Dr. Kun Sun is an associate professor in George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security. Dr. Sun has more than 15 years working experience in both industry and academia, and serves as the director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). We are continuously hiring self-motivated graduate and undergraduate students who have research interests on cyber security, programming language, operating system, and computer networks. 

• [WWW 22] One paper titled "Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects" accepted by The Web Conference 2022. Congrats to Xin Tan.
• [CCS TPC] Invited to serve in the TPC of CCS 2022.  
• [INFOCOM 22] One paper titled "Auter: Automatically Tuning Multi-layer Network Buffers in Long-Distance Shadowsocks Networks" accepted by INFOCOM 2022. Congrats to Xu He and Shu Wang. 
• [NDSS 22] One paper titled "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP" accepted by NDSS 2022. Congrats to Xuewei Feng.    
• [Usenix Security 22] One paper titled "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices" accepted by USENIX Security 2022. Congrats to Yi He. 
• [Usenix Security 22] One paper titled "Exploring the Unchartered Space of Container Registry Typosquatting" accepted by USENIX Security 2022. Congrats to Guanan Liu. 
• [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (download link).
• [NDSS TPC] Invited to serve in the TPC of NDSS 2022.
• [INFOCOM TPC] Invited to serve in the TPC of INFOCOM 2022. 

• Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
• Trusted Computing Systems: TPM/SMM/TrustZone/SGX, VM/Container.
• Network Security: Internet security, SDN security, Wireless security.
• Software Security: Software patch management.
• AI Security: Adversarial machine learning, Automatic speech recognition security.   

Postdoctoral Researcher:

• Sadegh Torabi

Current Students:

• Songsong Liu, PhD
• Xinda Wang, PhD
• Shu Wang, PhD
• Xu He, PhD
• Tommy Chin, PhD
• Shiyu Sun, PhD
• Rafael Chen, PhD
• Yunlong Xing, PhD 

Former PhD Students:

• Jie Wang, PhD, June 2021, initial placement at Huazhong University of Science and Technology, China.    
• Shengye Wan, PhD, August 2020, initial placement at Facebook
• Jianhua Sun, PhD, August 2019, initial placement at Facebook
• Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook
• Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE
  

• AIT 681Secure Software Engineering (Spring 2017-2022, GMU)
• IT 366 Network Security (Fall 2021, GMU)
• AIT 682 Network and Systems Security (Fall 2017-2020, GMU)
• CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  
• CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
• CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
• CSCI 780 Advanced Network Security (Fall 2014, W&M)
  

• NSF Panelist 2013, 2017, 2018, 2019 (2).
• Geneal Chair: IEEE CNS 2021, SecureComm 2020.
• TPC Co-Chair: SciSec, 2021, First ACM Workshop on Moving Target Defense (MTD 2014) in conjunction with ACM CCS 2014.
• TPC Member: NDSS 2020/2022, CCS 2015-2017/2019-2022, DSN 2017/2020, ACSAC 2019-2021, INFOCOM 2016-2022, MTD 2015-2021, MILCOM 2021, ICDCS 2019, SecureComm 2016-2018, ICICS 2018-2021, CNS 2014/2016-2020, ICC 2015-2019.
• Travel Grant Chair: RAID 2019.
• Workshop Co-chair: IEEE CNS 2018, NSF SPS 2018.

• [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. 
• [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf] 
• [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf] 
• [ACSAC21]  Qiyang Song, Jiahao Cao, Kun Sun, Qi Li, and Ke Xu. "Try before You Buy: Privacy-preserving Data Evaluation on Cloud-based Machine Learning Data Marketplace." To appear in the Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 6-10, 2021. [pdf] 
• [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [DSN21] Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, and Sushil Jajodia. "PatchDB: A Large-Scale Security Patch Dataset". To appear in the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN), Taibei, Taiwan, June 21-24, 2021. (Acceptance ratio: 16.3%=48/295) [pdf]
• [AsiaCCS21] Zeyu Zhang, Xiaoli Zhang, Qi Li, Kun Sun, Yinqian Zhang, SongSong Liu, Yukun Liu, and Xiaoning Li. "See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer". To appear in The ACM Asia Conference on Computer and Communications Security (ACM ASIACCS), Hong Kong, China, June 7-11, 2021. (Acceptance ratio: 18.47%=29/157) [pdf]
• [ACSAC20] Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. "RusTEE: Developing Memory-Safe ARM TrustZone Applications". To appear in Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 7-11, 2020. (Acceptance ratio: 23.18%=70/302) [pdf]
• [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [RAID20] Shu Wang, Jiahao Cao, Kun Sun, and Qi Li. "SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems". To appear in the 23nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), Donostia/San Sebastian, Spain on October 14-16, 2020. (Acceptance ratio: 24.79%=31/121) [pdf]
• [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]
• [RAID19] Jiahao Cao, Zijie Yang, Kun Sun, Qi Li, Mingwei Xu, and Peiyi Han. "Fingerprinting SDN Applications via Encrypted Control Traffic." To appear in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), Beijing, China, September 23-25, 2019. (Acceptance ratio: 22.28%=37/166) [pdf}
• [DSN19] Shengye Wan, Jianhua Sun, Kun Sun, Ning Zhang, and Qi Li. "SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors". To appear in the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, Oregon, June 24-27, 2019. (Acceptance ratio: 21.40%=54/252) [pdf]
• [USENIX Security19] Jiahao Cao, Qi Li, Renjie Xie, Kun Sun, Guofei Gu, Mingwei Xu, and Yuan Yang. "The CrossPath Attack: Disrupting the SDN Control Channel via Shared Links". To appear in 28th USENIX Security Symposium (USENIX Security'19), Santa Clara, CA, August 14-16, 2019. [pdf]