Dr. Kun Sun is a Professor at George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security. Dr. Sun has more than 15 years of working experience in both industry and academia and serves as the director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). The lab is continuously hiring self-motivated graduate and undergraduate students who have research interests on cyber security, programming language, operating system, and computer networks.

• [Award] Dr. Sun recognized by Mason with Presidential Award for Faculty Excellence in Research in 2022.
• [CCS Certificate+TPC] Dr. Sun received a Top Reviewer certificate of ACM CCS 2022 and was invited to serve in the TPC of CCS 2023.
• [WWW TPC] Invited to serve in the TPC of The Web Conference 2023.
• [S&P 23] One paper titled "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics" accepdted by IEEE S&P 2023. Congrats to Shu Wang and Xinda Wang.
• [S&P 23] One paper titled "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects" accepdted by IEEE S&P 2023. Congrats to Xuewei Feng. (web link)
• [CCS 22] One paper titled "Ready Raider One: Exploring the Misuse of Cloud Gaming Services" accepdted by CCS 2022. Congrats to Guannan Liu.
• [RAID 22] One paper titled "BinProv: Binary Code Provenance Identification without Disassembly" accepted by RAID 2022. Congrats to Xu He. 
• [USENIX Security 22] One paper titled "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks" accepted by USENIX Security 2022. Congrats to Xuewei Feng. 
• [USENIX Security 22] One paper titled "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices" accepted by USENIX Security 2022. Congrats to Yi He. 
• [USENIX Security 22] One paper titled "Exploring the Unchartered Space of Container Registry Typosquatting" accepted by USENIX Security 2022. Congrats to Guanan Liu.
• [ASIACCS TPC] Invited to serve in the TPC of ASIACCS 2023.
• [INFOCOM TPC] Invited to serve in the TPC of INFOCOM 2023.
• [NDSS TPC] Invited to serve in the TPC of NDSS 2023.
• [ACSAC TPC] Invited to serve in the TPC of ACSAC 2022.
• [WWW 22] One paper titled "Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects" accepted by The Web Conference 2022. Congrats to Xin Tan.
• [INFOCOM 22] One paper titled "Auter: Automatically Tuning Multi-layer Network Buffers in Long-Distance Shadowsocks Networks" accepted by INFOCOM 2022. Congrats to Xu He and Shu Wang.
• [NDSS 22] One paper titled "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP" accepted by NDSS 2022. Congrats to Xuewei Feng.
• [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (download link).

• Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
• Trusted Computing Systems: TPM/SMM/TrustZone/SGX, VM/Container.
• Network Security: Internet security, SDN security, Wireless security.
• Software Security: Software supply chain security, Security patch management.
• AI Security: Adversarial machine learning, Automatic speech recognition security, Graph Neural Network.   

Current Students:

• Xinda Wang, PhD
• Shu Wang, PhD
• Xu He, PhD
• Tommy Chin, PhD
• Shiyu Sun, PhD
• Rafael Chen, PhD
• Yunlong Xing, PhD 

Former PhD Students:

• Songsong Liu, PhD, July 2022, Initial placement at Security Innovation, Inc.
• Jie Wang, PhD, June 2021, initial placement at Huazhong University of Science and Technology, China.
• Shengye Wan, PhD, August 2020, initial placement at Facebook
• Jianhua Sun, PhD, August 2019, initial placement at Facebook
• Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook
• Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE
  

• AIT 681Secure Software Engineering (Spring 2017-2023, GMU)
• AIT 682 Network and Systems Security (Fall 2017-2022, GMU)
• IT 366 Network Security (Fall 2021, GMU
• CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  
• CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
• CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
• CSCI 780 Advanced Network Security (Fall 2014, W&M)
  

• NSF Panelist 2013, 2017, 2018, 2019 (2).
• Geneal Chair: IEEE CNS 2021, SecureComm 2020.
• TPC Co-Chair: SciSec, 2021, First ACM Workshop on Moving Target Defense (MTD 2014) in conjunction with ACM CCS 2014.
• TPC Member: ASIACCS 2023, NDSS 2020/2022-2023, CCS 2015-2017/2019-2023, DSN 2017/2020, ACSAC 2019-2023, INFOCOM 2016-2023, MTD 2015-2022, MILCOM 2021-2022, ICDCS 2019, SecureComm 2016-2018, ICICS 2018-2023, CNS 2014/2016-2020/2022.
• Travel Grant Chair: RAID 2019.
• Workshop Co-chair: IEEE CNS 2018, NSF SPS 2018.

• [S&P23] Shu Wang, Xinda Wang, Kun Sun, Sushil Jajodia, Haining Wang, and Qi Li. "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf]
• [S&P23] Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu. "Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects". To appear in the 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023), SAN FRANCISCO, CA, May 22-26, 2023. [pdf]
• [CCS22] Guannan Liu, Daiping Liu, Shuai Hao, Xing Gao, Kun Sun, and Haining Wang. "Ready Raider One: Exploring the Misuse of Cloud Gaming Services." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Los Angeles, CA, November 7-11, 2022. [pdf]
• [RAID 22] Xu He, Shu Wang, Yunlong Xing, Pengbin Feng, Haining Wang, Qi Li, Songqing Chen, and Kun Sun. "BinProv: Binary Code Provenance Identification without Disassembly". To appear in the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022), Limassol, Cyprus on 26-28 October, 2022. [pdf]
• [USENIX Security22] Xuewei Feng, Qi Li, Kun Sun, Zhiyun Qian, Chuanpu Fu, Gang Zhao, Xiaohui Kuang, and Ke Xu. "Off-Path Network Traffic Manipulation via Revitalizing ICMP Redirect Attacks". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
• [USENIX Security22] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. "RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf] 
• [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10-12, 2022. [pdf]
• [NDSS22] Xuewei Feng, Qi Li, Kun Sun, Ke Xu, Baojun Liu, Xiaofeng Zheng, Qiushi Yang, Haixin Duan, and Zhiyun Qian. "PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against TCP". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 27- March 3, 2022. [pdf]
• [WWW22] Xin Tan, Yuan Zhang, Jiajun Cao, Kun Sun, Mi Zhang and Min Yang. "Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects". To appear in the Proceedings of the 31st ACM Web Conference (WWW), Virtual Event, Lyon, France, April 25–29, 2022. [pdf]
• [ACSAC21]  Qiyang Song, Jiahao Cao, Kun Sun, Qi Li, and Ke Xu. "Try before You Buy: Privacy-preserving Data Evaluation on Cloud-based Machine Learning Data Marketplace." To appear in the Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 6-10, 2021. [pdf] 
• [CCS21] Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, and Zhuotao Liu. "A Hard Label Black-box Adversarial Attack Against Graph Neural Networks." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [DSN21] Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, and Sushil Jajodia. "PatchDB: A Large-Scale Security Patch Dataset". To appear in the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN), Taibei, Taiwan, June 21-24, 2021. [pdf]
• [AsiaCCS21] Zeyu Zhang, Xiaoli Zhang, Qi Li, Kun Sun, Yinqian Zhang, SongSong Liu, Yukun Liu, and Xiaoning Li. "See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer". To appear in The ACM Asia Conference on Computer and Communications Security (ACM ASIACCS), Hong Kong, China, June 7-11, 2021. [pdf]
• [ACSAC20] Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. "RusTEE: Developing Memory-Safe ARM TrustZone Applications". To appear in Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 7-11, 2020. [pdf]
• [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [RAID20] Shu Wang, Jiahao Cao, Kun Sun, and Qi Li. "SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems". To appear in the 23nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), Donostia/San Sebastian, Spain on October 14-16, 2020. [pdf]
• [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]