차상길 교수

소개

차상길 교수는 컴퓨터 기반의 실험과학자이며, 현재 주 연구분야는 소프트웨어 보안 및 프로그램 분석이다. 그의 연구는 컴퓨터 보안과 소프트웨어 공학의 교차점에 있다고 할 수 있으며, 대개 프로그램을 자동 분석하는 시스템을 설계, 구현하고 평가하는 것을 포함한다. 차상길 교수는 2014년, 2020년, 2022년에 각각 취약점 자동 탐지에 관한 논문으로 ACM distinguished paper award를 수상한 바 있다. 현재는 카이스트 사이버보안연구센터의 센터장을 역임중이며, 또한 카이스트 소프트웨어 보안 연구실을 운영하고 있다.

수업

(IS-561) 바이너리 코드 분석과 소프트웨어 보안 2016S 2017F 2018F 2019F 2021F 2023F
(IS-893) 고급 소프트웨어 보안: 2016F
(IS-511) 정보보호론: 2017S 2018S
(IS-521) 정보보호 실습: 2017S 2018S 2019S 2020S 2020F
(CS-220) 프로그래밍의 이해: 2019S 2020S 2021S 2024S
(CS-492E) 소프트웨어보안 개론: 2022S

주요 논문 목록

BibTex: [bibtex], Google Scholar: [link].

[31]	Evaluating Directed Fuzzers: Are We Heading in the Right Direction? Tae Eun Kim, Jaeseung Choi, Seongjae Im, Kihong Heo, and Sang Kil Cha. In Proceedings of the International Symposium on Foundations of Software Engineering , 2024 (to appear), [pdf]

[30]	FunProbe: Probing Functions from Binary Code through Probabilistic Analysis Soomin Kim, Hyungseok Kim, and Sang Kil Cha. In Proceedings of the International Symposium on Foundations of Software Engineering , 2023, [pdf]

[29]	DAFL: Directed Grey-box Fuzzing Guided by Data Dependency Tae Eun Kim, Jaeseung Choi, Kihong Heo, and Sang Kil Cha. In Proceedings of the USENIX Security Symposium, 2023, [pdf]

[28]	BotScreen: Trust Everybody, but Cut the Aimbots Yourself Minyeop Choi, Gihyuk Ko, and Sang Kil Cha. In Proceedings of the USENIX Security Symposium, 2023 ( USENIX Distinguished Paper Award), [pdf]

[27]	Reassembly is Hard: A Reflection on Challenges and Strategies Hyungseok Kim, Soomin Kim, Junoh Lee, Kangkook Jee, and Sang Kil Cha. In Proceedings of the USENIX Security Symposium, 2023, [pdf]

[26]	Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned Dongkwan Kim, Eunsoo Kim, Sang Kil Cha, Sooel Son, and Yongdae Kim. IEEE Transactions on Software Engineering, vol. 49, no. 4, 2023 [pdf]

[25]	Fuzzle: Making a Puzzle for Fuzzers Haeun Lee, Soomin Kim, and Sang Kil Cha. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, 2022 ( ACM Distinguished Paper Award), [pdf]

[24]	How'd Security Benefit Reverse Engineers? — The Implication of Intel CET on Function Identification Hyungseok Kim, Junoh Lee, Soomin Kim, Seungil Jung, and Sang Kil Cha. In Proceedings of the International Conference on Dependable Systems Networks, 2022, [pdf]

[23]	Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses Jaeseung Choi, Doyeon Kim, Soomin Kim, Gustavo Grieco, Alex Groce, and Sang Kil Cha. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, 2021, [pdf]

[22]	NTFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis Jaeseung Choi, Kangsu Kim, Daejin Lee, and Sang Kil Cha. In Proceedings of the IEEE Symposium on Security and Privacy, 2021, [pdf]

[21]	The Art, Science, and Engineering of Fuzzing: A Survey Valentin Jean Marie Manès, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. IEEE Transactions on Software Engineering, vol. 47, no. 11, 2021 ( Best Paper Award), [pdf]

[20]	Boosting Fuzzer Efficiency: An Information Theoretic Perspective Marcel Böhme, Valentin Jean Marie Manès, and Sang Kil Cha. In Proceedings of the International Symposium on Foundations of Software Engineering , 2020 ( ACM Distinguished Paper Award), [pdf]

[19]	Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference Valentin Jean Marie Manès, Soomin Kim, and Sang Kil Cha. In Proceedings of the International Conference on Software Engineering , 2020, [pdf]

[18]	Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer Suyoung Lee, HyungSeok Han, Sang Kil Cha, and Sooel Son. In Proceedings of the USENIX Security Symposium, 2020, [pdf]

[17]	Grey-box Concolic Testing on Binary Code Jaeseung Choi, Joonun Jang, Choongwoo Han, and Sang Kil Cha. In Proceedings of the International Conference on Software Engineering , 2019, [pdf]

[16]	CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines HyungSeok Han, DongHyeon Oh, and Sang Kil Cha. In Proceedings of the Network and Distributed System Security Symposium, 2019, [pdf]

[15]	B2R2: Building an Efficient Front-End for Binary Analysis Minkyu Jung, Soomin Kim, HyungSeok Han, Jaeseung Choi, and Sang Kil Cha. In Proceedings of the NDSS Workshop on Binary Analysis Research, 2019 ( Best Paper Award), [pdf]

[14]	Git-based CTF: A Simple and Effective Approach to Organizing In-Course Attack-and-Defense Security Competition SeongIl Wi, Jaeseung Choi, and Sang Kil Cha. In Proceedings of the USENIX Workshop on Advances in Security Education, 2018, [pdf]

[13]	IMF: Inferred Model-based Fuzzer HyungSeok Han and Sang Kil Cha. In Proceedings of the ACM Conference on Computer and Communications Security, 2017, [pdf]

[12]	Testing Intermediate Representations for Binary Analysis Soomin Kim, Markus Faerevaag, Minkyu Jung, Seungil Jung, DongYeop Oh, JongHyup Lee, and Sang Kil Cha. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, 2017, [pdf]

[11]	RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps Weidong Cui, Marcus Peinado, Sang Kil Cha, Yanick Fratantonio, and Vasileios P. Kemerlis. In Proceedings of the International Conference on Software Engineering, 2016, [pdf]

[10]	Towards Resource-Aware Security Testing of Software Sang Kil Cha. Ph.D. Thesis, Carnegie Mellon University, 2015

[9]	Program-Adaptive Mutational Fuzzing Sang Kil Cha, Maverick Woo, and David Brumley. In Proceedings of the IEEE Symposium on Security and Privacy, 2015, [pdf]

[8]	Optimizing Seed Selection for Fuzzing Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. In Proceedings of the USENIX Security Symposium, 2014, [pdf]

[7]	Enhancing Symbolic Execution with Veritesting Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, and David Brumley. In Proceedings of the International Conference on Software Engineering, 2014 ( ACM Distinguished Paper Award), [pdf]

[6]	Automatic Exploit Generation Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumley. Communications of the ACM, 2014

[5]	Scheduling Black-box Mutational Fuzzing Maverick Woo, Sang Kil Cha, Samantha Gottlieb, and David Brumley. In Proceedings of the ACM Conference on Computer and Communications Security, 2013, [pdf]

[4]	Unleashing Mayhem on Binary Code Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. In Proceedings of the IEEE Symposium on Security and Privacy, 2012, [pdf]

[3]	AEG: Automatic Exploit Generation Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley. In Proceedings of the Network and Distributed System Security Symposium, 2011, [pdf]

[2]	Platform-Independent Programs Sang Kil Cha, Brian Pak, David Brumley, and Richard J. Lipton. In Proceedings of the ACM Conference on Computer and Communications Security, 2010, [pdf]

[1]	SplitScreen: Enabling Efficient, Distributed Malware Detection Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, and David G. Andersen. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation, 2010, [pdf]

Office:	N5동 2319호
Phone:	+82-42-350-3569
Email:

Sang Kil Cha / 차상길

소개

수업

주요 논문 목록

[31]

Evaluating Directed Fuzzers: Are We Heading in the Right Direction?

[30]

FunProbe: Probing Functions from Binary Code through Probabilistic Analysis

[29]

DAFL: Directed Grey-box Fuzzing Guided by Data Dependency

[28]

BotScreen: Trust Everybody, but Cut the Aimbots Yourself

[27]

Reassembly is Hard: A Reflection on Challenges and Strategies

[26]

Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned

[25]

Fuzzle: Making a Puzzle for Fuzzers

[24]

How'd Security Benefit Reverse Engineers? — The Implication of Intel CET on Function Identification

[23]

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses

[22]

NTFuzz: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis

[21]

The Art, Science, and Engineering of Fuzzing: A Survey

[20]

Boosting Fuzzer Efficiency: An Information Theoretic Perspective

[19]

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference

[18]

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

[17]

Grey-box Concolic Testing on Binary Code

[16]

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

[15]

B2R2: Building an Efficient Front-End for Binary Analysis

[14]

Git-based CTF: A Simple and Effective Approach to Organizing In-Course Attack-and-Defense Security Competition

[13]

IMF: Inferred Model-based Fuzzer

[12]

Testing Intermediate Representations for Binary Analysis

[11]

RETracer: Triaging Crashes by Reverse Execution from Partial Memory Dumps

[10]

Towards Resource-Aware Security Testing of Software

[9]

Program-Adaptive Mutational Fuzzing

[8]

Optimizing Seed Selection for Fuzzing

[7]

Enhancing Symbolic Execution with Veritesting

[6]

Automatic Exploit Generation

[5]

Scheduling Black-box Mutational Fuzzing

[4]

Unleashing Mayhem on Binary Code

[3]

AEG: Automatic Exploit Generation

[2]

Platform-Independent Programs

[1]

SplitScreen: Enabling Efficient, Distributed Malware Detection