I am an Assistant Professor in the Department of Computer Science and lead the Secure Platforms Lab (SPL) at William & Mary. My research interests lie in the areas of operating systems and software security, with a focus on exploring the challenges in securing emerging platforms such as smart phones and IoT.

My research seeks to (1) discover security vulnerabilities arising from irregularities in the access control architectures of platforms or their use by developers and consumers (e.g., evaluation of smart home routines [CODASPY'19 Best Paper], ACMiner [CODASPY'19], ACM TCPS (to appear)), (2) design platform or OS-level defenses that are secure as well as practical, i.e., backwards compatible with essential functionality and user expectations (e.g., Weir [USENIX'16], the ASM framework [USENIX'14], Aquifer [CCS'13]), and (3) develop frameworks for evaluating security systems that help in the discovery of unsound security design-decisions, and enable crucial improvements in the art of designing practical security systems (e.g., mSE [USENIX'18], Helion [Oakland'20]).

Multiple funded positions available: Please send me an email if you are a highly motivated W&M grad/undergraduate student interested in security research. If you are not already a student, apply to the W&M CS graduate program! (March 1 deadline for Fall).

Recent News:

July 2, 2020: Our paper, Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue, has been accepted to the ACM Transactions on Cyber Physical Systems, special issue on Security and Privacy for Connected CPS (TCPS)

January 15, 2020: Our paper, Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses, has been accepted for publication at the IEEE Symposium on Security and Privacy 2020 (Oakland'20)

April 26, 2019: Bryan Burns graduated with an MS, and a successful Masters Project. Congratulations Bryan!

April 26, 2019: Ruhao (Tony) Tang successfully defended is Honors Thesis on Leveraging NLP to Enable Analysis of User Driven Routines . Congratulations Tony!

March 29, 2019: Ruhao (Tony) Tang wins the Undergraduate Stephen K. Park Award 2019. Congratulations Tony!

March 26, 2019: Our paper, A Study of Data Store-based Home Automation received the Best Paper Award at CODASPY'19!

December 28, 2018: Our recent investigation on smart home security has received wide press coverage. See the most detailed articles here: Washington Post, Daily Press, The Ambient

November 27, 2018: Our paper, A Study of Data Store-based Home Automation, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)

August 31, 2018: Our proposal on Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques has been funded! Thanks NSF! [Abstract]

May 20, 2018: Our paper, Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation, has been accepted for publication at the 27th USENIX Security Symposium (USENIX'18)

April 10, 2018: Ruhao (Tony) Tang wins the Charles Center Summer Research Scholarship for Summer 2018!