W358 Westgate Building
Computer Science & Engineering
Penn State University
University Park, PA 16802
Princeton University, Department of Computer Science, 1999–2005
Doctor of Philosophy, Awarded in 2005. Advisor: Andrew W. Appel.
Master of Arts, Awarded in 2001.
Tsinghua University, Department of Computer Science, China, 1994–1999.
Bachelor of Engineering in Computer Science (with distinction), Awarded in 1999.
Bachelor of Economics, Awarded in 1999.
Pennsylvania State University, University Park, PA. Full professor of Computer Science & Engineering. 07/2020–present. Co-director of Institute for Networking and Security Research (INSR), 07/2023–present. Also a co-hire of Institute for Computational and Data Science (ICDS).
Pennsylvania State University, University Park, PA. Associate Prof. of Computer Science & Engineering. Tenured. 1/2016–06/2020. Also a co-hire of ICDS.
Intelligent Automation, Inc., Rockville, MD. Consultant. 2/2020–5/2020; 4/2018–9/2018, 4/2016–8/2017, and 3/2013–9/2014.
Lehigh University, Bethlehem, PA. Associate Prof. of Computer Science & Engineering. Tenured. 6/2015–12/2015.
Lehigh University, Bethlehem, PA. Assistant Prof. of Computer Science & Engineering. 8/2008–5/2015.
Microsoft Research, Redmond, WA. Consulting Researcher. 6/2007–6/2008.
Boston College, Chestnut Hill, MA. Asst. Prof. of Computer Science. 9/2005–6/2008.
NEC Labs America, Princeton, NJ. Research summer intern. 2004.
Microsoft Research, Redmond, WA. Research summer intern. 2002.
Software security, programming languages, formal methods, software engineering.
Best Paper Award, DISV: Domain Independent Semantic Validation of Data Files, 9th Workshop on Language-Theoretic Security (LangSec), 2023.
Best Paper Award, Lightweight Kernel Isolation with Virtualization and VM Functions, 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), 2020.
DARPA Information Science and Technology (ISAT) study group, 2020–2024.
Ruth and Joel Spira Excellence in Teaching Award, Penn State, 2018.
Distinguished Reviewer Award, 39th IEEE Symposium on Security and Privacy (Oakland), 2018.
Outstanding Paper Award, From Debugging-Information Based Binary-Level Type Inference to CFG Generation, 8th ACM Conference on Data and Application Security and Privacy (CODASPY), 2018.
Best Demo Award, Sensitive Information Tracking in Commodity IoT, Florida Institute of Cybersecurity Research Annual Conference on Cybersecurity, 2018.
James F. Will Career Development Professorship, Pennsylvania State University, 2016-2018.
National Science Foundation Career Award, 2012.
Google Faculty Research Award, 2010 and 2012.
Faculty Fellowship, Boston College, 2008.
Francis Upton Graduate Fellowship, Princeton Univ., 1999 – 2003.
Tsinghua University Scholarship, 1995, 1996 and 1998.
HSBC Bank Scholarship, 1997.
Lenovo Cup Computer Programming Contest, First Prize, 1995.
China National Olympic Contest on Information Science, First Prize, 1993.
Yongzhe Huang, PSU CSE Outstanding Research Award, 2022.
Ben Niu, ACM SIGSAC Doctoral Dissertation Award Runner-Up, 2016.
Matthew Kilgore, Honorable Mention in CRA’s Outstanding Undergraduate Award, 2015.
Jason Croft, Honorable Mention in CRA’s Outstanding Undergraduate Award, 2009.
NSF CNS-2243632: Precise and Robust Binary Reverse Engineering and its Applications. Principal Investigator. Total: $600,000. Penn State’s portion: $600,000. 2023-2026.
NSF CNS-2230061: Detecting and Localizing Non-Functional Vulnerabilities in Machine Learning Libraries. Principal Investigator. Collaborative Research with Saeid Tizpaz-Niari (UT El Paso). Total: $600,000. Penn State’s portion: $246,643. 2023-2026.
NSF CNS-1956032: Automatic Software Patching against Microarchitectual Attacks. Co-Principal Investigator. With Danfeng Zhang (PI), Mahumut Kandemir, and Dinghao Wu. $500,000. 2020–2024.
DARPA HR0011-19-C-0106 (Defense Advanced Research Projects Office): Secure Handling of Isolated Executables without Leaking Data (SHIELD). Principal Investigator. With Trent Jaeger (Co-PI). Subcontractor to Perspecta Labs. Penn state portion: $650,000. 2019–2024.
NSF CNS-1900873: Automated IoT Safety and Security Analysis and Synthesis. Co-Principal Investigator. With Patrick McDaniel (PI). $1,199,869. My group’s portion: $600,000. 2019–2024.
NSF CNS-1801534: Threat-Aware Defense: Evaluating Threats for Continuous Improvement. Co-Principal Investigator. Collaborative research with Trent Jaeger and Matthias Payer. $1,200,000. My group’s portion: $400,000. 2018–2024.
DARPA HR0011-19-C-0073 (Defense Advanced Research Projects Office): SPARTA—the Secure Parser Toolkit for Assurance. Principal Investigator. Subcontractor to Galois Inc.. My group’s portion: $1,020,327. 2019–2023.
NSF CCF-1723571: Lightweight Abstract Memory Features. Principal Investigator. Collaborative research with Mike Spear and Xiaochen Guo at Lehigh, and Aviral Shrivastava at Arizona State. Jointly supported by NSF and Intel. $2,000,000. My group’s portion: $500,000. 2017–2020.
ONR (Office of Naval Research) N00014-17-1-2539: Semantics-Directed Binary Reverse Engineering and Transformation Validation. Principal Investigator. $500,000. 2017–2020.
NSF CNS-1408826: Retrofitting Software for Defense-in-Depth. Principal Investigator. Collaborative research with Trent Jaeger at Penn State, Vinod Ganapathy at Rutgers, and Christian Skalka at U. of Vermont. $1,200,000. My group’s portion: $300,000. 2014–2018.
DARPA (Defense Advanced Research Projects Office) N6600117C4052: Automatic Generation of Anti-Specifications from Exploits for Scalable Program Hardening. Principal Investigator. Subcontractor to Virginia Tech. My group’s portion:$190,000. 2017–2018.
AFRL (Air Force Research Laboratory) FA8750-14-C-0179: SLICE: Secure Lightweight Cloud Computing Environment. Principal Investigator. Subcontractor to Intelligent Automation Inc.. $30,000. 2014–2015.
NSF CCF-1217710: Reusable Tools for Formal Modeling of Machine Code. Principal Investigator. Collaborative research with Greg Morrisett at Harvard. $477,495. My group’s portion: $258,785. 2012–2015. REU supplement: $16,000.
NSF CAREER CCF-1149211: User-Space Protection Domains for Compositional Information Security. Principal Investigator, NSF, $483,125, 2012–2017.
Google Research Award: A Fully Certified Native Client Verifier. Principal Investigator. $50,100. 2012–2013.
Google Research Award: Native Client with Trustworthy Verifier and Stronger Security. Principal Investigator. $60,000. 2010–2011.
NSF CCF-0915157: Securing Multilingual Software Systems. Principal Investigator. Collaborative research with Greg Morrisett at Harvard. CCF-0915157. $480,131. My group’s portion: $265,048. 2009–2012. REU supplement: $16,000.
NSF IIS-0854606: Structuring, Reasoning, and Querying in a Very Large Medical Image Database. Principal Investigator. Collaborative Research with Xiaolei Huang and Dan Lopresti at Lehigh, and George Nagy at RPI. $392,000. My group’s portion: $54,464. 2008–2011.
Lehigh Collaborative Research Opportunity (CORE) Grant. Principal Investigator (with Co-PI Parv Venkitasubramaniam from the ECE department). Quantitative Information Flow for Security and Privacy in Software Systems, $36,770, 2014–2015.
ACM member; IEEE senior member.
K. Tian, D. Yao, G. Tan. Android-Application Rewriting with Quantitative Information Flow Analysis. Poster at the 2016 Network and Distributed System Security Symposium (NDSS), Feb., 2016.
B. Niu and G. Tan. Chobham: Taming JIT-ROP Attacks. Poster at the 2015 Network and Distributed System Security (NDSS) Symposium, Feb., 2015.
B. Niu and G. Tan. uPro: A Compartmentalization Tool Supporting Fine-Grained and Flexible Security Configuration. Poster at the 18th ACM Conference on Computer and Communication Security (CCS), Oct. 2011.
A. Appel, M. Ginsburg, H. Hursti, B. Kernighan, C. Richards, and G. Tan. Insecurities and Inaccuracies of the Sequoia AVC Advantage 9.00H DRE Voting Machine. Redacted version of expert report submitted in Gusciora v. Corzine, September 2008.
J. Croft and G Tan. Security Analysis of the Native Code in Sun’s JDK. In 23rd Annual Computer Security Applications Conference (ACSAC), work-in-progress session, Dec. 2007.
G. Tan. A Compositional Logic for Control Flow and its Application in Foundational Proof-Carrying Code, Princeton University Ph.D. Thesis, July 2005.
G. Tan, A. Appel, S. Chakradhar, A. Raghunathan, S. Ravi and D. Wang. Safe Heterogeneous Applications: Curing the Java Native Interface. Princeton University Technical Report, TR-715-04, Oct. 2004.
G. Tan and A. Appel. A Typed Calculus for Machine Instructions and its Semantics in Higher-order Logic. Princeton University Technical Report, March 2004.
X. Ou, G. Tan, Y. Mandelbaum and D. Walker. Dynamic Typing with Dependent Types (Extended Version). Princeton University Technical Report TR-695-04, April 2004.
G. Tan and A. Appel. Semantics of Machine Instructions at Multiple Levels of Abstraction. Short paper at the 16th Symposium on Logic in Computer Science (LICS), 2001.
G. Tan and B. Niu. Methods for Enforcing Control Flow of Computer Programs. US Patent No. 9,361,102, filed in Jun 2015, awarded in Jun 2016.
Y. Chen and G. Tan. Tamper Response Mechanism. US Patent No. 7818799, filed in May 2006, awarded in Oct 2010.
PDG construction in LLVM. We released it in 2019 for LLVM 5.0 and 2020 for LLVM 9.0, at https://bitbucket.org/psu_soslab/program-dependence-graph-in-llvm/.
MCFI: a low-overhead CFI implementation with support for dynamic library loading and just-in-time compilation. We released it in 2015 at https://github.com/mcfi.
Robusta: a framework that allows JVM administrators to constrain native code with different trust levels, similar to how the security of Java code is configured. We released it in 2011 under the BSD license at http://www.cse.psu.edu/~gxt29/projects/gonative/
RockSalt: a new machine-code verifier for Google’s Native Client, with a formal correctness proof mechanized in Coq. We released it in 2012 under the GPL license at http://www.cse.psu.edu/~gxt29/projects/gonative/.
Keynote talk. Towards Secure and Reliable IoT Applications. 2nd Workshop on the Internet of Things Security and Privacy (IoT S&P), Oct. 2019.
Invited talk. Bidirectional and Executable Specifications of Machine Code Decoding and Encoding. Invited talk at the Fifth Workshop on Language-Theoretic Security (LangSec), San Francesco, May 2018.
Keynote talk. Protecting Dynamic Code by Modular Control-Flow Integrity. International Workshop on Modularity Across the System Stack (MASS 2016), Mar. 2016.
Invited talk. Reusable Tools for Formal Modeling of Machine Code. Invited talk at the Principles in Practice (PiP) Workshop associated with the 2014 POPL Conference, San Diego, Jan. 2014.
Invited lecture. 2012 Summer School on Cryptography and Principles of Software Security, Binary-Level Software Security, Penn State University, May 2012.
Compiler-based Side Channel Detection and Mitigation. At the Dagstuhl Seminar on Secure Compilation, Dagstuhl, Nov, 2021.
Recent Advances in Automatic Privilege Separation. DC-Area Anonymity, Privacy, and Security Seminar (DCAPS). Dec. 2019. Also at Microsoft Research Cambridge, Feb. 2020, and at Intel Security Forum, Apr, 2020.
Checking IoT Apps for Property Violations. University of Louisiana at Lafayette. Feb. 2019; and China University of Petroleum, July 2019.
Modular Control-Flow Integrity. At the Dagstuhl Seminar “The Continuing Arms Race: Code-Reuse Attacks and Defenses”, Dagstuhl, July, 2015.
A Compiler-Centric Approach to Software Security. Penn State. Apr. 2015.
Control Flow Integrity: Efficiency and Modularity. Virginia Tech. Oct. 2014.
Modular Control Flow Integrity. Zhejiang University, Jul 2014.
Reusable Tools for Formal Modeling of Machine Code. Chinese Institute of Software, Jul 2014.
Software Security at the Binary Level. Center for the Advancement of Research and Education at Rochester Institute of Technology, May 2012. Also at Peking University, Jun 2012. Also at Intelligent Automation, Inc. Jan 2013.
Towards Verifiably Safe Machine Code. CyLab at Carnegie Mellon University, Mar. 2012.
GoNative: Safe Native Code for Safe Languages. USTC-Yale Joint Research Center, Suzhou, China, Dec. 2010.
Protecting Java from Native Code. IBM’s T.J. Watson research center in Hawthorne, Feb. 2009. Also at Department of Computer Science and Technology, Tsinghua University, May 2009.
Language-Based Security for Java-C Interoperation. UCLA Seminar, Jul. 2008.
Interface Safety in Multilingual Software. Northeastern Programming Languages Seminar, Feb. 2008.
Security Analysis of the Native Code in the JDK. Princeton University Computer-Science Security Lunch Seminar, Nov. 2007.
Inter-Language Analysis across Java and C. Boston University Computer-Science Colloquium, Oct. 2007.
Towards Reliable and Secure Software. Lehigh University Colloquium, Apr. 2006.
Safe Java Native Interface. Triforce seminar, Harvard University, Mar. 2006.
A Compositional Logic for Control Flow. The Church Project Seminar, Boston University, Oct. 2005.
Reliable and Secure Software through Static Verification and Dynamic Checking. NEC Labs America. Apr. 2005.
Structured Verification of Unstructured Machine Code. Toyota Technological Institute at Chicago. Feb. 2005.
Construction of a Semantic Model for a Typed Assembly Language. Ottawa Carleton Logic Seminar, University of Ottawa, Nov. 2003.
Protection Against Untrusted Code. Microsoft Research, Feb. 2002.
Towards Least-Privileged, Memory Safe Software Components. In Peraton Labs GAPS Technical Interchange Meeting, Basking Ridge, NJ, May, 2022.
Program Partitioning for Secure Memory. In Intel Computer Assisted Programming for Heterogeneous Architectures (CAPA) Annual Meeting, virtual meeting, Oct. 2020.
Program Partitioning for Secure Memory. In Intel Computer Assisted Programming for Heterogeneous Architectures (CAPA) Annual Meeting, Santa Clara, Sep. 2019.
Semantics-Directed Binary Reverse Engineering and Translation Validation. In ONR Total Platform Cyber Protection (TPCP) Annual Meeting, Boston, June 2019.
Program Partitioning for Secure Memory. In Intel Computer Assisted Programming for Heterogeneous Architectures (CAPA) Annual Meeting, Santa Clara, Sep. 2018.
Semantics-Directed Binary Reverse Engineering and Translation Validation. In ONR Total Platform Cyber Protection (TPCP) Annual Meeting, Seattle, May 2018.
Bidirectional Grammars for Machine-Code Decoding and Encoding. In 8th Working Conference on Verified Software: Theories, Tools, and Experiments (VSTTE), Jul. 2016. Also in Deep Spec Workshop, May 2016.
Software Security: A Compiler-Based Perspective. School of Electrical Engineering and Computer Science Industrial and Professional Advisory Council (IPAC) meeting, Mar. 2016. Also at the 2016 Silicon Happy Valley conference.
Modular Control-Flow Integrity. In the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Edinburgh, UK, Jun. 2014.
Monitor Integrity Protection with Space Efficiency and Separate Compilation. In 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, Nov. 2013.
Towards Safe Language Interoperation. Pre-Program-Committee-Meeting Workshop of OOPSLA. University of California at Irvine, May 2013.
JATO: Native Code Atomicity for Java. Tenth Asian Symposium on Programming Languages and Systems (APLAS 2012), Kyoto, Japan, Dec. 2012.
JNI Light: An Operational Model for the Core JNI. Eighth Asian Symposium on Programming Languages and Systems (APLAS 2010), Shanghai, China, Dec. 2010.
Weak Updates and Separation Logic. New Jersey Programming Languages Seminar, Apr. 2010.
Weak Updates and Separation Logic. Seventh Asian Symposium on Programming Languages and Systems (APLAS 2009), Seoul, South Korea, Dec. 2009.
An Empirical Security Study of the Native Code in the JDK. Seventeenth USENIX Security Symposium (Security ’08), San Jose, CA, Jul. 2007.
ILEA: Inter-Language Analysis across Java and C. Twenty-second ACM Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA ’07), Research Paper Track, Montreal, Canada, Oct. 2007.
Delayed and Controlled Failures in Tamper-Resistant Software. Eighth Information Hiding (IH ’07), Old Town Alexandria, Virginia, USA, Jul. 2006.
Safe Java Native Interface. IEEE International Symposium on Secure Software Engineering (ISSSE 06), McLean, Virginia, USA, Mar. 2006.
A Compositional Logic for Control Flow. Seventh International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI ’06), Charleston, South Carolina, USA, Jan. 2006.
Construction of a Semantic Model for a Typed Assembly Language. Fifth International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI ’04), Venice, Italy, Jan. 2004.
Enforcing Resource Usage Protocols via Scoped Methods. Tenth International Workshop on Foundations of Object-Oriented Languages (FOOL ’03), New Orleans, Louisiana, USA, Jan. 2003.
Semantics of Machine Instructions at Multiple Levels of Abstraction. NJ Programming Languages and Systems Seminars, AT&T Research, May 2001.
Spring 2020. CMPSC 461. Programming Language Concepts. Session 1: 130 students; instructor quality evaluation: 6.33/7. Session 2: 130 students; instructor quality evaluation: 6.43/7.
Spring 2019. CMPSC 447. Software Security. 41 students; instructor quality evaluation: 6.6/7.
Spring 2019. CSE 597. Special Topics on Binary-Level Program Analysis. 23 students; instructor quality evaluation: 6.3/7.
Spring 2018. CMPSC 461. Programming Language Concepts. 143 students; instructor quality evaluation: 6.7/7.
Spring 2017. CMPSC 461. Programming Language Concepts. 121 students; instructor quality evaluation: 6.5/7.
Fall 2016. CSE 597. Special topics on theorem proving and static analysis. 5 students; instructor quality evaluation: 7/7.
Spring 2016. CMPSC 443. Introduction to Computer and Network Security. 56 students; instructor quality evaluation: 6.4/7.
Fall 2015. CSE 262. Programming Languages.
Fall 2015. CSE 411. Advanced Programming Techniques.
Spring 2015. CSE 262. Programming Languages.
Fall 2014. CSE 262. Programming Languages.
Fall 2014. CSE 411. Advanced Programming Techniques.
Spring 2014. CSE 262. Programming Languages. 30 students; evaluation: 4.71/5.
Fall 2013. CSE 262. Programming Languages. 69 students; evaluation: 4.29/5
Fall 2013. CSE 411. Advanced Programming Techniques. 28 students; evaluation: 4.79/5
Spring 2013. CSE 262. Programming Languages. 32 students; evaluation: 4.58/5.
Fall 2012. CSE 262. Programming Languages. 49 students; evaluation: 4.56/5.
Fall 2012. CSE 334/434. Software System Security. 19 students; evaluation: 4.79/5.
Spring 2012. CSE 262. Programming Languages. 54 students; evaluation: 4.5/5.
Fall 2011. CSE 262. Programming Languages. 28 students; evaluation: 4.90/5.
Fall 2011. CSE 497. Advanced Programming Languages. 13 students; evaluation: 4.31/5.
Fall 2010. CSE 262. Programming Languages. 18 students; evaluation: 4.85/5.
Fall 2010. CSE 397/497. Software System Security. 21 students; evaluation: 4.93/5.
Spring 2010. CSE 216. Software Engineering. 30 students; evaluation: 4.04/5.
Fall 2009. CSE 397/497. Programming Language Design & Analysis. 8 students; evaluation: 5/5.
Spring 2009. CSE 216. Software Engineering. 31 students; evaluation: 4.43/5.
Fall 2008. CSE 397/497. Software System Security. 7 students; evaluation: 4.83/5.
Fall 2007. CS361. Information Security. Boston College.
Spring 2007. CS366. Principles of Programming Languages. Boston College.
Fall 2006. CS390. Information Security. Boston College.
Fall 2005. CS383. Algorithms. Boston College.
Sun Hyoung Kim (Ph.D. student, fall 2017–now).
Michael Norris (Ph.D. student, fall 2017–now).
Yongzhe Huang (Ph.D. student, fall 2019–now).
Ashish Kumar (Ph.D. student, fall 2019–now).
Xiaodong Jia (Ph.D. student, fall 2019–now).
Jialun Zhang (Ph.D. student, fall 2021–now).
Monika Sandra (Ph.D. student, fall 2022–now).
Dongrui Zeng. Graduated in Dec 2021. Thesis title: Evaluating the Attack Surface of Control Flow Integrity.
Robert Brotzman Smith. Graduated in May 2021. Thesis title: Detecting and Mitigating Cache-Based Side-Channels.
Shen Liu. Ph.D. Graduated in May 2020. Thesis title: Quantitative Privilege Separation with Pointer Supports.
Ben Niu. Ph.D. Graduated in December 2015. Thesis title: Practical Control-Flow Integrity. Current Position: Research Software Development Engineer at Microsoft Research.
Siliang Li. Ph.D. Graduated in May 2014. Thesis title: Improving Quality of Software with Foreign Function Interfaces using Static Analysis.
Elizabeth Carter. Ph.D. Graduated in May 2014. Co-advised with Glenn Blank. Thesis title: An Intelligent Debugging Tutor For Novice Computer Science Students.
Zhen Huang, 2018–2019; now Assistant Professor at DePaul University.
Suman Saha, co-supervised with Greg Morrisett, 2013; now Assistant Professor at Illinois State University.
Zhiyuan Wan, 2015; now at Zhejiang University.
Tatheer Zahra, M.S., May 2023, non-thesis option.
Aditya Sharma, M.S., Dec 2022, non-thesis option.
Jialun Zhang, M.S., May 2021, Interval Parsing Grammar for File Format Specification.
Ke Liang, M.S., May 2021, Inferring Aliasing and Buffer Size Relationship in C via Graph Neural Networks.
Qingyuan Zhang, M.S., May 2021, A Symbolic Data Dependence Analysis with Abstract Interpretation.
Eralp Sahin, M.S., Jul 2020, Automatic EDL Generation For Intel Software Guard Extensions.
Qing Gong, M.S., May 2019. Extending Parallel Datalog with Lattice.
Yongzhe Huang, M.S., May 2019. Automatic IDL Generation for Privilege Separation.
Anish Prasad Paranjpe, M.S., May 2019. Bohemia: a Validator For Parser Frameworks.
Hao Li, M.S., Aug 2018. System Call Trace Based Probabilistic Program Modeling for Exploitation Detection.
Ashley Huhman, M.S., May 2018. Binary-Level Type Inference Using Datalog.
Sheng-Hsiu Lin, M.S., May 2015. Alias Analysis in LLVM.
Mengtao Sun, M.A., May 2012.
Joseph Siefers, M.S., May 2010. Robusta: Taming the Native Beast of the JVM.
Changwei Zou, University of New South Wales. Software-Based Techniques for Protecting Return Addresses. External examiner, 2021.
Zeyu Ding, Penn State University. Violation Detection, Extra Information Release and Secure Implementation for Differentially Private Mechanisms, 2022.
Yuxin Wang, Penn State University. Automated Programming Frameworks for Analyzing Differential Privacy, 2022.
Peixuan Li, Penn State University. Towards Practical Information Flow Analysis, 2021.
Spyridoula Gravani, University of Rochester.
Lunpin Yuan, Penn State University, 2017. A Study of Android Security: From User-generated Data to User-generated Code.
Z. Berkay Celik, Penn State University, 2019. Automated IoT Security and Privacy Analysis.
Eunjung Yoon, Penn State University, 2019. Ensuring Service Integrity in Cloud Computing Environment.
Ke Tian, Virginia Tech, 2018. Android Security Demystified: From Malware Detection to Post-detection Rewriting.
Xinyang Ge, Penn State University, 2016. Enforcing execution integrity for software systems.
Yujie Liu, Lehigh University, 2015. Crafting Concurrent Data Structures.
Wenjia Ruan, Lehigh University, 2015. Accelerating Transactional Memory by Exploiting Platform Specificity.
Rui Shi, Boston University, 2007. Types for Safe Resource Sharing in Sequential and Concurrent Programming.
Cong Ma, Quantifying and Mitigating Cache Side Channel Leakage with Differential Set, 2022.
Yohan Beugin, Building a Secure and Privacy-Preserving Smart-Camera system, Penn State University, 2021.
Kaiming Huang, DataGuard: Guarded Pages For Augmenting Stack Object Protections, Penn State University, 2020.
Michael Steward, Global Permission Derivation Chain Granting and Revoking Permissions Using a Distributed Ledger, Penn State University, 2020.
Adam Mohammed, Detecting Non-Constant Time Code in Cryptography Libraries using a Static Information Flow Analysis, Penn State University, 2018.
Srikumar Sridhar, Testbed Design for Evaluation of Active Cyber Defense Systems, Penn State University, 2018.
Honors thesis advising. Normen Yu (2023); Brian Ouzomgi (2021); Alyssa Jo Tice (2020) ; Corey Capooci (2018); Apurva Bhogale (2018).
Undergraduate research assistants. Francesco Grossi (summer 2014). Sara Huser (summer 2014). Robert Brotzman Smith and Matthew Hartman (summer 2014). Matthew Kilgore (summer 2013; Won Honorable Mention in 2015 CRA’s Outstanding Undergraduate Award). Matthew Messersmith (summer 2013). Mark Kogan (spring, summer and fall 2012, summer 2013). Tyler Trephan (summer 2012). Alex Galakatos (summer 2011). David Stolfo (spring 2011). Evans Kosgei (summer 2010). Jason Croft (summer 2007–May 2008; Won Honorable Mention in 2009 CRA’s Outstanding Undergraduate Award). Michael Dubinsky (summer 2006).
Senior design projects. Irene Lau and Daniel Kramer (fall 2015). Lauren Mentzer and Lian Block (fall 2015). Rodney Christman (fall 2014). Seth Denburg and Ryan Ramirez (fall 2013).
Independent studies. James Lamberti (fall 2014).
Member of a team of expert computer scientists in a study of the software and hardware of the Sequoia AVC Advantage Voting Machine. We wrote an expert report in support of the plaintiffs in a New Jersey voting-machine lawsuit (Gusciora et al. v. Corzine et al.). July 2008.
Advisory groups
DARPA Information Science and Technology (ISAT) study group, 2020–2024.
Steering committee member, the Joint Workshop on CPS & IoT Security and Privacy (CPSIoTSec), 2020–present.
Organizing committee member, the IEEE Workshop on Language-Theoretic Security (LangSec), 2022–present.
Editor/editorial review board membership for scholarly publications
Editorial Board Member, International Journal on Cybersecurity, 2017–present.
Editorial Board Member, Journal of Surveillance, Security, and Safety, 2022–present.
Associate Editor, GSTF Journal On Computing (JoC), 2014–2018.
Program chairs/co-chairs
Program Co-Chair, IEEE International Symposium on Secure and Private Execution Environment Design (SEED), 2024.
Program Co-Chair, DARPA/ISAT workshop on Radical Paradigm for Innovative Design of Systems (RAPIDS), 2023.
Program Co-Chair, 8th Workshop on Language-Theoretic Security (LangSec), San Francisco, USA, 2022.
Program Co-Chair, 7th Workshop on Language-Theoretic Security (LangSec), San Francisco, USA, 2021.
Program Co-Chair, DARPA/ISAT workshop on Data-Oblivious Interdisciplinary Representation (DOPLR), 2020.
Program Co-Chair, 6th Workshop on Language-Theoretic Security (LangSec), San Francisco, USA, 2020.
Conference organizing committees
Workshop Chair, ACM Conference on Computer and Communications Security (CCS), USA, 2020.
Poster Co-Chair, 2020 Network and Distributed System Security Symposium (NDSS), San Diego, USA.
Poster Co-Chair, 2019 Network and Distributed System Security Symposium (NDSS), San Diego, USA.
Web Chair, 2019 International Symposium on Code Generation and Optimization, Washington DC, USA.
Member of conference program committees
IEEE Symposium on Security and Privacy (Oakland), 2024, 2022, 2021, 2018, 2017, and 2016.
Annual Network & Distributed System Security Symposium (NDSS), 2021, 2020, and 2014.
ACM Conference on Computer and Communications Security (CCS), 2016, 2015, and 2014.
27th USENIX Security Symposium, 2018.
ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2023.
ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA), 2013.
European Conference on Object-Oriented Programming (ECOOP), 2018.
IEEE/ACM International Symposium on Code Generation and Optimization (CGO), 2024.
World Wide Web Conference (WWW), Abuse, Security, and Privacy Track, 2011.
IEEE European Symposium on Security and Privacy (Euro S&P), 2020, 2021. Award selection committee, 2021.
Asian Symposium on Programming Languages and Systems (APLAS), 2015 and 2013.
Workshop on Language-Theoretic Security (LangSec), 2023, 2018, 2017, and 2016.
World Conference on Information Security Applications (WISA), 2022, 2020, 2019, 2018, and 2017.
IEEE Secure Development Conference (SecDev), 2020, 2018 and 2017.
The Joint Workshop on CPS & IoT Security and Privacy (CPSIoTSec), 2023, 2022, 2021 and 2020.
International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE), 2022.
International Conference on Emerging Security Information, Systems and Technologies (SECURWARE), 2016, 2015, and 2014.
ACM Symposium on Information, Computer and Communications Security (AsiaCCS), 2015 and 2014.
IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2022, 2019, 2017, and 2015.
Military Communications Conference (MILCOM), 2023, 2022, and 2021.
International Symposium on Emerging Information Security and Applications (EISA), 2022 and 2021.
20th Information Security Conference (ISC), 2017.
Workshop on Forming an Ecosystem Around Software Transformation (FEAST), 2017.
14th International conference on Applied Cryptography and Network Security (ACNS), 2016.
International Workshop on Mobile Computing Security (MCS), 2015.
IEEE International Symposium on Security, Privacy and Anonymity in Internet of Things (SpaIoT), 2015 and 2014.
IEEE International Symposium on Security and Privacy in Internet of Things (SPIoT), 2013 and 2012.
IEEE International Workshop on Security and Privacy in Internet of Things (SPIoT), 2011.
10th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS), 2014.
3rd International Conference on Certified Programs and Proofs (CPP), 2013.
Open64 Workshop at PLDI’12, 2012.
New Jersey Programming Languages Seminar, Program Chair and Host, October 2009.
Network and Information Security Symposium at CHINACOM, 2009 and 2010.
International Workshop on Distance Education Technologies (DET 2007).
Session chairs
Session on Software Security in 2022 IEEE Symposium on Security and Privacy (Oakland).
Session on Program Analysis in 2021 Network and Distributed System Security Symposium (NDSS).
Session on Systems Security in 2020 IEEE European Symposium on Security and Privacy (Euro S&P).
Session on Side Channels in 2020 Network and Distributed System Security Symposium (NDSS).
Session on Executing in Untrusted Environments in 2018 Usenix Security.
Session on Authentication in 2018 IEEE Symposium on Security and Privacy (Oakland).
Session on Systems Security and Authentication in 2017 IEEE Symposium on Security and Privacy (Oakland).
Session on Attacks Using a Little Leakage in 2016 ACM Conference on Computer and Communication Security (CCS).
Session on Understanding Android Apps in 2015 ACM Conference on Computer and Communication Security (CCS).
Session on Access Control in 2014 ACM Conference on Computer and Communication Security (CCS).
Session on Security and Optimization in 2013 International Conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA).
Session on Trusted Computing Applications in 2012 ACM Workshop on Scalable Trusted Computing (ACM STC).
External reviewer: ACM Transactions on Privacy and Security 2021; IEEE Transactions on Computers 2013, 2019; IEEE Security and Privacy Magazine 2018; Journal of Software special issue on Frontier of Programming Languages and Systems 2016; Science of Computer Programming 2016, 2018; IEEE Transactions on Dependable and Secure Computing (TDSC) 2015, 2018, 2022; Journal of Computer Security 2014; Applied Mathematical Sciences 2014; ACM Transactions on Computer Systems 2014; International Journal of Information Security 2014; IEEE Transactions on Parallel and Distributed Systems 2013; Higher-Order and Symbolic Computation 2012; Journal of Computer Science and Technology (JCST) 2012; PLDI 2011; POPL 2010; ESOP 2010; INFOCOM 2010; ACM Transactions on Programming Languages and Systems (TOPLAS) 2006, 2008, and 2010, 2021; Logical Methods in Computer Science (LMCS) 2010; IEEE Transactions on Software Engineering (TSE) 2007; International Journal of Foundations of Computer Science (IJFCS) 2006.
Rapporteur, NSF, Convergence of Software Assurance Methodology and Trustworthy Semiconductor Design and Manufacture Workshop, Jan. 2013.
NSF review panel, 2009, 2010, 2012, 2013, 2016, 2020, 2022.
Organized a summer high-school teacher workshop on cyber security at Lehigh in 2012. The workshop helped teachers develop lesson plans for integration into their schools’ technology curriculum.
Panelist, “Understanding and Managing Cyber Crime: the Virtual Criminal”, United Nations, DPI/NGO Briefing. Feb. 2011.
School of EECS Promotion and Tenure Committee. Chair; 2022–2023. Member; 2018–2022.
School of EECS Steering Committee. Member; 2020–2022.
Departmental Promotion and Tenure Committee. Chair; 2020–2021. Member; 2017–2021.
Departmental Faculty Search Committee. Co-Chair; 2022–2023. Member; 2016–2017, 2019–2020, and 2021–2022.
Departmental Awards Committee. Chair; 2020–2022.
Departmental Colloquium. Chair; 2017–2020.
Departmental Strategic Committee. Member; 2017–2022.
Departmental Graduate Committee. Member; 2020–2022.
Departmental Curriculum Committee. Member; 2016–2017.
Security and Programming Language (SEPL) Seminar Series. Organizer; 2016.
Research Computing and Cyberinfrastructure (RCCI) Executive Committee. Member; 2022–2023.
Chief Information Security Officer (CISO) Advisory Board. Member; 2022–2023.
CSRE (Center for Security Research and Education) Director Search Committee. Member; 2021–2022.
Student Laptop Requirement Program Task Force. Member; 2021.
Engineering faculty Council. College of Engineering. Member; 2016–2019.
Institute for CyberScience Coordinating Committee. Member; 2016–2017, 2021–2023.
Schreyer Honors College Application Faculty Reviewer. Member; 2016.
Institute for CyberScience Seed Grant. Reviewer; 2016–2021.
RCEAS college first-year advisor for engineering students. 2013–2015.
University facility planning committee. Member; 2014–2015.
Departmental Professor of Practice (POP) search committee. Member; 2014.
RCEAS college faculty search committee, Smart Grid Cluster. Member; 2013.
RCEAS college committee for Stout Dissertation Award. Member; 2013.
Departmental publicity and web committee. Chair; 2011–2015. Member; 2009–2010.
Departmental computer facilities committee. Chair; 2014–2015. Member; 2011–2014.
Departmental graduate admission committee. Member; 2013–2014, 2008–2009.
Departmental colloquium committee. Chair; 2009–2010.
Departmental curriculum committee, Member; 2008–2010.
Computer science candidates day. 2012–2013.
Departmental benchmarking committee, Member; 2008.