Gang Tan, Department of Computer Science and Engineering- Penn State University

Gang Tan (\gäng tan\) [Vita][Pdf Vita][Contact]

Associate Professor
James F. Will Career Development Professorship
Dept. of Computer Science & Engineering
School of Electrical Engineering & Computer Science
Penn State University, University Park

Affiliated with Institute for Networking and Security Research (video about INSR)
and Institute for CyberScience

Brief Bio Dr. Tan is a James F. Will Career Development Associate Professor in the Computer Science and Engineering Department at The Pennsylvania State University. He obtained his B.E. in Computer Science from Tsinghua University, and his Ph.D. in Computer Science from Princeton University.

His research interests are software security, programming languages, and formal methods. He leads the Security of Software (SOS) lab, which is broadly interested in applying programming-language and compiler techniques to improving computer security. He has received multiple awards, including an NSF CAREER Award, two Google Research Awards, a Distinguished Reviewer Award at 2018 IEEE Symposium on Security and Privacy, an Outstanding Paper Award at CODASPY 2018, and a Ruth and Joel Spira Excellence in Teaching Award at Penn State.

Research Projects

Some past projects

News

(6/2018) Glad to receive a Ruth and Joel Spira Excellence in Teaching Award at Penn State.
(5/2018) Glad to receive a Distinguished Reviewer Award at 2018 IEEE Symposium on Security and Privacy.
(5/2018) Invited talk at LangSec 2018 [slides].
(5/2018) Paper "Sensitive Information Tracking in Commodity IoT" Automated IoT Safety and Security Analysis" accepted by Usenix Security.
(4/2018) Paper "Soteria: Automated IoT Safety and Security Analysis" accepted by Usenix Annual Technical Conference.
(4/2018) PSU news article about my group's research.
(3/2018) Outstanding paper award for CODASPY paper "From Debugging-Information Based Binary-Level Type Inference to CFG Generation".
(10/2017) Darpa project "Automatic Generation of Anti-Specifications from Exploits for Scalable Program Hardening" funded; subcontractor to Virginia Tech.
(10/2017) Glad to announce a survey article on software-based isolation (SFI): Principles and Implementation Techniques of Software-Based Fault Isolation.
(9/2017) NSF/Intel project "CAPA: Lightweight abstract memory features" funded; in collaboration with Lehigh and Arizona State. [Penn State news release].
(8/2017) Paper "PtrSplit: Supporting General Pointers in Automatic Program Partitioning" accepted by CCS 2017.
(5/2017) ONR project on Semantics-Directed Binary Reverse Engineering and Transformation Validation funded. Thanks to ONR!
(10/2016) Congratulations to Ben, whose dissertation won ACM SIGSAC Dissertation Award Runner-Up.
(3/2016) Keynote talk at MASS 2016 about MCFI/RockJIT/PICFI; Title: "Protecting Dynamic Code by Modular Control-Flow Integrity" [slides].
(12/2015) Congratulations to Ben, who finished his Ph.D. with thesis "Practical Control-Flow Integrity".
(7/2015) Paper "Per-Input Control-Flow Integrity" accepted by CCS 2015.
(6/2015) We are glad to release the source code of MCFI and RockJIT and PiCFI . Please see this GitHub page.
All news...

Events Involved

Program committee members: Usenix Security 2018; Oakland 2018; Wisa 2018; ECOOP 2018; SecDev 2018; Oakland 2017; CloudCom 2017; Wisa 2017; ISC 2017; SecDev 2017; Feast 2017; LangSec 2017; CCS 2016; Oakland 2016; ACNS 2016; LangSec 2016; SECURWARE 2016; CCS 2015; APLAS 2015; ASIACCS 2015; CloudCom 2015; SECURWARE 2015; MCS 2015; CCS 2014; ASIACCS 2014; NDSS 2014; SECURWARE 2014; OOPSLA 2013; APLAS 2013; CPP 2013; SPIot 2012; Open 64; WWW 2011 (abuse, security and privacy track); SPIoT 2011; CHINACOM 2010, CHINACOM 2009 (network and information security symposium);
Associate Editor, International Journal on Cybersecurity
Organizing committee members: Web chair, CGO 2019
CPSS 2012: joint summer schools on cryptography and principles of software security

Teaching

CMPSC 461, Programming Language Concepts, Spring 17, Spring 18
CSE 597, Special topics on theorem proving and static analysis, Fall 16
CMPSC 443, Introduction to Computer and Network Security, Spring 16
CSE 262, Programming Languages, Fall 15, Fall 14, Spring 14, Fall 13, Spring 13, Fall 12, Spring 12, Fall 11, Fall 10
CSE 411, Advanced Programming Techniques, Fall 15, Fall 14, Fall 13
CSE 334/434, Software System Security, Fall 12, Fall 10, Fall 08
CSE 497, Advanced Programming Languages, Fall 11
CSE 216, Software Engineering, Spring 10, Spring 09
CSE 397/497, Programming Languages Design & Analysis Fall 09

All Publications (by Year, by Topic)

Representative Publications

Sensitive Information Tracking in Commodity IoT. Z. B. Celik, L. Babun, A. K. Sikder, H. Aksu, G. Tan, P. McDaniel, and A. S. Uluagac. In 27th Usenix Security Symposium, page To appear, 2018
Soteria: Automated IoT Safety and Security Analysis. Z. B. Celik, P. McDaniel, and G. Tan. In USENIX Annual Technical Conference (ATC), page To appear, 2018
tauCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries. P. Muntean, M. Fischer, G. Tan, Z. Lin, J. Grossklags, and C. Eckert. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID), page To appear, 2018
From Debugging-Information Based Binary-Level Type Inference to CFG Generation. D. Zeng and G. Tan. In 8th ACM Conference on Data and Application Security and Privacy (CODASPY), to appear, 2018. [paper] Outstanding paper award.
Principles and Implementation Techniques of Software-Based Fault Isolation. G. Tan. Foundations and Trends in Privacy and Security, 1(3):137–198, 2017. [paper]
PtrSplit: Supporting General Pointers in Automatic Program Partitioning. S. Liu, G. Tan, and T. Jaeger. In 24th ACM Conference on Computer and Communications Security (CCS), pages 2359–2371, 2017. [paper]
CFG Construction Soundness in Control-Flow Integrity. G. Tan and T. Jaeger. In ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS), pages 3–13, 2017. [paper]
ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation. K. Tian, G. Tan, D. Yao, and B. Ryder. In ACM Workshop on Forming an Ecosystem Around Software Transformation (FEAST), pages 35–41, 2017. [paper]
Bidirectional Grammars for Machine-Code Decoding and Encoding. G. Tan and G. Morrisett. Journal of Automated Reasoning, to appear, 2017. [paper]
Detection of Repackaged Android Malware with Code-Heterogeneity Features. K. Tian, D. Yao, B. Rider, G. Tan, and G. Peng. IEEE Transactions on Dependable and Secure Computing, to appear, 2017. [paper]
Bidirectional Grammars for Machine-Code Decoding and Encoding. G. Tan and G. Morrisett. In 8th International Conference on Veriﬁed Software: Theories, Tools, and Experiments (VSTTE), pages 73–89, 2016. [paper]
Languages Must Expose Memory Heterogeneity. X. Guo, A. Shrivastava, M. Spear, and G. Tan. In Second International Symposium on Memory Systems (MEMSYS), pages 251–256, 2016. [paper]
Analysis of Code Heterogeneity for High-Precision Classiﬁcation of Repackaged Malware. K. Tian, D. Yao, B. G. Ryder, and G. Tan. In Workshop on Mobile Security Technologies (MoST), pages 262–271, 2016. [paper]
Per-Input Control-Flow Integrity. B. Niu and G. Tan. In 22nd ACM Conference on Computer and Communications Security (CCS), pages 914–926, 2015. [paper]
Producing Hook Placements to Enforce Expected Access Control Policies. D. Muthukumaran, N. Talele, T. Jaeger, and G. Tan. In 7th International Symposium on Engineering Secure Software and Systems (ESSoS), pages 178–195, 2015. [paper]
JNI Light: an operational model for the core JNI. G. Tan. Mathematical Structures in Computer Science, 25(4):805–840, 2015. [paper]
RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity. B. Niu and G. Tan. In 21st ACM Conference on Computer and Communications Security (CCS), pages 1317–1328, 2014. [paper]
Finding Reference-Counting Errors in Python/C Programs with Aﬃne Analysis. S. Li and G. Tan. In European Conference on Object-Oriented Programming (ECOOP), 2014. [paper]
Modular Control Flow Integrity. B. Niu and G. Tan. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 577–587, 2014. [paper]
Monitor Integrity Protection with Space Eﬃciency and Separate Compilation. B. Niu and G. Tan. In 20th ACM Conference on Computer and Communications Security (CCS), 2013. [paper]
Strato: A Retargetable Framework for Low-Level Inlined-Reference Monitors. B. Zeng, G. Tan, and Ú. Erlingsson. In 22nd Usenix Security Symposium, pages 369–382, 2013. [paper]
Bringing Java’s wild native world under control. M. Sun, G. Tan, J. Siefers, B. Zeng, and G. Morrisett. ACM Transactions on Information and System Security (TISSEC), 16(3):9:1–9:28, 2013. [paper]
RockSalt: Better, Faster, Stronger SFI for the x86. G. Morrisett, G. Tan, J. Tassarotti, J.-B. Tristan, and E. Gan. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 395–404, 2012. [paper]
Combining control-ﬂow integrity and static analysis for eﬃcient and validated data sandboxing. B. Zeng, G. Tan, and G. Morrisett. In 18th ACM Conference on Computer and Communications Security (CCS), pages 29–40, 2011. [paper]
JET: Exception checking in the Java Native Interface. S. Li and G. Tan. In ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 345–358, 2011. [paper]
Finding bugs in exceptional situations of JNI programs. S. Li and G. Tan. In 16th ACM Conference on Computer and Communications Security (CCS), pages 442–452, 2009. [paper]
An empirical security study of the native code in the JDK. G. Tan and J. Croft. In 17th Usenix Security Symposium, pages 365–377, 2008. [paper|tech report|presentation]
A Compositional Logic for Control Flow. G. Tan and A. Appel. In International Conference on Veriﬁcation, Model Checking, and Abstract Interpretation (VMCAI), pages 80–94, 2006. [paper|presentation]
Dynamic Typing with Dependent Types. X. Ou, G. Tan, Y. Mandelbaum, and D. Walker. In Proceedings of IFIP 3rd International Conference on Theoretical Computer Science, pages 437–450, 2004. [paper]

Links