diff --git a/.hugo_build.lock b/.hugo_build.lock new file mode 100644 index 0000000..e69de29 diff --git a/assets/pubs/pub.bib b/assets/pubs/pub.bib index 3f66c5a..17f2fff 100644 --- a/assets/pubs/pub.bib +++ b/assets/pubs/pub.bib @@ -22,13 +22,13 @@ @misc{kim:atlantis } @InProceedings{kim:crossx, - title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to appear)}}, + title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel}}, author = {Dongok Kim* and Juhyun Song* and Insu Yun}, crossref = {CCS25} } @InProceedings{kim:jenga, - title = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security (to appear)}}, + title = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security}}, author = {Dong-uk Kim* and JunYoung Park* and Sanghak Oh and Hyoungshick Kim and Insu Yun}, crossref = {CCS25} } diff --git a/content/publication/kim-crossx/cite.bib b/content/publication/kim-crossx/cite.bib index 0d829d7..c7c16b8 100644 --- a/content/publication/kim-crossx/cite.bib +++ b/content/publication/kim-crossx/cite.bib @@ -3,7 +3,7 @@ @proceedings{kim:crossx author = {Dongok Kim and Juhyun Song and Insu Yun}, booktitle = {Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)}, month = {October}, - title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to appear)}}, + title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel}}, year = {2025} } diff --git a/content/publication/kim-crossx/index.md b/content/publication/kim-crossx/index.md index 0660bdc..4a5f45d 100644 --- a/content/publication/kim-crossx/index.md +++ b/content/publication/kim-crossx/index.md @@ -1,8 +1,7 @@ --- # Documentation: https://wowchemy.com/docs/managing-content/ -title: 'CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to - appear)' +title: 'CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel' subtitle: '' summary: '' authors: @@ -12,7 +11,7 @@ authors: tags: [] categories: [] date: '2025-10-01' -lastmod: 2025-08-21T09:23:27+09:00 +lastmod: 2025-12-09T16:36:14+09:00 featured: false draft: false @@ -30,12 +29,28 @@ image: # E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`. # Otherwise, set `projects = []`. projects: [] -publishDate: '2025-08-21T00:23:27.274397Z' +publishDate: '2025-12-09T07:36:14.570346Z' publication_types: - '0' -abstract: '' +abstract: 'The cross-cache attack is a fundamental component of modern Linux kernel + exploits, spanning real-world attacks and recent research. Despite its importance, + it is often regarded as unreliable due to its complex setup, and existing studies + lack in-depth analysis of its mechanics. In this paper, we address this gap by: + (1) reviewing public strategies and their limitations, (2) proposing two optimized + strategies effective in varied conditions, and (3) introducing CROSS-X, an automated + system that identifies suitable target objects for cross-cache attacks. We evaluated + our strategies on a synthetic vulnerability and nine real-world CVEs, achieving + over 99% and 85% success rates under idle and busy workloads, respectively. They + also outperformed existing methods in 6 of 8 CVEs under idle workloads and 5 of + 8 under busy workloads. For object identification, we define three key properties: + (1) spray capability, (2) minimal interference, and (3) useful primitives. Based + on these, CROSS-X identified seven versatile target objects and their relationship + with interfering allocations. We believe our work will enhance public understanding + of cross-cache attacks and contribute to improving Linux kernel security.' publication: '*Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)*' +url_slides: pubs/2025/kim:crossx-slides.pdf +url_paper: pubs/2025/kim:crossx.pdf author_notes: - Equal contribution - Equal contribution diff --git a/content/publication/kim-jenga/index.md b/content/publication/kim-jenga/index.md index ae0e955..2465205 100644 --- a/content/publication/kim-jenga/index.md +++ b/content/publication/kim-jenga/index.md @@ -13,7 +13,7 @@ authors: tags: [] categories: [] date: '2025-10-01' -lastmod: 2025-12-05T13:31:53+09:00 +lastmod: 2025-12-09T16:37:13+09:00 featured: false draft: false @@ -31,18 +31,13 @@ image: # E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`. # Otherwise, set `projects = []`. projects: [] -publishDate: '2025-12-05T13:31:53.532613Z' +publishDate: '2025-12-09T07:37:13.640634Z' publication_types: - '0' -abstract: "File systems are essential components of modern operating systems, with Windows being one of the most dominant platforms. Recently, a series of attacks have exploited the Windows file system to trigger serious security threats such as privilege escalation. Over the past several years, dozens of such attacks have been reported and even exploited in the wild. However, Microsoft has consistently addressed these issues with targeted patches rather than fundamental redesigns --- resembling a precarious game of Jenga where security measures are stacked upon an unstable foundation. - -In this paper, we present a five-step comprehensive analysis of the Windows file system's design weaknesses. First, we analyze how Windows differs from another operating system, Linux. Second, we investigated how these discrepancies lead to security vulnerabilities in real-world applications and identified 13 high-impact vulnerabilities, including 11 previously unknown ones. Third, we show that current compatibility layers in modern programming languages fail to handle these discrepancies properly. Specifically, we examined compatibility layers in six programming languages and found 27 non-compliant and 9 inconsistencies, rendering these layers unreliable. Fourth, through a user study involving 21 experienced developers, we found that most were unfamiliar with OS-level file system discrepancies and rarely implemented appropriate mitigations. Finally, we analyze existing countermeasures and discuss their limitations. Our findings reveal critical yet largely obscured security risks resulting from design flaws in the Windows file system. Furthermore, we suggest that Microsoft rethink its strategy and address these fundamental weaknesses." +abstract: '' publication: '*Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)*' author_notes: - Equal contribution - Equal contribution -url_slides: pubs/2025/kim_jenga-slides.pdf -url_paper: pubs/2025/kim_jenga.pdf -url_code: https://zenodo.org/records/17035153 --- diff --git a/content/publication/lee-rtcon/index.md b/content/publication/lee-rtcon/index.md index a46e46d..a2b63f6 100644 --- a/content/publication/lee-rtcon/index.md +++ b/content/publication/lee-rtcon/index.md @@ -11,7 +11,7 @@ authors: tags: [] categories: [] date: '2026-02-01' -lastmod: 2025-12-05T10:31:20+09:00 +lastmod: 2025-12-09T16:33:11+09:00 featured: false draft: false @@ -29,7 +29,7 @@ image: # E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`. # Otherwise, set `projects = []`. projects: [] -publishDate: '2025-12-05T01:31:19.497188Z' +publishDate: '2025-12-09T07:33:11.478224Z' publication_types: - '0' abstract: '' diff --git a/static/pubs/2025/kim:crossx-abstract.md b/static/pubs/2025/kim:crossx-abstract.md new file mode 100644 index 0000000..3b530a8 --- /dev/null +++ b/static/pubs/2025/kim:crossx-abstract.md @@ -0,0 +1 @@ +The cross-cache attack is a fundamental component of modern Linux kernel exploits, spanning real-world attacks and recent research. Despite its importance, it is often regarded as unreliable due to its complex setup, and existing studies lack in-depth analysis of its mechanics. In this paper, we address this gap by: (1) reviewing public strategies and their limitations, (2) proposing two optimized strategies effective in varied conditions, and (3) introducing CROSS-X, an automated system that identifies suitable target objects for cross-cache attacks. We evaluated our strategies on a synthetic vulnerability and nine real-world CVEs, achieving over 99% and 85% success rates under idle and busy workloads, respectively. They also outperformed existing methods in 6 of 8 CVEs under idle workloads and 5 of 8 under busy workloads. For object identification, we define three key properties: (1) spray capability, (2) minimal interference, and (3) useful primitives. Based on these, CROSS-X identified seven versatile target objects and their relationship with interfering allocations. We believe our work will enhance public understanding of cross-cache attacks and contribute to improving Linux kernel security. \ No newline at end of file diff --git a/static/pubs/2025/kim:crossx-slides.pdf b/static/pubs/2025/kim:crossx-slides.pdf new file mode 100755 index 0000000..02ee99b Binary files /dev/null and b/static/pubs/2025/kim:crossx-slides.pdf differ diff --git a/static/pubs/2025/kim:crossx.pdf b/static/pubs/2025/kim:crossx.pdf new file mode 100755 index 0000000..3454538 Binary files /dev/null and b/static/pubs/2025/kim:crossx.pdf differ