Security Researcher & Developer

Research Interest

  • System security
    • Trusted Execution Environments (TrustZone, SGX, Secure Processor)
    • OS Security
    • Side-channel attacks and defenses
    • Bug finding and Exploitations
  • Privacy preserving deep learing (as known as federated learning)
  • Zero Knowledge Proof and its applications(what I’m into nowdays)

About me

I’m one of (passionate) security researchers and developers. I got B.S degree in Department of Software at Gachon University in 2013. Also, I was in Samsung Software Membership (at Gangnam) from 2011 to 2013. Since 2013, I’ve been working for Samsung Research. Here is my CV which details each of what I’ve done so far.

1st blog (english), 2nd blog (korean), GitHub, LinkedIn, Google Scholar, Twitter, Instagram

Projects

2021-2022

  • A federated learning framework for mobile devices

2020-2021

  • Rust-based full-stack OS for secure element (from kernel to application framework)

2018

  • Real-time Kernel Protection (RKP)
    • Tiny hypervisor + hypervisor-based kernel monitoring solution on ARM64 arch.

2014-2016

  • System Integrity Monitor (SIM) Version 1.0 ~ 3.0 [CC certification report]
    • SIM is a kernel integrity monitoring solution based on ARM TrustZone and Custom hardware IP for security.
    • SIM takes a part of Samsung Smart TV Security Solution GAIA.

2013-2014

  • Samsung DRM (SDRM)
    • Developed Samsung DRM to protect sensitive contents
    • Used in Samsung Smart TV

Publications

2022

  • ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection [paper]
    • Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail-Joon Ahn
    • The 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ‘22)
  • In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication [paper, code]
    • Sungbae Yoo(*), Jinbum Park(*), Seolheui Kim, Yeji Kim, Taesoo Kim (*: co-leading authors)
    • The 31st USENIX Security Symposium (USENIX Security 2022)

2020

  • Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers [paper, code]
    • Haehyun Cho, Jinbum Park, Joonwon Kang, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn
    • The 14th USENIX Workshop on Offensive Technologies (WOOT ‘20)
  • SmokeBomb: Effective Mitigation Method against Cache Side-channel Attacks on the ARM Architecture [paper, code]
    • Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn
    • The 18th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2020)

2018

  • Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone [paper, code]
    • Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choong-Hoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
    • Annual Computer Security Applications Conference (ACSAC) 2018

2016

  • A Snoop-Based Kernel Introspection System against Address Translation Redirection Attack [paper]
    • Donguk Kim, Jihoon Kim, Jinbum Park, Jinmok Kim
    • Journal of The Korea Institute of Information Security & Cryptology VOL.26, NO.5, Oct. 2016

2015

  • An Efficient Kernel Introspection System using a Secure Timer on TrustZone [paper]
    • Jinmok Kim, Donguk Kim, Jinbum Park, Jihoon Kim, Hyoungshick Kim
    • Journal of The Korea Institute of Information Security & Cryptology VOL.25, NO.4, Aug. 2015

Talks (Industry conferences)

2022

  • Taking Kernel Hardening to the Next Level [slide, video]
    • Jinbum Park, Haehyun Cho, Sungbae Yoo, Seolheui Kim, Yeji Kim, Bumhan Kim, Taesoo Kim
    • Blackhat ASIA 2022

2020

  • Cache Attacks on Various CPU Architectures [slide, video]
    • Jinbum Park
    • POC 2020

2019

  • Micro-architectural attack and defense on Linux kernel [slide]
    • Jinbum Park, Joonwon Kang
    • Samsung Open Source Conference (SOSCON) 2019
  • Leak kernel pointer by exploiting uninitialized uses in Linux kernel [slide, code]
    • Jinbum Park
    • Zer0Con 2019

2018

  • Attack and Defense on Linux kernel [slide, code]
    • Jinbum Park
    • Samsung Open Source Conference (SOSCON) 2018
  • Exploit Linux kernel eBPF with side-channel [slide, code]
    • Jinbum Park
    • KIMCHICON 2018

2012

  • Host-based DRDoS Defense Model proposed and implemented
    • Jinbum Park
    • Conference on Information Security and Cryptology. Winter 2012 (CISC-W’12)

Opensource Projects

  • KSPP Study: Analysis on Kernel Self-Protection: Understanding Security and Performance Implication [white paper]

  • CSCA: Crypto Side Channel Attack [code]

Opensource Contributions

Linux kernel (selected)

  • Fix vulnerable gadgets to variant1 attack [patch-0, 1]

  • arm: Makes ptdump reusable and add WX page checking [patch]

  • arm: Add ARCH_HAS_FORTIFY_SOURCE [patch-0, 1]

Ubuntu kernel

  • Revert barrier-patch which turns out be vulnerable to variant4 attack [patch-0, 1]

Contact

  • E-mail : jinb.park7@gmail.com