해외연구자 초청 세미나

- 일시: 2025. 11. 20.(목) 13시

- 장소: 미래관 208호

- 연사: Prof. Yonghwi Kwon(권용휘 교수) (University of Maryland, USA, https://yonghwi-kwon.github.io/ )

- 주제: An Overlooked Piece in Exploitation: Systematic Discovery of Memory Corruption Targets

Abstract:
When a hacker exploits a vulnerability in a system, the attack often begins by corrupting a piece of memory that the system depends on—much like damaging a specific memory in the human brain might trigger a change in behavior or cognition. The consequences of this corruption vary dramatically depending on which memory is affected. And yet, for decades, most systems exploitation techniques have focused on how to corrupt memory, not where to corrupt it.

To this end, many exploits target the same narrow set of memory locations, leading to a surprisingly uniform threat landscape. This bias does not just limit exploit diversity—it also distorts how system defenses are built. Security mechanisms are often designed around these well-known targets, giving a misleading sense of protection while leaving vast portions of system memory unguarded and unexamined.

In this talk, I introduce SCAVY, a framework that challenges this status quo by systematically discovering new and previously overlooked memory corruption targets in the Linux kernel. Unlike prior work that focused almost exclusively on function pointers, SCAVY explores the broader 90% of kernel data structures and is agnostic to the bug type—considering any memory corruption primitive. Through a combination of fuzzing and differential privilege analysis, SCAVY reveals whether corrupting a specific field grants unauthorized access to system resources.

SCAVY uncovered 955 new proof-of-concept privilege escalation cases, identifying 17 new fields across 12 structures and creating 6 new exploits for 5 real-world CVEs.


Bio: Yonghwi Kwon is an assistant professor at the University of Maryland, and is interested in solving system security problems using program analysis and inference techniques. He is a recipient of the NSF CAREER and CRII Awards in 2022 and 2018, two ACM Distinguished Paper Awards in 2019 and 2013, Best Paper Awards in Automated Software Engineering (ASE) in 2013. He also led the Collegiate Cyber Defense Competition Team, which won the championship of the National CCDC in 2019 and 2020.