Gang Tan, Department of Computer Science and Engineering- Lehigh University

Gang Tan (\gäng tan\)

Assistant Professor
Computer Science & Engineering
Lehigh University

[Vita][Contact]

Education I received my B.E. in Computer Science from Tsinghua University, and my Ph.D. in Computer Science from Princeton University advised by Andrew Appel.

Research Interests

I lead the Security of Software (SOS) lab at Lehigh. In general, I am interested in methodologies that help create reliable and secure software systems:

Software security
Programming languages, software engineering

Research Projects

News

(8/20/12) The GoNative project has an openning for a full-time postdoc position. Details are in this page.
(6/11/12) Arabica paper accepted by ESORICS 12.
(1/31/12) RockSalt paper is accepted by PLDI 2012.
(1/17/12) We are glad to open source RockSalt 1.0, which includes a high-fidelity model of a subset of x86 in Coq. See this page.
(1/1/12) I received the NSF Faculty Early Career Development (CAREER) award with the project "User-Space Protection Domains for Compositional Information Security".
(11/13/11) We are glad to release the source code of Robusta 1.0; Please see this page.
Older news...

Teaching

CSE 262, Programming Languages, Spring 13, Fall 12, Spring 12, Fall 11, Fall 10
CSE 334/434, Software System Security, Fall 12, Fall 10, Fall 08
CSE 497, Advanced Programming Languages, Fall 11
CSE 216, Software Engineering, Spring 10, Spring 09
CSE 397/497, Programming Languages Design & Analysis Fall 09

Events involved

CPSS 2012: summer schools on cryptography and principles of software security
OOPSLA 2013; APLAS 2013; CPP 2013; SPIot 2012; Open 64; WWW 2011 (abuse, security and privacy track); SPIoT 2011; OSPL 2011; CHINACOME 2010, CHINACOM 2009 (network and information security symposium);

Please consider submitting papers to the following events

11th Asian Symposium on Programming Languages and Systems Due date: June 14th, 2013.
Certified Programs and Proofs (CPP 2013) Due date: June 7th, 2013.

Selected Recent Publications

Strato: A Retargetable Framework for Low-Level Inlined-Reference Monitors. B. Zeng, G. Tan, U. Erlingsson. In 22nd Usenix Security Symposium, Aug 2013.
Efficient User-Space Information Flow Control. B. Niu and G. Tan. In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2013. [paper]
JATO: Native Code Atomicity for Java. S. Li, Y. Liu and G. Tan. In the 10th Asian Symposium on Programming Languages and Systems (APLAS), Dec 2012. [paper]
Enforcing User-Space Privilege Separation with Declarative Architectures. B. Niu and G. Tan. In The Seventh ACM Workshop on Scalable Trusted Computing (STC), 2012. [paper]
JVM-Portable Sandboxing of Java's Native Libraries. M. Sun and G. Tan. In the 17th European Symposium on Research in Computer Security (ESORICS), Sept. 2012. [paper]
RockSalt: Better, Faster, Stronger SFI for the x86. G. Morrisett, G. Tan, J. Tassarotti, J.B. Tristan, and E. Gan. In ACM Conference on Programming Language Design and Implementation (PLDI '2012), Jun. 2012. [paper]
Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. B. Zeng and G. Tan and G. Morrisett. In 18th ACM Conference on Computer and Communication Security (CCS '11), Oct. 2011. [paper]
JET: Exception checking in the Java Native Interface. S. Li and G. Tan. In ACM SIGPLAN International conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA '11), Oct 2011. [paper]
Weak updates and separation logic. G. Tan, Z. Shao, X. Feng and H. Cai. In the Journal of New Generation Computing, 2011. [paper]
JNI Light: An Operational Model for the Core JNI. G. Tan. In the 8th Asian Symposium on Programming Languages and Systems (APLAS '10), Dec 2010 [paper |tech report]
Robusta: Taming the Native Beast of the JVM. J. Siefers, G. Tan, and G. Morrisett. In the 17th ACM Conference on Computer and Communication Security (CCS '10), Oct. 2010. [paper | presentation ]
Weak updates and separation logic. G. Tan, Z. Shao, X. Feng and H. Cai. In the 7th Asian Symposium on Programming Languages and Systems (APLAS '09), Dec. 2009. [paper |tech report] (note: superseded by the journal version of the paper)
Finding bugs in exceptional situations of JNI programs. S. Li and G. Tan. In the 16th ACM Conference on Computer and Communication Security (CCS '09), Nov. 2009. [paper]
Semantic Foundations for Typed Assembly Languages. A. Ahmed, A. W. Appel, C. D. Richards, G. Tan, and D. C. Wang. ACM Transactions on Programming Languages and Systems (TOPLAS), March 2010. [paper]
The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting Machine. A. W. Appel, M. Ginsburg, H. Hursti, B. W. Kernighan, C. D. Richards, G. Tan, and P. Venetis. In 2009 Electronic Voting Workshop/Workshop on Trustworthy Elections (EVT/WOTE '09), Aug. 2009. [paper | full report | slashdot | video | presentation]
An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security 2008, San Jose, California, USA, July 2008. [paper | technical report | presentation]
ILEA: Inter-Language Analysis across Java and C. G. Tan and G. Morrisett. In ACM SIGPLAN International conference on Object-Oriented Programming, Systems, Languages & Applications (OOPSLA '07), Montreal, Canada, Oct 2007. [paper | presentation]
More publications

Links