Rate My Professor Tiffany Bao

Tiffany Bao is an Associate Professor in the School of Computing and Augmented Intelligence within the Ira A. Fulton Schools of Engineering at Arizona State University. She also serves as Associate Director of Research Acceleration at the Center for Cybersecurity and Trusted Foundations. Bao earned her Ph.D. from Carnegie Mellon University, supported by the Carnegie Mellon University Presidential Fellowship. Her graduate work concentrated on cyber autonomy and security engineering.

Bao specializes in software security, automated binary analysis techniques, and autonomous game-theoretical cybersecurity strategies. Her research develops AI-powered tools like SE-bot for vulnerability detection, reverse engineering of cyberphysical systems, and defenses against sophisticated attacks. She leads the Laboratory of Security Engineering for Future Computing (SEFCOM) and contributes to projects enhancing national security, including DARPA initiatives and the AI Cyber Challenge. Career highlights include her 2019 NSA Best Scientific Cybersecurity Paper Award for the paper 'How Shall We Play a Game? A Game-theoretical Model for Cyberwarfare Games' presented at the 2017 IEEE Computer Security Foundations Symposium. In 2025, she received the NSF CAREER Award for 'Achieving Autonomous Symbolic Execution through Learning from Humans,' focusing on AI-driven symbolic execution. Key publications include 'CrawlPhish: Large-Scale Analysis of Client-Side Cloaking Techniques Used in Phishing' (2022), 'Expected Exploitability: Predicting the Development of Weaponizable Vulnerabilities' (USENIX Security 2022), 'Greenhouse: Single-Service Rehosting of Linux-Based Containers' (USENIX Security 2023), 'ViK: Practical Mitigation of Temporal Memory Safety Violations' (2022), and contributions to cyber deception literature. Bao has presented seminars, such as at Carnegie Mellon University's CyLab, and serves on program committees like RAID 2025. Her open-source tools and theoretical models significantly impact cybersecurity practices, fostering faster, trustworthy defenses.