William Tolley Visiting Assistant Professor of Computer Science

William Tolley

Parmly Hall 407A
540-458-8809
wtolley@wlu.edu

Education

Education
Ph.D., Computer Science, Arizona State University (2025)
M.S., Computer Science, University of New Mexico (2017)
B.A., Computer Science, Berea College (2014)

Research

Most of my research is centered on lower-level network exploitation, but I am currently investigating violations of non-interference between volatile and non-volatile memory. My work advances Internet freedom by disrupting and subverting complex systems to circumvent authoritarian information controls, such as censorship and surveillance. Using techniques like taint analysis and kernel tracing, I aim to identify ephemeral networking artifacts, particularly those related to censorship tools, which should reside only in volatile memory but may inadvertently or forcibly persist in non-volatile storage. This work is crucial for supporting individuals living under repressive regimes and is supported by Open Technology Fund and the Bureau of Democracy, Human Rights, and Labor.

Teaching

My courses blend theory with hands-on practice, focusing on systems programming, hacking, and reverse engineering. I emphasize real-world applications, guiding students through topics like network security, malware analysis, and intrusion detection. In Computer Organization (CSCI 210), we use assembly to examine how system components are organized and interact, providing a different perspective on system architecture. My Ethical Hacking course covers techniques in binary analysis, forensic analysis, network exploitation, and anonymity tools, as well as the social and political impacts of information controls like the Great Firewall, Stuxnet, and BK-16. Beyond the classroom, I host Capture The Flag competitions and an after-hours Hacking Dojo for collaborative skill-building.

Selected Publications

  • William J. Tolley, Beau Kujath, Mohammad Taha Khan, Narseo Vallina-Rodriguez, Jedidiah R. Crandall. "Blind In/On-Path Attacks and Applications to VPNs." 30th USENIX Security Symposium (USENIX Security 21), August 2021, pp. 3129–3146.
  • William Tolley. "CVE-2019-14899: VPN Traffic Vulnerability in Multiple OSes Enabling Connection Hijacking via Malicious Access Point." MITRE, 2019.
  • William Tolley. "CVE-2019-9461: Remote Information Disclosure in Android Kernel's VPN Routing via Adjacent Network Attack." MITRE, 2019.
  • Antonio M. Espinoza, William J. Tolley, Jedidiah R. Crandall, Masashi Crete-Nishihata, Andrew Hilts. "Alice and Bob, who the {FOCI} are they?: Analysis of end-to-end encryption in the {LINE} messaging application." 7th USENIX Workshop on Free and Open Communications on the Internet (FOCI 17), August 2017, Vancouver, BC.