I am an Assistant Professor in the Department of Computer Science and lead the Secure Platforms Lab (SPL) at William & Mary. My research interests lie in the areas of operating systems and software security, with a focus on exploring the challenges in securing emerging platforms such as smart phones and IoT.
My research seeks to (1) discover security vulnerabilities arising from irregularities in the access control architectures of platforms or their use by developers and consumers (e.g., evaluation of smart home routines [CODASPY'19 Best Paper], ACMiner [CODASPY'19], ACM TCPS (to appear)), (2) design platform or OS-level defenses that are secure as well as practical, i.e., backwards compatible with essential functionality and user expectations (e.g., Weir [USENIX'16], the ASM framework [USENIX'14], Aquifer [CCS'13]), and (3) develop frameworks for evaluating security systems that help in the discovery of unsound security design-decisions, and enable crucial improvements in the art of designing practical security systems (e.g., mSE [USENIX'18], Helion [Oakland'20], ACM TOPS (to appear)).
Multiple funded positions available: Please send me an email if you are a highly motivated W&M grad/undergraduate student interested in security research. If you are not already a student, apply to the W&M CS graduate program! (March 1 deadline for Fall).
January 21, 2021: Our proposal, A Systematic Evaluation of Smart City Security and Privacy, has been funded by Virginia's Commonwealth Cyber Initiative (CCI)!
January 21, 2021: Our paper, Demo: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android., has been accepted to the Tool Demo Track at ICSE'21! (ICSE'21 Demonstrations)
November 24, 2020: Our paper, Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques., has been accepted to the ACM Transactions on Privacy and Security (TOPS)
July 2, 2020: Our paper, Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue, has been accepted to the ACM Transactions on Cyber Physical Systems, special issue on Security and Privacy for Connected CPS (TCPS)
January 15, 2020: Our paper, Towards a Natural Perspective of Smart Homes for Practical Security and Safety Analyses, has been accepted for publication at the IEEE Symposium on Security and Privacy 2020 (Oakland'20)
April 26, 2019: Bryan Burns graduated with an MS, and a successful Masters Project. Congratulations Bryan!
April 26, 2019: Ruhao (Tony) Tang successfully defended is Honors Thesis on Leveraging NLP to Enable Analysis of User Driven Routines . Congratulations Tony!
March 29, 2019: Ruhao (Tony) Tang wins the Undergraduate Stephen K. Park Award 2019. Congratulations Tony!
March 26, 2019: Our paper, A Study of Data Store-based Home Automation received the Best Paper Award at CODASPY'19!
November 27, 2018: Our paper, A Study of Data Store-based Home Automation, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)
November 27, 2018: Our paper, ACMiner: Extraction and Analysis of Authorization Checks in Android’s Middleware, has been accepted for publication at the ACM Conference on Data and Application Security and Privacy (CODASPY'19)
August 31, 2018: Our proposal on Enabling Systematic Evaluation of the Soundness of Android Security Analysis Techniques has been funded! Thanks NSF! [Abstract]
May 20, 2018: Our paper, Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation, has been accepted for publication at the 27th USENIX Security Symposium (USENIX'18)
April 10, 2018: Ruhao (Tony) Tang wins the Charles Center Summer Research Scholarship for Summer 2018!