Jason Kim

Profile Picture
Academic (Full Version) Industry (Brief Version)
GitHub LinkedIn DBLP Scholar

nosajmik@gthwsec:~$ whoami

Hello! My name is Jason Kim, and I am a fifth (and final)-year PhD candidate in the Hardware Security Lab advised by Prof. Daniel Genkin. I am part of the School of Cybersecurity and Privacy at the Georgia Institute of Technology. I graduated from the University of Michigan in May 2021 with my bachelor's degree in computer science, where I worked on projects with Daniel and Prof. Kevin Leach.

I am on the job market, targeting a start date in Spring 2026. I am interested in both academic and industry paths - if you are hiring, please send me an email or a LinkedIn message!

nosajmik@gthwsec:~$ cat research.txt

I am interested in offensive hardware security and microarchitectural side-channels. Amid the everlasting pursuit for computing performance, I study the implications of low-level hardware optimizations on protecting information stored in high-level applications, all the way through the layers of abstraction. More specifically, I am curious about how cutting-edge processors affect the security of web browsers, which have become a gold mine for users' credentials and sensitive information.

Through my research, I have developed an understanding of microarchitecture, operating systems, and execution engines in web browsers by observing how they affect each other. This analysis starts with benchmarks for reverse engineering or RTL simulation and dataflow graphs, and ends with memory allocator exploitation and proof-of-concept construction. My work has prompted patches in the process model, rendering engine, and data structure placement in Apple Safari, which is also the sole allowed framework for all iPhone and iPad web browser apps. On Google Chrome, my work has resulted in patches to the extension mechanism, developer tools, and compromised password detection schemes.

Most recently, I expanded my interests to hardware defenses, namely white-box microarchitectural security analyses that augment traditional verification techinques for processor designs. This was made possible by a research internship at Silicon Assurance. Finally, positively impacting the security of billions of users' devices has been my motivation for pursuing a Ph.D., and thus I hope to continue meaningful work of a similar ethos after graduation.

nosajmik@gthwsec:~$ cat misc.txt

Outside of work, I enjoy cooking, movies, hiking, traveling, road tripping, working on cars, tubing/boating near Atlanta, and discovering new restaurants and bars.

My desk is at Suite E0952J of the Coda Building, at 756 W Peachtree St NW, Atlanta, GA 30308, and my email is nosajmik (at) gatech (dot) edu. That's kimjason spelled backwards, and originally was my username at Michigan.

Before side channels, I worked on machine learning models for binary analysis, network security and intrusion detection systems, and a little bit of bioinformatics alongside my undergraduate minor in biology. I was also on the course staff of Michigan's computer security course for two years as a teaching assistant, and brought components of it over to Georgia Tech's Introduction to Information Security over a year's tenure. My favorite part of it was organizing and updating a digital forensics Capture-the-Flag, which served as the final project for both courses.

nosajmik@gthwsec:~$ ls publications/

  • Jason Kim, Jalen Chuang, Daniel Genkin, and Yuval Yarom.
    FLOP: Breaking the Apple M3 CPU via False Load Output Predictions.
    USENIX Security Symposium, 2025.
    Website Paper
  • Jason Kim, Daniel Genkin, and Yuval Yarom.
    SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon.
    IEEE Symposium on Security and Privacy (S&P), 2025.
    Distinguished Paper Award.
    Website Paper
  • Ingab Kang, Walter Wang, Jason Kim, Stephan van Schaik, Youssef Tobah, Daniel Genkin, Andrew Kwong, and Yuval Yarom.
    SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism.
    USENIX Security Symposium, 2024.
    USENIX Paper
  • Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, and Yuval Yarom.
    Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and ARM SoCs.
    USENIX Security Symposium, 2023.
    CSAW Applied Research Competition (North America), 2023, Finalist.
    ArXiv USENIX Paper
  • Andrew Kwong, Walter Wang, Jason Kim, Jonathan Berger, Daniel Genkin, Eyal Ronen, Hovav Shacham, Riad Wahby, and Yuval Yarom.
    Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome's Password Leak Detection Protocol.
    USENIX Security Symposium, 2023.
    USENIX Paper Video
  • Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom.
    iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices.
    ACM Conference on Computer and Communications Security (CCS), 2023.
    CSAW Applied Research Competititon (North America), 2023, Finalist.
    Top Picks in Hardware and Embedded Security, 2024.
    Website Paper
  • Jason Kim, Daniel Genkin, and Kevin Leach.
    Revisiting Lightweight Compiler Provenance Recovery on ARM Binaries.
    International Conference on Program Comprehension (ICPC), RENE Track, 2023.
    ArXiv Paper
  • Ayush Agarwal, Sioli O'Connell, Jason Kim, Shaked Yehezkel, Daniel Genkin, Eyal Ronen, and Yuval Yarom.
    Spook.js: Attacking Chrome Strict Site Isolation via Speculative Execution.
    IEEE Symposium on Security and Privacy (S&P), 2022.
    Website Paper Video