Ph.D. Student, System Security Lab, Sungkyunkwan University, Suwon, South Korea
khadinh (at) skku (dot) edu
I am a fifth-year Ph.D. candidate at Sungkyunkwan University, where I work under Prof. Hojoon Lee at the System Security Lab.
My research sits at the intersection of (operating) system design and (software) security, currently focusing on software compartmentalization, practical defenses against side-channel attacks, and automated program analysis for software security. I’m particularly interested in principled approaches for system designs that render systems inherently more secure.
My work includes novel hardware-assisted compartmentalization models (receiving the ACM CCS Distinguished Paper Award in 2023), and new obfuscation techniques that enhance security while maintaining performance in confidential virtual machines (accepted for publication in IEEE S&P 2025).
Recent works have repeatedly proven the practicality of side-channel attacks in undermining the confidentiality guarantees of Trusted Execution Environments such as Intel SGX. Meanwhile, the trusted execution in the cloud is witnessing a trend shift towards confidential virtual machines (CVMs). Unfortunately, several side-channel attacks have survived the shift and are feasible even for CVMs, along with the new attacks discovered on the CVM architectures. Previous works have explored defensive measures for securing userspace enclaves (i.e., Intel SGX) against side-channel attacks. However, the design space for a CVM-based obfuscation execution engine is largely unexplored. This paper proposes a unikernel design named NCOGNITOS provide full-system obfuscation for CVM-based cloud workloads. INCOGNITOS fully embraces unikernel principles such as minimized TCB and direct hardware access to render full-system obfuscation feasible. INCOGNITOS retrofits two key OS components, the scheduler and memory management, to implement a novel adaptive obfuscation scheme. INCOGNITOS’s scheduling is designed to be self-sovereign from the timer interrupts from the untrusted hypervisor with its synchronous tick delivery. This allows INCOGNITOS to reliably monitor the frequency of the hypervisor’s possession of execution control (i.e., VMExits) and adjust the frequency of memory rerandomization performed by the paging subsystem, which transparently performs memory rerandomization through direct MMU access. The resulting INCOGNITOS design makes a case for a self-obfuscating unikernel as a secure CVM deployment strategy while further advancing the obfuscation technique compared to previous works. Evaluation results demonstrate INCOGNITOS’S resilience against CVM attacks and show that its adaptive obfuscation scheme enables practical performance for real-world programs.
@inproceedings{incognitos,author={Dinh Duy, Kha and Kim, Jaeyoon and Lim, Hajeong and Lee, Hojoon},booktitle={ 2025 IEEE Symposium on Security and Privacy (SP) },title={{ <span class="small-caps">IncognitOS</span>: A Practical Unikernel
Design for Full-System Obfuscation in Confidential Virtual Machines }},year={2025},volume={},issn={},pages={4192-4209},keywords={Cloud computing;Privacy;Virtual machine monitors;Side-channel
attacks;Virtual machines;Hardware;Robustness;Security;Frequency
control;Resilience},doi={10.1109/SP61157.2025.00222},url={https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00222},publisher={IEEE Computer Society},address={Los Alamitos, CA, USA},month=may}
Rust is gaining traction as a safe systems programming language with its strong type and memory safety guarantees. However, Rust’s guarantees are not infallible. The use of unsafe Rust, a subvariant of Rust, allows the programmer to temporarily escape the strict Rust language semantics to trade security for flexibility. Memory errors within unsafe blocks in Rust have far-reaching ramifications for the program’s safety. As a result, the conventional dynamic memory error detection (e.g., fuzzing) has been adapted as a common practice for Rust and proved its effectiveness through a trophy case of discovered CVEs. RUSTSAN is a retrofitted design of AddressSanitizer (ASan) for efficient dynamic memory error detection of Rust programs. Our observation is that a significant portion of instrumented memory access sites in a Rust program compiled with ASan is redundant, as the Rust security guarantees can still be valid at the site. RUSTSAN identifies and instruments the sites that definitely or may undermine Rust security guarantees while lifting instrumentation on safe sites. To this end, RUSTSAN employs a cross-IR program analysis for accurate tracking of unsafe sites and also extends ASan’s shadow memory scheme for checking non-uniform memory access validation necessary for Rust. We conduct a comprehensive evaluation of RUSTSAN in terms of detection capability and performance using 57 Rust crates. RUSTSAN successfully detected all 31 tested cases of CVE-issued memory errors. Also, RUSTSAN shows an average of 62.3% performance increase against ASan in general benchmarks that involved 20 Rust crates. In the fuzzing experiment with 6 crates, RUSTSAN marked an average of 23.52%, and up to 57.08% of performance improvement.
@inproceedings{rustsan,author={Cho, Kyuwon and Kim, Jongyoon and Duy, Kha Dinh and Lim, Hajeong and Lee, Hojoon},title={{RustSan}: Retrofitting {AddressSanitizer} for Efficient Sanitization
of Rust},booktitle={33rd USENIX Security Symposium (USENIX Security 24)},year={2024},isbn={978-1-939133-44-1},address={Philadelphia, PA},pages={3729--3746},url={
https://www.usenix.org/conference/usenixsecurity24/presentation/cho-kyuwon
},publisher={USENIX Association},month=aug,}
In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware features, most notably using the new page-based memory isolation feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the modern ARM architecture does not have an equivalent feature. Instead, newer ARM architectures introduced Pointer Authentication (PA) and Memory Tagging Extension (MTE), adapting the reference validation model for memory safety and runtime exploit mitigation. We argue that those features have been underexplored in the context of compartmentalization and that they can be retrofitted to implement a capability-based in-process access control scheme. This paper presents Capacity, a novel hardware-assisted intra-process access control design that embraces capability-based security principles. Capacity coherently incorporates the new hardware security features on ARM that already exhibit inherent characteristics of capability. It supports the life-cycle protection of the domain’s sensitive objects - starting from their import from the file system to their place in memory. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references and completely mediates reference usage with its program instrumentation framework and an efficient system call monitor. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains. Our evaluation shows that Capacity incurs a low-performance overhead of approximately 17% for the single-threaded and 13.54% for the multi-threaded webserver.
@inproceedings{capacity,author={Dinh Duy, Kha and Cho, Kyuwon and Noh, Taehyun and Lee, Hojoon},title={<span class="small-caps">Capacity</span>: Cryptographically-Enforced
In-Process Capabilities for Modern ARM Architectures},year={2023},isbn={9798400700507},publisher={Association for Computing Machinery},address={New York, NY, USA},url={https://doi.org/10.1145/3576915.3623079},doi={10.1145/3576915.3623079},booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and
Communications Security},pages={874–888},numpages={15},keywords={compartmentalization, pointer authentication, capabilities},location={<conf-loc>, <city>Copenhagen</city>, <country>Denmark</country>,
</conf-loc>},series={CCS '23},}
Outside of research, I dabble in video game development, develop CLI and web tools, make pixel arts and contribute to open-source software. Check out my other projects:
