kookjin Lee, Doowon Kim, Sangman Lee, and Jinoh Kim
    LCN ‘22: The 47th IEEE Conference on Local Computer Networks. C

  • Dazzle-attack: Anti-Forensic Server-side Attack via Fail-free Dynamic State Machine.
    Best Student Paper Award
    Bora Lee*, Kyungchan Lim*, JiHo Lee, Chijung Jung, Doowon Kim, Kyu Hyung Lee, Haehyun Cho, and Yonghwi Kwon. (*: co-first authors)
    WISA ‘22: The 23rd World Conference on Information Security Applications. C

  • Hiding Critical Program Components via Ambiguous Translation.
    Chijung Jung, Doowon Kim, An Chen, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon.
    ICSE ‘22: International Conference on Software Engineering. Acceptance rate: 28.5% (197 out of 691) C

2021

  • Defeating program analysis techniques via Ambiguous Translation.
    Chijung Jung, Doowon Kim, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon.
    ASE’21 (NIER): 36th IEEE/ACM International Conference on Automated Software Engineering (New Ideas and Emerging Results Track). C

  • Certified Malware in South Korea: A Localized Study of Breaches of Trust in Code-Signing PKI Ecosystem.
    Bumjun Kwon, Sanghyun Hong, Yuseok Jeon, and Doowon Kim.
    ICICS ‘21: The 2021 International Conference on Information and Communications Security. Acceptance rate: 24.3% (49 out of 202). C

  • Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem.
    Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupe, Sooel Son, Gail-Joon Ahn, Tudor Dumitras.
    AsiaCCS ‘21: ACM ASIA Conference on Computer and Communications Security. Acceptance rate: 19.3% (70 out of 362). C

  • Analyzing Spatial Differences in the TLS Security of Delegated Web Services.
    Joonhee Lee, Hyunwoo Lee, Jongheon Jeong, Doowon Kim, Taekyoung “Ted” Kwon.
    AsiaCCS ‘21: ACM ASIA Conference on Computer and Communications Security. Acceptance rate: 19.3% (70 out of 362). C

  • TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet.
    Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon.
    The Web Conference ‘21 (TheWebConf 2021, formerly WWW). Acceptance rate: 20.6% (357 out of 1736). C

2020

  • Scam Pandemic: How Attackers Exploit Public Fear through Phishing.
    Marzieh Bitaab, Haehyun Cho, Adam Oest, Penghui Zhang, Zhibo Sun, Rana Pourmohamad, Doowon Kim, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn.
    eCrime 2020: The 2020 APWG Symposium on Electronic Crime Research. C

  • Understanding of Adversary Behavior and Security Threats in Public Key Infrastructures.
    Doowon Kim.
    Ph.D. Dissertation

2018

  • The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, and Tudor Dumitraș.
    USENIX Security ‘18: USENIX Security Symposium. Acceptance rate: 19.2% (100 out of 520). C
    Media: Ars Technica

  • Issued for Abuse: Measuring the Underground Trade in Code Signing Certificate.
    Kristián Kozák, Bum Jun Kwon, Doowon Kim, and Tudor Dumitraş.
    WEIS ‘18: The Workshop on the Economics of Information Security. W
    Media: Venafi, HelpNetSecurity, The Register #1, The Register #2, Security Affairs, MOU

2017

  • Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, and Tudor Dumitraș.
    CCS ‘17: ACM Conference on Computer and Communications Security. Acceptance rate: 18.1% (151 out of 836). C
    Media: Schneier on Security, The Register, The SSL Store, Ars Technica, Threatpost, Tech Wire Asia, End Game, CPS-VO, Systweak, Fortuna’s Corner, Security Affairs, The Hacker News, Security Intelligence, Tech Target, Cyber Defense Magazine, ENISA, INTEZER

  • fFTP: a fast file transfer protocol for home N-screen platform.
    Doowon Kim, Jinsuk Baek, Paul S Fisher, Sangchul Kim.
    Personal and Ubiquitous Computing. October 2017. DOI: 10.1007/s00779-017-1082-5.J

  • Lessons learned from using an online platform to conduct large-scale, online controlled security experiments with software developers.
    Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Elissa M. Redmiles, Doowon Kim, Michael Backes, Simson Garfinkel, Michelle L. Mazurek, and Sascha Fahl.
    CSET ‘17: Workshop on Cyber Security Experimentation and Test. W

  • Balancing security and usability in encrypted email.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.
    IEEE Internet Computing: 21 (3), 30-38. 2017. J

  • How Internet Resources Might Be Helping You Develop Faster but Less Securely.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, Christian Stransky. (The authors are alphabetically ordered.)
    IEEE Security & Privacy, vol. 15, no. 2, pp. 50-60, 2017. doi: 10.1109/MSP.2017.24. J

  • Comparing the usability of cryptographic APIs.
    Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)
    IEEE S&P ‘17. Acceptance rate: 14.3% (60 out of 419). C

2016

  • An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.
    SOUPS ‘16: Symposium on Usable Privacy and Security. C

  • You get where you’re looking for: The impact of information sources on code security.
    Awarded the 5th annual NSA Best Scientific Cybersecurity Paper.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. (The authors are alphabetically ordered.)
    IEEE S&P ‘16. Acceptance rate: 13.4% (55 out of 411). C

2014

  • An Adaptive Primary Path Switching Scheme for Seamless mSCTP Handover.
    Jinsuk Baek, Doowon Kim, Paul S. Fisher, and Minho Jo. Smart Computing Review (Smart CR) 2014. (Invited Paper) J

Posters

  • Poster: Analysis of Reused Private Keys in the Code Signing PKI.
    Doowon Kim, S. Gokberk Karaca and Tudor Dumitras.
    Network and Distributed System Security Symposium (NDSS 2019). Feb. 2019.

  • You get where you’re looking for: The impact of information sources on code security.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky.
    Symposium on Usable Privacy and Security (SOUPS 2016). June 2016. (Previously published paper.)

  • Adaptive Video Streaming over HTTP.
    Doowon Kim, Jinsuk Baek, and Paul S. Fisher.
    The 49th ACM Southeast Conference (ACM SE 2014). March 2014.

  • Implementation of Framework to Identify Potential Phishing Websites.
    Doowon Kim, Chaitanya Achan, Jinsuk Baek, and Paul S. Fisher.
    2013 IEEE Intelligence and Security Informatics (IEEE ISI 2013). June 2013.


Others

  • An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems. Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, Michelle L. Mazurek.
    Black Hat USA, August 2016.