I am an Assistant Professor in the Department of Computer Science at William & Mary. My primary research interests lie in the area of operating systems security. Common themes in my research include IoT security, privacy, and access control.

My research seeks to (1) evaluate the security of emerging operating platforms, such as IoT and smart homes (e.g., Samsung SmartThings, Works with Nest), mobile platforms (e.g., Android, iOS), and (2) create practical and secure defenses for protecting the user and the system through novel policy and enforcement primitives that take advantage of the architectures and unique abstractions of the operating system.

Multiple funded positions available: Please send me an email if you are a highly motivated student interested in security research. To work with me you must also be a current or prospective W&M Graduate (or Undergrad) student. Apply to the W&M CS graduate program. (March 1 deadline for Fall).

Recent News:

December 28, 2018: Our recent investigation on smart home security has received wide press coverage. See the most detailed articles here: Washington Post, Daily Press, The Ambient

November 27, 2018: Our paper, A Study of Data Store-based Home Automation, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

August 31, 2018: Our proposal on Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques has been funded! Thanks NSF! [Abstract]

May 20, 2018: Our paper, Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation, has been accepted for publication at the 27th USENIX Security Symposium (USENIX'18)

April 10, 2018: Ruhao (Tony) Tang wins the Charles Center Summer Research Scholarship for Summer 2018!