I am an Assistant Professor in the Department of Computer Science at William & Mary. My primary research interests lie in the area of operating systems security. Common themes in my research include IoT security, Android security, privacy, and access control. I am also investigating problems in security policy specification, using Machine Learning/ AI.

My research seeks to (1) evaluate the security of emerging operating platforms, such as IoT and smart homes (e.g., Samsung SmartThings, Works with Nest), mobile platforms (e.g., Android, iOS), and (2) create practical and secure defenses for protecting the user and the system through novel policy and enforcement primitives that take advantage of the architectures and unique abstractions of the operating system.

Multiple funded positions available: Please send me an email if you are a highly motivated student interested in security research. To work with me you must also be a current or prospective W&M Graduate (or Undergrad) student. Apply to the W&M CS graduate program. (March 1 deadline for Fall).

Recent News:

November 27, 2018: Our paper, A Study of Data Store-based Home Automation, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

November 27, 2018: Our paper, PolicyMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

August 31, 2018: Our proposal on Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques has been funded! Thanks NSF! [Abstract]

May 20, 2018: Our paper, Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation, has been accepted for publication at the 27th USENIX Security Symposium (USENIX'18)

April 10, 2018: Ruhao (Tony) Tang wins the Charles Center Summer Research Scholarship for Summer 2018!