Dr. Kun Sun is an associate professor in George Mason University. He received his Ph.D. in Computer Science from North Carolina State University. His research focuses on systems and network security. Dr. Sun has more than 15 years working experience in both industry and academia, and serves as the director of the Sun Security Laboratory (SunLab) and the Associate Director of the Center for Secure Information Systems (CSIS). We are continuously hiring self-motivated graduate and undergraduate students who have research interests on cyber security, operating system, and computer networks. 

• [Usenix Security 22] One paper titled "Exploring the Unchartered Space of Container Registry Typosquatting" accepted by USENIX Security 2022. Congrats to Guanan Liu.
• [PatchDB] We release a large-scale security patch dataset called PatchDB that contains around 12K security patches and 24K non-security patches from the real world (download link).
• [CCS21] One paper titled "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking" accepted by CCS 2021. Congrats to Xin Tan.
• [WiSec21] One paper titled "Remotely Controlling TrustZone Applications? A Study on Securely and Resiliently Receiving Remote Commands" accepted by WiSec 2021. Congrats to Shengye.
• [SEED TPC] Invited to serve in the TPC of SEED 2021.
• [NDSS TPC] Invited to serve in the TPC of NDSS 2022.
• [INFOCOM TPC] Invited to serve in the TPC of INFOCOM 2022. 
• [MILCOM TPC] Invited to serve in the TPC of MILCOM 2021. 
• [DSN21] One paper titled "PatchDB: A Large-Scale Security Patch Dataset" accepted by DSN 2021. Congrats to Xinda, Shu, and Pengbin.  
• [CNS GC] Invited to serve as the General Chair of IEEE CNS 2021.
• [ACSAC TPC] Invited to serve in the TPC of ACSAC 2021. 
• [INFOCOM21] One paper titled "Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis" accepted by INFOCOM 2021. Congrats to Fengting.
• [CCS TPC] Invited to serve in the TPC of CCS 2021. 
• [CODASPY21] One paper titled "UTrack: Enterprise User Tracking Based on OS-Level Audit Logs" accepted by CODASPY 2021. Congrats to Yue.  
• [AsiaCCS21] One paper titled "See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer" accepted by AsiaCCS 2021. Congrats to Zeyu and Songsong.

• Cyber Deception/Moving Target Defense: Against the experts in defense, the enemy does not know where to attack.  -- SunTzu
• Trusted Computing Systems: SMM/TrustZone/SGX, VM/Container.
• Network Security: SDN security, Wireless security.
• Software Security: Software patch security

Postdoctoral Researcher:

• Pengbin Feng

Current PhD Students:

• Songsong Liu, PhD
• Xinda Wang, PhD
• Shu Wang, PhD
• Xu He, PhD
• Tommy Chin, PhD

Former PhD Students:

• Jie Wang, Ph, June 2021, initial placement at Huazhong University of Science and Technology, China.    
• Shengye Wan, PhD, August 2020, initial placement at Facebook
• Jianhua Sun, PhD, August 2019, initial placement at Facebook
• Yue Li, PhD (with Prof. Haining Wang), March 2019, initial placement at Facebook
• Kyle Wallace, PhD (with Prof. Gang Zhou), August 2018, initial placement at MITRE
  

• AIT 682 Network and Systems Security (Fall 2017-2020, GMU)
• AIT 681Secure Software Engineering (Spring 2017-2021, GMU)
• CYSE 411Secure Software Engineering (Spring 2017/2018, GMU)
  
• CSCI 454/554 Computer and Network Security (Spring 2015/2016, W&M)
• CSCI 680 Advanced System and Network Security (Fall 2015, W&M)
• CSCI 780 Advanced Network Security (Fall 2014, W&M)
  

• NSF Panelist 2013, 2017, 2018, 2019 (2).
• Geneal Chair: IEEE CNS 2021, SecureComm 2020.
• TPC Co-Chair: SciSec, 2021, First ACM Workshop on Moving Target Defense (MTD 2014), in conjunction with ACM CCS 2014.
• TPC Member: NDSS 2020/2022, CCS 2015/2016/2017/2019/2021, DSN 2017/2020, ACSAC 2019-2021, INFOCOM 2016-2022, MTD 2015-2020, MILCOM 2021, ICDCS 2019, SecureComm 2016-2018, ICICS 2018-2021, CNS 2014/2016-2020, ICC 2015-2019.
• Travel Grant Chair: RAID 2019.
• Workshop Co-chair: IEEE CNS 2018, NSF SPS 2018.

• [USENIX Security22] Guannan Liu, Xing Gao, Haining Wang, and Kun Sun. "Exploring the Unchartered Space of Container Registry Typosquatting". To appear in 31st USENIX Security Symposium (USENIX Security'22), BOSTON, MA, USA, August 10–12, 2022. [pdf]
• [CCS21] Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, and Min Yang. "Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking." To appear in the Proceedings of ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021. [pdf]
• [DSN21] Xinda Wang, Shu Wang, Pengbin Feng, Kun Sun, and Sushil Jajodia. "PatchDB: A Large-Scale Security Patch Dataset". To appear in the 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN), Taibei, Taiwan, June 21-24, 2021. (Acceptance ratio: 16.3%=48/295) [pdf]
• [AsiaCCS21] Zeyu Zhang, Xiaoli Zhang, Qi Li, Kun Sun, Yinqian Zhang, SongSong Liu, Yukun Liu, and Xiaoning Li. "See through Walls: Detecting Malware in SGX Enclaves with SGX-Bouncer". To appear in The ACM Asia Conference on Computer and Communications Security (ACM ASIACCS), Hong Kong, China, June 7-11, 2021. (Acceptance ratio: 18.47%=29/157) [pdf]
• [ACSAC20] Shengye Wan, Mingshen Sun, Kun Sun, Ning Zhang, and Xu He. "RusTEE: Developing Memory-Safe ARM TrustZone Applications". To appear in Annual Computer Security Applications Conference (ACSAC), Austin, Texas, USA, December 7-11, 2020. (Acceptance ratio: 23.18%=70/302) [pdf]
• [CCS20] Jie Wang, Kun Sun, Lingguang Lei, Shengye Wan, Yuewu Wang, and Jiwu Jing. "Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu. "Off-Path TCP Exploits of the Mixed IPID Assignment". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [CCS20] Shu Wang, Jiahao Cao, Xu He, Kun Sun, and Qi Li. "When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition". To appear in ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020. [pdf]
• [RAID20] Shu Wang, Jiahao Cao, Kun Sun, and Qi Li. "SIEVE: Secure In-Vehicle Automatic Speech Recognition Systems". To appear in the 23nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), Donostia/San Sebastian, Spain on October 14-16, 2020. (Acceptance ratio: 24.79%=31/121) [pdf]
• [NDSS20] Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, and Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN". To appear in the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 23-26, 2020. [pdf]
• [RAID19] Jiahao Cao, Zijie Yang, Kun Sun, Qi Li, Mingwei Xu, and Peiyi Han. "Fingerprinting SDN Applications via Encrypted Control Traffic." To appear in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), Beijing, China, September 23-25, 2019. (Acceptance ratio: 22.28%=37/166) [pdf}
• [DSN19] Shengye Wan, Jianhua Sun, Kun Sun, Ning Zhang, and Qi Li. "SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors". To appear in the 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, Oregon, June 24-27, 2019. (Acceptance ratio: 21.40%=54/252) [pdf]
• [USENIX Security19] Jiahao Cao, Qi Li, Renjie Xie, Kun Sun, Guofei Gu, Mingwei Xu, and Yuan Yang. "The CrossPath Attack: Disrupting the SDN Control Channel via Shared Links". To appear in 28th USENIX Security Symposium (USENIX Security'19), Santa Clara, CA, August 14-16, 2019. [pdf]
• [CCS17] Lingguang Lei, Yi He, Kun Sun, Jiwu Jing, Yuewu Wang, Qi Li, and Jian Weng. "Vulnerable Implicit Service: A Revisit". To appear in the 24nd ACM Conference on Computer and Communications Security (CCS), Dallas, Texas, October 30-November 3, 2017. (Acceptance ratio: 18%=151/836) [pdf]
• [S&P16] Ning Zhang, Kun Sun, Wenjing Lou, and Tom Hou. "CaSE: Cache-Assisted Secure Execution on ARM Processors." To appear in the 37th IEEE Symposium on Security and Privacy (S&P), SAN JOSE, CA, MAY 23-25, 2016. (Acceptance ratio: 13.75%=55/400) [pdf]
• [CCS15] He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. "TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens". To appear in the 22nd ACM Conference on Computer and Communications Security (CCS), Denver, Colorado, October 12-16, 2015. (Acceptance ratio: 19.81%=128/646) [pdf]
• [S&P15] Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. "Using Hardware Features for Increased Debugging Transparency". To appear in the 36th IEEE Symposium on Security and Privacy (S&P), Fairmont, San Jose, CA, May 18-20, 2015. (Acceptance ratio:13.51%=55/407) [pdf]
  
• [NDSS15] Xueqiang Wang, Kun Sun, Yuewu Wang, and Jiwu Jing. "DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices", In the Proceedings of 2015 Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 8-11, 2015. (Acceptance ratio: 16.88%=51/302) [pdf]