feat: add CROSS-X to publications

assets/pubs/pub.bib

@@ -22,13 +22,13 @@ @misc{kim:atlantis
 }
 
 @InProceedings{kim:crossx,
-  title         = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to appear)}},
+  title         = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel}},
   author        = {Dongok Kim* and Juhyun Song* and Insu Yun},
   crossref      = {CCS25}
 }
 
 @InProceedings{kim:jenga,
-  title         = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security (to appear)}},
+  title         = {{Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security}},
   author        = {Dong-uk Kim* and JunYoung Park* and Sanghak Oh and Hyoungshick Kim and Insu Yun},
   crossref      = {CCS25}
 }

content/publication/kim-crossx/cite.bib

@@ -3,7 +3,7 @@ @proceedings{kim:crossx
  author = {Dongok Kim and Juhyun Song and Insu Yun},
  booktitle = {Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS)},
  month = {October},
- title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to appear)}},
+ title = {{CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel}},
  year = {2025}
 }
 

content/publication/kim-crossx/index.md

@@ -1,8 +1,7 @@
 ---
 # Documentation: https://wowchemy.com/docs/managing-content/
 
-title: 'CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to
-  appear)'
+title: 'CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel'
 subtitle: ''
 summary: ''
 authors:
@@ -12,7 +11,7 @@ authors:
 tags: []
 categories: []
 date: '2025-10-01'
-lastmod: 2025-08-21T09:23:27+09:00
+lastmod: 2025-12-09T16:36:14+09:00
 featured: false
 draft: false
 
@@ -30,12 +29,28 @@ image:
 #   E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`.
 #   Otherwise, set `projects = []`.
 projects: []
-publishDate: '2025-08-21T00:23:27.274397Z'
+publishDate: '2025-12-09T07:36:14.570346Z'
 publication_types:
 - '0'
-abstract: ''
+abstract: 'The cross-cache attack is a fundamental component of modern Linux kernel
+  exploits, spanning real-world attacks and recent research. Despite its importance,
+  it is often regarded as unreliable due to its complex setup, and existing studies
+  lack in-depth analysis of its mechanics. In this paper, we address this gap by:
+  (1) reviewing public strategies and their limitations, (2) proposing two optimized
+  strategies effective in varied conditions, and (3) introducing CROSS-X, an automated
+  system that identifies suitable target objects for cross-cache attacks. We evaluated
+  our strategies on a synthetic vulnerability and nine real-world CVEs, achieving
+  over 99% and 85% success rates under idle and busy workloads, respectively. They
+  also outperformed existing methods in 6 of 8 CVEs under idle workloads and 5 of
+  8 under busy workloads. For object identification, we define three key properties:
+  (1) spray capability, (2) minimal interference, and (3) useful primitives. Based
+  on these, CROSS-X identified seven versatile target objects and their relationship
+  with interfering allocations. We believe our work will enhance public understanding
+  of cross-cache attacks and contribute to improving Linux kernel security.'
 publication: '*Proceedings of the 32nd ACM Conference on Computer and Communications
   Security (CCS)*'
+url_slides: pubs/2025/kim:crossx-slides.pdf
+url_paper: pubs/2025/kim:crossx.pdf
 author_notes:
 - Equal contribution
 - Equal contribution

content/publication/kim-jenga/index.md

@@ -13,7 +13,7 @@ authors:
 tags: []
 categories: []
 date: '2025-10-01'
-lastmod: 2025-12-05T13:31:53+09:00
+lastmod: 2025-12-09T16:37:13+09:00
 featured: false
 draft: false
 
@@ -31,18 +31,13 @@ image:
 #   E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`.
 #   Otherwise, set `projects = []`.
 projects: []
-publishDate: '2025-12-05T13:31:53.532613Z'
+publishDate: '2025-12-09T07:37:13.640634Z'
 publication_types:
 - '0'
-abstract: "File systems are essential components of modern operating systems, with Windows being one of the most dominant platforms. Recently, a series of attacks have exploited the Windows file system to trigger serious security threats such as privilege escalation. Over the past several years, dozens of such attacks have been reported and even exploited in the wild. However, Microsoft has consistently addressed these issues with targeted patches rather than fundamental redesigns --- resembling a precarious game of Jenga where security measures are stacked upon an unstable foundation.
-
-In this paper, we present a five-step comprehensive analysis of the Windows file system's design weaknesses. First, we analyze how Windows differs from another operating system, Linux. Second, we investigated how these discrepancies lead to security vulnerabilities in real-world applications and identified 13 high-impact vulnerabilities, including 11 previously unknown ones. Third, we show that current compatibility layers in modern programming languages fail to handle these discrepancies properly. Specifically, we examined compatibility layers in six programming languages and found 27 non-compliant and 9 inconsistencies, rendering these layers unreliable. Fourth, through a user study involving 21 experienced developers, we found that most were unfamiliar with OS-level file system discrepancies and rarely implemented appropriate mitigations. Finally, we analyze existing countermeasures and discuss their limitations. Our findings reveal critical yet largely obscured security risks resulting from design flaws in the Windows file system. Furthermore, we suggest that Microsoft rethink its strategy and address these fundamental weaknesses."
+abstract: ''
 publication: '*Proceedings of the 32nd ACM Conference on Computer and Communications
   Security (CCS)*'
 author_notes:
 - Equal contribution
 - Equal contribution
-url_slides: pubs/2025/kim_jenga-slides.pdf
-url_paper: pubs/2025/kim_jenga.pdf
-url_code: https://zenodo.org/records/17035153
 ---

content/publication/lee-rtcon/index.md

@@ -11,7 +11,7 @@ authors:
 tags: []
 categories: []
 date: '2026-02-01'
-lastmod: 2025-12-05T10:31:20+09:00
+lastmod: 2025-12-09T16:33:11+09:00
 featured: false
 draft: false
 
@@ -29,7 +29,7 @@ image:
 #   E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`.
 #   Otherwise, set `projects = []`.
 projects: []
-publishDate: '2025-12-05T01:31:19.497188Z'
+publishDate: '2025-12-09T07:33:11.478224Z'
 publication_types:
 - '0'
 abstract: ''

static/pubs/2025/kim:crossx-abstract.md

@@ -0,0 +1 @@
+The cross-cache attack is a fundamental component of modern Linux kernel exploits, spanning real-world attacks and recent research. Despite its importance, it is often regarded as unreliable due to its complex setup, and existing studies lack in-depth analysis of its mechanics. In this paper, we address this gap by: (1) reviewing public strategies and their limitations, (2) proposing two optimized strategies effective in varied conditions, and (3) introducing CROSS-X, an automated system that identifies suitable target objects for cross-cache attacks. We evaluated our strategies on a synthetic vulnerability and nine real-world CVEs, achieving over 99% and 85% success rates under idle and busy workloads, respectively. They also outperformed existing methods in 6 of 8 CVEs under idle workloads and 5 of 8 under busy workloads. For object identification, we define three key properties: (1) spray capability, (2) minimal interference, and (3) useful primitives. Based on these, CROSS-X identified seven versatile target objects and their relationship with interfering allocations. We believe our work will enhance public understanding of cross-cache attacks and contribute to improving Linux kernel security.