I am an Assistant Professor in the Department of Computer Science and lead the Secure Platforms Lab (SPL) at William & Mary. My research interests lie in the areas of operating systems and software security, with a focus on exploring the challenges in securing emerging platforms such as smart phones and IoT.
My research seeks to (1) discover security vulnerabilities arising from irregularities in the access control architectures of platforms or their use by developers and consumers (e.g., evaluation of smart home routines [CODASPY'19 Best Paper], ACMiner [CODASPY'19], ACM TCPS, (2) design platform or OS-level defenses that are secure as well as practical, i.e., backwards compatible with essential functionality and user expectations (e.g., Weir [USENIX'16], the ASM framework [USENIX'14], Aquifer [CCS'13]), and (3) develop frameworks for evaluating security systems that help in the discovery of unsound security design-decisions, and enable crucial improvements in the art of designing practical security systems (e.g., MASC [Oakland'22], mSE [USENIX'18], Helion [Oakland'20], ACM TOPS (to appear)).
Multiple funded positions available: I am looking for highly motivated graduate students to work on several funded projects in security and privacy. If you are interested, please apply to the W&M CS graduate program! (March 1 deadline for Fall), and send me an email with (1) your CV, (2) and a gist of what particular area of my work you find interesting (please go through the papers here). If you are already a student at W&M, feel free to drop by my office as well.
August 10, 2021: Our paper, Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques., has been accepted for publication at the IEEE Symposium on Security and Privacy 2022! ([Oakland'22])
August 2, 2021: Our proposal on Enabling Data-Driven Security and Safety Analyses for Cyber-Physical Systems has been funded! Thanks NSF! [Abstract]
June 30, 2021: Amit Seal Ami receives the Coastal Virginia Center for Cyber Innovation (COVA CCI) Cybersecurity Dissertation Fellowship! Congrats Amit!
June 30, 2021: Sunil Manandhar receives the Coastal Virginia Center for Cyber Innovation (COVA CCI) Cybersecurity Dissertation Fellowship! Congrats Sunil!
May 26, 2021: Adwait Nadkarni receives the 2021 Graduate Faculty Mentoring Award!! Congrats Adwait!
April 30, 2021: Sunil Manandhar selected as the 2021 Commonwealth of Virginia Engineering and Science (COVES) Policy Fellow!! Congrats Sunil!
April 7, 2021: Sunil Manandhar awarded the S. Laurie Sanderson Awards for Excellence in Undergraduate Mentoring!! Congrats Sunil!
March 2, 2021: Sunil Manandhar recognized as Distinguished Reviewer in Shadow PC for 42nd IEEE Symposium on Security and Privacy! Congrats Sunil!
January 21, 2021: Our proposal, A Systematic Evaluation of Smart City Security and Privacy, has been funded by Virginia's Commonwealth Cyber Initiative (CCI)!
January 21, 2021: Our paper, Demo: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android., has been accepted to the Tool Demo Track at ICSE'21! (ICSE'21 Demonstrations)
November 24, 2020: Our paper, Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques., has been accepted to the ACM Transactions on Privacy and Security (TOPS)
July 2, 2020: Our paper, Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue, has been accepted to the ACM Transactions on Cyber Physical Systems, special issue on Security and Privacy for Connected CPS (TCPS)
January 15, 2020: Our paper, Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses, has been accepted for publication at the IEEE Symposium on Security and Privacy 2020 (Oakland'20)
April 26, 2019: Bryan Burns graduated with an MS, and a successful Masters Project. Congratulations Bryan!
April 26, 2019: Ruhao (Tony) Tang successfully defended is Honors Thesis on Leveraging NLP to Enable Analysis of User Driven Routines . Congratulations Tony!
March 29, 2019: Ruhao (Tony) Tang wins the Undergraduate Stephen K. Park Award 2019. Congratulations Tony!
March 26, 2019: Our paper, A Study of Data Store-based Home Automation received the Best Paper Award at CODASPY'19!
November 27, 2018: Our paper, A Study of Data Store-based Home Automation, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)
November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)
August 31, 2018: Our proposal on Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques has been funded! Thanks NSF! [Abstract]
May 20, 2018: Our paper, Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation, has been accepted for publication at the 27th USENIX Security Symposium (USENIX'18)
April 10, 2018: Ruhao (Tony) Tang wins the Charles Center Summer Research Scholarship for Summer 2018!