Education I received my B.E. in
Computer Science from Tsinghua University, and my Ph.D. in Computer Science from
Princeton University advised by Andrew Appel.
I lead the Security of Software (SOS) lab at Lehigh. In general, I am interested in methodologies that
help create reliable and secure software systems:
- Software security
- Programming languages, software engineering
- (8/20/12) The GoNative project has an openning for a full-time postdoc position. Details are in this page.
- (6/11/12) Arabica paper accepted by ESORICS 12.
- (1/31/12) RockSalt paper is accepted by PLDI 2012.
- (1/17/12) We are glad to open source RockSalt 1.0, which includes a high-fidelity model of a subset of x86 in Coq. See this page.
- (1/1/12) I received the NSF Faculty Early Career Development (CAREER) award with the project "User-Space Protection Domains for Compositional Information Security".
- (11/13/11) We are glad to release the source code of Robusta 1.0;
Please see this page.
- Older news...
- CSE 262, Programming Languages, Spring 13, Fall 12, Spring 12, Fall 11, Fall 10
- CSE 334/434, Software System Security, Fall 12, Fall 10, Fall 08
- CSE 497, Advanced Programming Languages, Fall 11
- CSE 216, Software Engineering, Spring 10, Spring 09
- CSE 397/497, Programming Languages Design & Analysis Fall 09
Please consider submitting papers to the following events
Selected Recent Publications
- Strato: A Retargetable Framework for Low-Level Inlined-Reference Monitors. B. Zeng, G. Tan, U. Erlingsson. In 22nd Usenix Security Symposium, Aug 2013.
- Efficient User-Space Information Flow Control. B. Niu and G. Tan. In the
8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2013.
- JATO: Native Code Atomicity for Java. S. Li, Y. Liu and G. Tan. In the 10th Asian Symposium on Programming Languages and Systems (APLAS), Dec 2012.
- Enforcing User-Space Privilege Separation with Declarative Architectures. B. Niu and G. Tan. In The Seventh ACM Workshop on Scalable Trusted Computing (STC), 2012.
- JVM-Portable Sandboxing of Java's Native Libraries. M. Sun and G. Tan. In the 17th European Symposium on Research in Computer Security (ESORICS), Sept. 2012.
- RockSalt: Better, Faster, Stronger SFI for the x86. G. Morrisett, G. Tan, J. Tassarotti, J.B. Tristan, and E. Gan. In ACM Conference on Programming Language Design and Implementation (PLDI '2012), Jun. 2012.
- Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. B. Zeng and G. Tan and G. Morrisett. In 18th ACM Conference on Computer and Communication Security (CCS '11), Oct. 2011.
- JET: Exception checking in the Java Native Interface. S. Li and G. Tan. In ACM SIGPLAN International conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA '11), Oct 2011.
- Weak updates and separation logic. G. Tan, Z. Shao, X. Feng and H. Cai. In the Journal of New Generation Computing, 2011.
- JNI Light: An Operational Model for the Core JNI. G. Tan. In the 8th Asian Symposium on Programming Languages and Systems (APLAS '10), Dec 2010
- Robusta: Taming the Native Beast of the JVM. J. Siefers, G. Tan, and G. Morrisett. In the 17th ACM Conference on Computer and Communication Security (CCS '10), Oct. 2010.
- Weak updates and separation logic. G. Tan, Z. Shao, X. Feng and H. Cai. In the 7th Asian Symposium on Programming Languages and Systems (APLAS '09), Dec. 2009.
|tech report] (note: superseded by the journal version of the paper)
- Finding bugs in exceptional situations of JNI programs. S. Li and G. Tan. In the 16th ACM Conference on Computer and Communication Security (CCS '09), Nov. 2009.
- Semantic Foundations for Typed Assembly Languages.
A. Ahmed, A. W. Appel, C. D. Richards, G. Tan, and D. C. Wang.
ACM Transactions on Programming Languages and Systems (TOPLAS), March 2010.
- The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting Machine.
A. W. Appel, M. Ginsburg, H. Hursti, B. W. Kernighan, C. D. Richards, G. Tan, and P. Venetis.
In 2009 Electronic Voting Workshop/Workshop on Trustworthy Elections (EVT/WOTE '09), Aug. 2009.
| full report
- An Empirical Security Study of the Native Code in the JDK.
G. Tan and J. Croft. In USENIX Security 2008,
San Jose, California, USA, July 2008.
| technical report
- ILEA: Inter-Language Analysis across Java and C.
G. Tan and G. Morrisett.
In ACM SIGPLAN International conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA '07), Montreal, Canada, Oct 2007.
- More publications