Research Interests

My research focus is on system, network, and usable security: in particular, Public Key Infrastructure (the Web PKI and the code signing PKI), and malware analysis.

Bio

I am a Ph.D student in the Department of Computer Science at University of Maryland. Before transferring to Maryland in June 2014 due to my previous advisor, Jonathan S. Turner's retirement, I was a Ph.D student in Department of Computer Science & Engineering at Washington University in St. Louis.

I received my M.S. in Computer Science at the University of Utah in May 2013. I have a B.S. degree in Computer Science and Engineering from HanKuk University of Foreign Studies. I worked in the Medical IT Convergence Research Center and Intelligent IT System Research Center at KETI (Korea Electronics Technology Institute) as a research intern from Feb. 2008 to Jul. 2011.


Publications Google Scholar Author Page

  1. The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, Kristián Kozák, Christopher Gates, and Tudor Dumitraș.
    In the 2018 USENIX Security Symposium. August 2018.
  2. Issued for Abuse: Measuring the Underground Trade in Code Signing Certificate.
    Kristián Kozák, Bum Jun Kwon, Doowon Kim, Christopher Gates, and Tudor Dumitraş.
    In WEIS 2018: The Workshop on the Economics of Information Security. May 2018.
    Media: [Venafi], [HelpNetSecurity], [The Register],
  3. Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI.
    Doowon Kim, Bum Jun Kwon, and Tudor Dumitraș.
    In CCS 2017: ACM Conference on Computer and Communications Security. October 2017.
    Media: [Schneier on Security], [The Register], [The SSL Store], [Ars Technica], [Threatpost], [Tech Wire Asia], [End Game], [CPS-VO], [Systweak], [Fortuna's Corner], [Security Affairs], [The Hacker News], [Security Intelligence], [Tech Target], [Cyber Defense Magazine], [ENISA],
  4. fFTP: a fast file transfer protocol for home N-screen platform.
    Doowon Kim, Jinsuk Baek, Paul S Fisher, Sangchul Kim.
    Personal and Ubiquitous Computing. October 2017. DOI: 10.1007/s00779-017-1082-5. October 2017.
  5. Lessons learned from using an online platform to conduct large-scale, online controlled security experiments with software developers.
    Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Elissa M. Redmiles, Doowon Kim, Michael Backes, Simson Garfinkel, Michelle L. Mazurek, and Sascha Fahl.
    In CSET 2017: USENIX Workshop on Cyber Security Experimentation and Test. August 2017.
  6. Balancing security and usability in encrypted email.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.
    In IEEE Internet Computing: 21 (3), 30-38. 2017.
  7. How Internet Resources Might Be Helping You Develop Faster but Less Securely.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, Christian Stransky.
    In IEEE Security & Privacy, vol. 15, no. 2, pp. 50-60, 2017. doi: 10.1109/MSP.2017.24. (The authors are alphabetically ordered.)
  8. Comparing the usability of cryptographic APIs.
    Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky.
    In the 2017 IEEE Symposium on Security and Privacy. May 2017. (The authors are alphabetically ordered.)
  9. An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems.
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, and Michelle L. Mazurek.
    In SOUPS 2016: USENIX Symposium on Usable Privacy and Security. June 2016.
  10. You get where you're looking for: The impact of information sources on code security.
    * Awarded the 5th annual NSA Best Scientific Cybersecurity Paper.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky.
    In the 2016 IEEE Symposium on Security and Privacy (Oakland). May 2016. (The authors are alphabetically ordered.)
  11. An Adaptive Primary Path Switching Scheme for Seamless mSCTP Handover.
    Jinsuk Baek, Doowon Kim, Paul S. Fisher, and Minho Jo.
    In the Smart Computing Review (Smart CR). March 2014. (Invited Paper)

Posters

  1. You get where you're looking for: The impact of information sources on code security.
    Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky.
    In SOUPS 2016: Symposium on Usable Privacy and Security. June 2016. (Previously published paper.)
  2. Adaptive Video Streaming over HTTP.
    Doowon Kim, Jinsuk Baek, and Paul S. Fisher.
    In the 49th ACM Southeast Conference (ACM SE 2014). March 2014. (poster session)
  3. Implementation of Framework to Identify Potential Phishing Websites.
    Doowon Kim, Chaitanya Achan, Jinsuk Baek, and Paul S. Fisher.
    In 2013 IEEE Intelligence and Security Informatics (IEEE ISI 2013). June 2013. (poster session)

Others

  • An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
    Wei Bai, Doowon Kim, Moses Namara, Yichen Qian, Patrick Gage Kelley, Michelle L. Mazurek. Black Hat USA, August 2016.

Invited Talks

  • End-to-end measurements of security threats in the code signing PKI
    - Electronics and Telecommunications Research Institute (ETRI), Korea, Aug. 2018.
    - Korea Advanced Institute of Science and Technology (KAIST), Korea, Aug. 2018.
    - Samsung Research, Korea, Aug. 2018.
  • You get where you're looking for: The impact of information sources on code security
    - Bowie State University, MD, April 2016.