diff --git a/content/publication/kim-jenga/cite.bib b/content/publication/kim-jenga/cite.bib index 7ac72f7..8ce4ffd 100644 --- a/content/publication/kim-jenga/cite.bib +++ b/content/publication/kim-jenga/cite.bib @@ -3,7 +3,7 @@ @proceedings{kim:jenga author = {Dong-uk Kim and JunYoung Park and Sanghak Oh and Hyoungshick Kim and Insu Yun}, booktitle = {Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)}, month = {October}, - title = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security (to appear)}}, + title = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security}}, year = {2025} } diff --git a/content/publication/kim-jenga/index.md b/content/publication/kim-jenga/index.md index e1ac876..ae0e955 100644 --- a/content/publication/kim-jenga/index.md +++ b/content/publication/kim-jenga/index.md @@ -1,8 +1,7 @@ --- # Documentation: https://wowchemy.com/docs/managing-content/ -title: 'Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security - (to appear)' +title: 'Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security' subtitle: '' summary: '' authors: @@ -14,7 +13,7 @@ authors: tags: [] categories: [] date: '2025-10-01' -lastmod: 2025-08-21T09:23:27+09:00 +lastmod: 2025-12-05T13:31:53+09:00 featured: false draft: false @@ -32,13 +31,18 @@ image: # E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`. # Otherwise, set `projects = []`. projects: [] -publishDate: '2025-08-21T00:23:27.532613Z' +publishDate: '2025-12-05T13:31:53.532613Z' publication_types: - '0' -abstract: '' +abstract: "File systems are essential components of modern operating systems, with Windows being one of the most dominant platforms. Recently, a series of attacks have exploited the Windows file system to trigger serious security threats such as privilege escalation. Over the past several years, dozens of such attacks have been reported and even exploited in the wild. However, Microsoft has consistently addressed these issues with targeted patches rather than fundamental redesigns --- resembling a precarious game of Jenga where security measures are stacked upon an unstable foundation. + +In this paper, we present a five-step comprehensive analysis of the Windows file system's design weaknesses. First, we analyze how Windows differs from another operating system, Linux. Second, we investigated how these discrepancies lead to security vulnerabilities in real-world applications and identified 13 high-impact vulnerabilities, including 11 previously unknown ones. Third, we show that current compatibility layers in modern programming languages fail to handle these discrepancies properly. Specifically, we examined compatibility layers in six programming languages and found 27 non-compliant and 9 inconsistencies, rendering these layers unreliable. Fourth, through a user study involving 21 experienced developers, we found that most were unfamiliar with OS-level file system discrepancies and rarely implemented appropriate mitigations. Finally, we analyze existing countermeasures and discuss their limitations. Our findings reveal critical yet largely obscured security risks resulting from design flaws in the Windows file system. Furthermore, we suggest that Microsoft rethink its strategy and address these fundamental weaknesses." publication: '*Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)*' author_notes: - Equal contribution - Equal contribution +url_slides: pubs/2025/kim_jenga-slides.pdf +url_paper: pubs/2025/kim_jenga.pdf +url_code: https://zenodo.org/records/17035153 --- diff --git a/static/pubs/2025/kim_jenga-slides.pdf b/static/pubs/2025/kim_jenga-slides.pdf new file mode 100644 index 0000000..c063819 Binary files /dev/null and b/static/pubs/2025/kim_jenga-slides.pdf differ diff --git a/static/pubs/2025/kim_jenga.pdf b/static/pubs/2025/kim_jenga.pdf new file mode 100644 index 0000000..27f6412 Binary files /dev/null and b/static/pubs/2025/kim_jenga.pdf differ