Older news

  • (11/2018) Paper “IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT.” accepted by 2019 Network and Distributed System Security Symposium (NDSS).

  • (9/2018) Paper “CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation.” accepted by 2019 IEEE Symposium on Security and Privacy (Oakland).

  • (8/2018) NSF project “Threat-Aware Defense: Evaluating Threats for Continuous Improvement” funded; with Trent Jaeger and Matthias Payer.

  • (6/2018) Glad to receive a Ruth and Joel Spira Excellence in Teaching Award at Penn State.

  • (5/2018) Glad to receive a Distinguished Reviewer Award at 2018 IEEE Symposium on Security and Privacy.

  • (5/2018) Invited talk at LangSec 2018 [slides].

  • (5/2018) Paper “Sensitive Information Tracking in Commodity IoT” Automated IoT Safety and Security Analysis" accepted by Usenix Security.

  • (4/2018) Paper “Soteria: Automated IoT Safety and Security Analysis” accepted by Usenix Annual Technical Conference.

  • (4/2018) PSU news article about my group’s research.

  • (3/2018) Outstanding paper award for CODASPY paper “From Debugging-Information Based Binary-Level Type Inference to CFG Generation”.

  • (11/2017) The PICFI toolchain used in Google CTF 2017.

  • (10/2017) Darpa project “Automatic Generation of Anti-Specifications from Exploits for Scalable Program Hardening” funded; subcontractor to Virginia Tech.

  • (10/2017) Glad to announce a survey article on software-based isolation (SFI): Principles and Implementation Techniques of Software-Based Fault Isolation.

  • (9/2017) NSF/Intel project “CAPA: Lightweight abstract memory features” funded; in collaboration with Lehigh and Arizona State. [Penn State news release].

  • (8/2017) Paper “PtrSplit: Supporting General Pointers in Automatic Program Partitioning” accepted by CCS 2017.

  • (5/2017) ONR project on Semantics-Directed Binary Reverse Engineering and Transformation Validation funded. Thanks to ONR!

  • (10/2016) Congratulations to Ben, whose dissertation won ACM SIGSAC Dissertation Award Runner-Up.

  • (3/2016) Keynote talk at MASS 2016 about MCFI/RockJIT/PICFI; Title: “Protecting Dynamic Code by Modular Control-Flow Integrity” [slides].

  • (12/2015) Congratulations to Ben, who finished his Ph.D. with thesis “Practical Control-Flow Integrity”.

  • (7/2015) Paper “Per-Input Control-Flow Integrity” accepted by CCS 2015.

  • (6/2015) We are glad to release the source code of MCFI and RockJIT and PiCFI . Please see this GitHub page.

  • (12/2014) The RockSalt repository has moved to GitHub. The latest version can be found at here.

  • (11/2014) Paper “Producing Hook Placements To Enforce Expected Access Control Policies” accepted by ESSOS 15.

  • (8/2014) NSF medium project “Retrofitting software for defense-in-depth” funded; in collaboration with Penn State, Rutgers, and U. of Vermont. [Lehigh news release]

  • (7/2014) Paper “RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity” accepted by CCS 2014.

  • (5/2014) Congratulations to Siliang, who finished his Ph.D. with thesis “Improving quality of software with foreign function interfaces using static analysis”.

  • (5/2014) Paper “NativeGuard: Protecting Android Applications from Third-Party Native Libraries” accepted by WiSec 2014.

  • (3/2014) Paper “Finding Reference-Counting Errors in Python/C Programs with Affine Analysis” accepted by ECOOP 2014.

  • (2/2014) Paper “Modular Control Flow Integrity” accepted by PLDI 2014.

  • (1/2014) Invited talk at PiP 2014 [slides].

  • (7/2013) A paper about Monitor Integrity Protection (MIP) accepted by CCS 2013.

  • (4/2013) Strato paper accepted by Usenix Security 2013.

  • (2/2013) We are glad to release the source code of the second version of Robusta (now dubbed Arabica). Please see this page.

  • (1/2013) DuPro paper accepted by AsiaCCS 2013.

  • (9/2012) The GoNative project received a Google Research Award.

  • (6/1012) Arabica paper accepted by ESORICS 12.

  • (1/2012) RockSalt paper accepted by PLDI 2012.

  • (1/2012) We are glad to open source RockSalt 1.0, which includes a high-fidelity model of a subset of x86 in Coq. See this page.

  • (1/2012) Dr. Gang Tan received the NSF Faculty Early Career Development (CAREER) award with the project “User-Space Protection Domains for Compositional Information Security”.

  • (11/2011) We are glad to release the source code of Robusta 1.0; Please see this page.

  • (7/2011) Research paper “Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing” accepted by CCS-2011

  • (6/2011) Research paper “Detection and Classification of Different Botnet C&C Channels” accepted by ATC-2011

  • (6/2011) Research paper “JET: Exception checking in the Java Native Interface” accepted by OOPSLA ‘11

  • (2/2011) Tan was a UN Panelist on fighting cybercrime

[comment]: # (poster: www.un.org/wcm/webdav/site/dpingorelations/shared/Documents/PDF%20Documents/FINAL%20Programme%20Cybercrime%203%20February%202011.doc%20(app%20gbts).pdf)

  • (1/2011) Research paper “JNI Light: An Operational Model for the Core JNI” published in the NGC journal

  • (8/2010) Research paper “JNI Light: An Operational Model for the Core JNI” accepted by APLAS ‘10

  • (6/2010) Research paper “Robusta: Taming the Native Beast of the JVM” accepted by CCS ‘10

  • (3/2010) The GoNative project is now sponsored by Google

  • (10/2009) The SOS lab hosted NJPLS

  • (9/2009) The GoNative project is now sponsored by NSF

  • (8/2009) Research paper “Weak updates and separation logic” accepted by APLAS ‘09

  • (7/2009) Research paper “Finding bugs in exceptional situations of JNI programs” accepted by CCS ‘09

  • (6/2009) News article about the lab’s research

  • (6/2009) Research paper about the NJ voting machine study accepted by EVT/WOTE ‘09

  • (12/2008) Former member, Jason Croft, wins Honorable Mention in CRA’s Outstanding Undergradate Award