Xi Tan

Assistant Professor (xtan4 AT uccs.edu)
University of Colorado Colorado Springs, Colorado Springs, CO, USA
Secure and Reliable System Research Lab
Office: Cybersecurity Building A-120J

I am an assistant professor in the Department of Computer Science at University of Colorado Colorado Springs (UCCS). I lead the SecUre aNd RelIable System rEsearch Lab (SUNRISE). The lab aims to enhance the security and reliability of systems through novel solutions at the compiler, OS, and communication layers. We target systems that include microcontroller- and microprocessor-based platforms. We explore various types of cybersecurity challenges, including but not limited to control-flow integrity, side-channel attacks, and usability issues.

I completed my Ph.D. in Computer Science and Engineering in 2024 under the supervision of Prof. Ziming Zhao at the Department of Computer Science & Engineering, University at Buffalo. During my phd, I worked on the security of embedded systems, focusing on the ARM Cortex-M architecture. I have published papers in top-tier security conferences, including ACM CCS, IEEE RTAS, and DAC.

In addition, I received my M.S. degree from the Institute of Information Engineering, Chinese Academy of Sciences, and my B.S. degree from Jilin University, China. My master's thesis focused on virtual machine introspection and its application in malware detection. My undergraduate thesis examined data steganography.

I am looking for self-motivated students who are interested in working with me. Please check details here.

Research interests (CV):

  • (Embedded) System Security
  • Software Security
  • Program Analysis and Compiler
  • Vulnerability Discovery
  • News

    Jan 20, 2025

    [Teaching] Xi serves as the instructor of CS 2160 Comp Org & Assembly Language and CS 4910 Intro to Computer Security.

    Dec 13, 2024

    [Service] Xi serves as a reviewer of TCPS 2025.

    Aug 26, 2024

    [Teaching] Xi serves as the instructor of CS 5220 Computer Communication.

    Aug 22, 2024

    [Service] Xi serves as a committee member of the UCCS PhD Cybersecurity program.

    Aug 19, 2024

    [Job] Xi joined the University of Colorado Colorado Springs as an Assistant Professor!

    May 13, 2024

    [Paper] New paper entitled "SoK: Where's the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems" will appear in USENIX WOOT '24! Check out the open-source repo [here]!

    Dec 12, 2023
    Nov 15, 2023

    [Paper] New paper entitled "Is the Canary Dead? On the Effectiveness of Stack Canaries on Microcontroller Systems" will appear in SAC'24!

    Aug 10, 2023

    [Paper] New paper entitled "SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems" will appear in CCS'23! Check out the open-source repo [here]!

    Apr 26, 2023

    [CTF] Team Cacti (Zheyuan Ma, Gaoxiang Liu, Xi Tan, Md Armanuzzaman, Trevor Schupbach, Safayat Bin Hakim, Sagar Mohan, and Hiu Laam Chau) advised by Dr. Zhao and Dr. Hu placed 4th in MITRE eCTF 2023! Check out our open-source repo [here]!

    Feb 27, 2023

    [Paper] New paper entitled "Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense" will appear in DAC'23! Check out our open-source repo [here]!

    Selected Publications

    1. SoK: Where's the ``up''?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

      USENIX WOOT Conference on Offensive Technologies, 2024

    2. InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System
      Yujie Wang, Cailani Lemieux Mack, Xi Tan, Ning Zhang , Ziming Zhao, Sanjoy Baruah, and Bryan C. Ward.

      IEEE Real-Time and Embedded Technology and Applications Symposium, 2024

      PDF
    3. SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems
      Xi Tan, and Ziming Zhao.

      ACM SIGSAC Conference on Computer and Communications Security (CCS), 2023

    4. Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense

      ACM/IEEE Design Automation Conference, 2023