Sangho Lee

• Senior Researcher
• Microsoft Research Redmond
• 99/3732, 14820 NE 36th St, Redmond, WA 98052
• Sangho.Lee@microsoft.com | sangho.lee.cs@gmail.com

Selected Publications

• MalDev: Subverting Secure VM through Exploiting PCIe Address Translation Services (to appear)
  • Sangyun Kim, Kyungwook Boo, Cheolwoo Myung, Sangho Lee, and Byoungyoung Lee
  • 34th USENIX Security Symposium (Security 2025), Seattle, Washington, USA, August 13-15, 2025
• Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis [paper | code]
  • Zhenghao Hu, Sangho Lee, and Marcus Peinado
  • 30th ACM Conference on Computer and Communications Security (CCS 2023), Copenhagen, Denmark, November 26-30, 2023
• Rethinking System Audit Architectures for High Event Coverage and Synchronous Log Availability [paper | code]
  • Varun Gandhi#, Sarbartha Banerjee#, Aniket Agrawal, Adil Ahmad, Sangho Lee, and Marcus Peinado
  • 32nd USENIX Security Symposium (Security 2023), Anaheim, California, USA, August 9-11, 2023
  • [# co-first authors]
• APRON: Authenticated and Progressive System Image Renovation [paper | slides | code]
  • Sangho Lee
  • 2023 USENIX Annual Technical Conference (ATC 2023), Boston, Massachusetts, USA, July 10-12, 2023
• Spacelord: Private and Secure Smart Space Sharing [paper]
  • Yechan Bae, Sarbartha Banerjee, Sangho Lee, and Marcus Peinado#
  • 38th Annual Computer Security Applications Conference (ACSAC 2022), Austin, Texas, USA, December 5-9, 2022
  • [# alphabetically ordered]
• DeView: Confining Progressive Web Applications by Debloating Web APIs [paper | code]
  • ChangSeok Oh, Sangho Lee, Chenxiong Qian, Hyungjoon Koo, and Wenke Lee
  • 38th Annual Computer Security Applications Conference (ACSAC 2022), Austin, Texas, USA, December 5-9, 2022
• Pridwen: Universally Hardening SGX Programs via Load-Time Synthesis [paper | code]
  • Fan Sang#, Ming-Wei Shih#, Sangho Lee, Xiaokuan Zhang, Michael Steiner, Mona Vij, and Taesoo Kim
  • 2022 USENIX Annual Technical Conference (ATC 2022), Carlsbad, California, USA, July 11-13, 2022
  • [# co-first authors]
• HardLog: Practical Tamper-Proof System Auditing Using a Novel Audit Device [paper | code]
  • Adil Ahmad, Sangho Lee, and Marcus Peinado
  • 43rd IEEE Symposium on Security and Privacy (Oakland 2022), San Francisco, California, USA, May 22-26, 2022
• KARD: Lightweight Data Race Detection with Per-Thread Memory Protection [paper]
  • Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee
  • 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021), Virtual, April 19-23, 2021
• All Your Clicks Belong to Me: Investigating Click Interception on the Web [paper | code]
  • Mingxue Zhang, Wei Meng, Sangho Lee, Byoungyoung Lee, and Xinyu Xing
  • 28th USENIX Security Symposium (Security 2019), Santa Clara, California, USA, August 14-16, 2019
• libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK) [paper | code]
  • Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim
  • 2019 USENIX Annual Technical Conference (ATC 2019), Renton, Washington, USA, July 10-12, 2019
• Dominance as a New Trusted Computing Primitive for the Internet of Things [paper]
  • Meng Xu, Manuel Huber, Zhichuang Sun, Paul England, Marcus Peinado, Sangho Lee, Andrey Marochko, Dennis Matoon, Rob Spiger, and Stefan Thom
  • 40th IEEE Symposium on Security and Privacy (Oakland 2019), San Francisco, California, USA, May 20-22, 2019
• QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing [paper | code]
  • Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim
  • 27th USENIX Security Symposium (Security 2018), Baltimore, Maryland, USA, August 15-17, 2018
  • Distinguished Paper Award, Frontiers of Science Award
• Efficient Data Flow Tagging and Tracking for Refinable Cross-host Attack Investigation [paper]
  • Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee
  • 27th USENIX Security Symposium (Security 2018), Baltimore, Maryland, USA, August 15-17, 2018
• RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking [paper]
  • Yang Ji, Sangho Lee, Evan Downing, Weiren Wang, Mattia Fazzini, Taesoo Kim, Alessandro Orso, and Wenke Lee
  • 24th ACM Conference on Computer and Communications Security (CCS 2017), Dallas, Texas, USA, October 30-November 3, 2017
• Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing [paper | slides | demo | code]
  • Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado
  • 26th USENIX Security Symposium (Security 2017), Vancouver, Canada, August 16-18, 2017
• CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems [paper | slides]
  • Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim
  • 2017 USENIX Annual Technical Conference (ATC 2017), Santa Clara, California, USA, July 12-14, 2017
• T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs [paper | code]
  • Ming-Wei Shih#, Sangho Lee#, Taesoo Kim, and Marcus Peinado
  • 24th Network and Distributed System Security Symposium (NDSS 2017), San Diego, California, USA, February 26-March 1, 2017
  • [# co-first authors]
• Breaking Kernel Address Space Layout Randomization with Intel TSX [paper | code]
  • Yeongjin Jang, Sangho Lee, and Taesoo Kim
  • 23rd ACM Conference on Computer and Communications Security (CCS 2016), Vienna, Austria, October 24-28, 2016
• CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks [paper]
  • Jonghyuk Song, Sangho Lee, and Jong Kim
  • 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado, USA, October 12-16, 2015
• Identifying Cross-origin Resource Status Using Application Cache [paper | slides | demo]
  • Sangho Lee, Hyungsub Kim, and Jong Kim
  • 22nd Network and Distributed System Security Symposium (NDSS 2015), San Diego, California, USA, February 8-11, 2015
• Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities [paper | slides | code]
  • Sangho Lee, Youngsok Kim, Jangwoo Kim, and Jong Kim
  • 35th IEEE Symposium on Security and Privacy (Oakland 2014), San Jose, California, USA, May 18-21, 2014
• I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata [paper]
  • Jonghyuk Song, Sangho Lee, and Jong Kim
  • 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil, May 13-17, 2013
• WarningBird: Detecting Suspicious URLs in Twitter Stream [paper | slides]
  • Sangho Lee and Jong Kim
  • 19th Network and Distributed System Security Symposium (NDSS 2012), San Diego, California, USA, February 5-8, 2012

Professional Services

Program Committee Member

• USENIX Security Symposium (Security): 2025, 2022, 2021
• Annual Computer Security Applications Conference (ACSAC): 2024, 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016
• ACM SIGOPS Asia-Pacific Workshop on Systems (APSys): 2020
• ACM Asia Conference on Information, Computer and Communications Security (ASIACCS): 2018
• World Conference on Information Security Applications (WISA): 2018

Journal Reviewer

• ACM TOPS 2016; IEEE TDSC 2018, 2014, 2009; IEEE TIFS 2018; IEEE TCSS 2017; IEEE CL 2013; SCN 2011; JCSE 2015