-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathfullpublications.html
796 lines (594 loc) · 36 KB
/
fullpublications.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN" dir="ltr">
<head profile="http://gmpg.org/xfn/11">
<title>Justin Cappos's Full Publications</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="imagetoolbar" content="no" />
<link rel="stylesheet" href="styles/jout.css" type="text/css" />
</head>
<body id="top">
<div class="wrapper row1">
<div id="header" class="clear">
<div class="fl_right" >
<p><a href="http://nyu.edu/"> <img style="margin-right: 0px; padding-right:
80px;" src="images/nyu.png" alt="NYU Logo" width="200" /></a> <a
href="http://engineering.nyu.edu/"><img style="margin-right: 0px; padding-right: 80px;" src="images/NYU_Tandon_logo.png" alt="NYU Tandon Logo" width="200" /></a></p>
</div>
<div class="fl_left">
<h1 ><a href="index.htm">Prof. Justin Cappos</a></h1>
<p style="color:#FFF; font-size:14px">Professor <br/>
Computer Science & Engineering
</p>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row2">
<div id="topnav">
<ul>
<li class="active"><a href="index.htm">Home</a></li>
<!-- <li><a href="projects.htm">Projects</a></li> -->
<li><a href="publications.htm">Publications</a>
<li><a href="press.htm">Press</a></li>
<li><a href="philosophy.htm">Research Philosophy</a></li>
<li><a href="teaching.htm">Teaching</a></li>
<li><a href="calendar.htm">Calendar</a></li>
</li>
</ul>
<div class="clear"></div>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row4">
<div id="container" class="clear">
<!-- ####################################################################################################### -->
<div id="homepage" class="clear">
<div class="fl_right">
<br/>
<emph><p style="color:#000; font-size:16px">
You can also learn more about my lab's research
on <a href="/publications">the Secure Systems Lab website</a></p></emph>
<br/>
<h2>Conference Papers</h2>
<p><strong>"Rethinking Trust in Forge-Based Git Security"</strong>
<a href="/papers/yelgundhalli_gittuf_ndss_2025.pdf">PDF</a><br/>
A. Yelgundhalli, P. Zielinski, R. Curtmola, J. Cappos. <br/>
To appear at the <em>Network and Distributed System Security (NDSS) Symposium
2025 (NDSS 2025).</em><br/>
San Diego, CA 2025.<br/>
<p><strong>"CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis"</strong>
<a href="/papers/covsbom_issre_2024.pdf">PDF</a><br/>
Y. Zhao, Y. Zhang, D. Chacko, J. Cappos. <br/>
The <em>35th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2024).</em><br/>
Tsukuba, Japan 2024.<br/>
<p><strong>"Securing Automotive Software Supply Chains"</strong>
<a href="/papers/moore_scudo_vehiclesec_2024.pdf">PDF</a><br/>
M. Moore, A. Yelgundhalli, J. Cappos. <br/>
The <em>Symposium on Vehicles Security and Privacy (VehicleSec) 2024.</em><br/>
San Diego, CA 2024.<br/>
<p><strong>"Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems"</strong>
<a href="/papers/moore_artemis_2023.pdf">PDF</a><br/>
M. Moore, T. Kuppusamy, J. Cappos</br>
<em>2023 Annual Computer Security Applications Conference (ACSAC) [Artifact Functional] [Artifact Reusable] [Results Reproduced]</em><br/>
Austin, Texas, 2023.</br>
<strong>Distinguished Paper with Artifacts Award</a></strong></p>
<p><strong>"Bootstrapping Trust in Community Repository Projects"</strong>
<a href="/papers/vaidya_seccomm_commrepos_22.pdf">PDF</a><br/>
S. Vaidya, S. Torres-Arias, R. Curtmola, and J. Cappos<br/>
<em>EAI SecureComm 2022 -- 18th EAI International Conference on Security and Privacy in Communication Networks</em><br/>
Kansas City, Missouri 2022.<br/>
<p><strong>"Cybersecurity shuffle: using card magic to teach introductory cybersecurity topics"</strong>
<a href="/papers/moore_ccscne_shuffle_22.pdf">PDF</a><br/>
P. Moore and J. Cappos<br/>
<em>2022 CCSC-NE Conference</em> (Also appears in the Journal of Computing Sciences in Colleges, Volume 37 Issue 8, April 2022 pp 52-61)
<br/>
Pleasantville, New York 2022.<br/>
<p><strong>"Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings"</strong>(short paper)
<a href="/papers/moore_icsoft_port_22.pdf">PDF</a><br/>
P. Moore, T. Weis, M. Waldman, P. Frankl, J. Cappos. <br/>
The <em>17th International Conference on Software Technologies (ICSOFT 2022)</em><br/>
Lisbon, Portugal 2022.<br/>
<p><strong>"Commit Signatures for Centralized Version Control Systems"</strong>
<a href="/papers/vaidya_centralizedsignatures_ifipsec19.pdf">PDF</a><br/>
S. Vaidya, S. Torres, R. Curtmola, J. Cappos.<br />
The <em>the 34rd International Information Security and Privacy Conference (IFIP SEC 2019).</em><br/>
Lisbon, Portugal 2019</p>
<p><strong>"Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion"</strong>
<a href="/papers/gopstein_thinking_fse2020.pdf">PDF</a><br/>
D. Gopstein, A. L. Fayard, S. Apel, J. Cappos. <br/>
To appear at the <em>2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020) </em><br/>
Sacramento, California 2020.<br/>
<p><strong>"MicroCash: Practical Concurrent Processing of Micropayments"</strong>
<a href="/papers/almashaqbeh_microcash_fc20.pdf">PDF</a><br/>
G. Almashaqbeh, A. Bishop, J. Cappos. <br/>
The <em>Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC 2020).</em><br/>
Kota Kinabalu, Sabah, Malaysia 2020.<br/>
<p><strong>"Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures"</strong>
<a href="/papers/moore_crashsim_issre2019.pdf">PDF</a><br/>
P. Moore, J. Cappos, P. Frankl, T. Wies. <br/>
The <em>30th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2019).</em><br/>
Berlin, Germany 2019.<br/>
<strong>Best Paper Award</strong></p>
<p><strong>"in-toto: providing farm-to-table security properties for bits and bytes"</strong>
<a href="/papers/torres-toto-usenix19.pdf">PDF</a><br/>
S. Torres, H. Nanize, T. Kuppusamy, R. Curtmola, J. Cappos. <br />
The <em>28th USENIX Security Symposium (USENIX Security 2019).</em><br/>
Santa Clara, California 2019</p>
<p><strong>"CAPnet: A Defense Against Cache Accounting Attacks on Content
Distribution Networks"</strong>
<a href="/papers/almashaqbeh_capnet_cns19.pdf">PDF</a><br/>
G. Almashaqbeh, A. Bishop, K. Kelley, J. Cappos. <br />
The <em>IEEE Conference on Communications and Network Security
(IEEE CNS 2019).
</em><br/>
Washington, D.C. 2019</p>
<p><strong>"Commit Signatures for Centralized Version Control Systems"</strong>
<a href="/papers/vaidya_centralizedsignatures_ifipsec19.pdf">PDF</a><br/>
S. Vaidya, S. Torres, R. Curtmola, J. Cappos.<br />
The <em>the 34rd International Information Security and Privacy Conference (IFIP SEC 2019).</em><br/>
Lisbon, Portugal 2019</p>
<p><strong>"API Blindspots: Why Experienced Developers Write Vulnerable Code"</strong>
<a href="/papers/oliveira_blindspots_soups2018.pdf">PDF</a><br/>
D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate,
L. DeLong, J. Cappos, Y. Brun, N. Ebner. <br/>
<em>The Fourteenth Symposium on Usable Privacy and Security
(SOUPS 2018).</em><br/>
Baltimore, Maryland 2018</p>
<p><strong>"Prevalence of Confusing Code in Software Projects - Atoms of
Confusion in the Wild"</strong>
<a href="/papers/gopstein_atomswild_msr_2018.pdf">PDF</a><br/>
D. Gopstein, H. Zhou, P. Frankl, J. Cappos. <br/>
<em>The 15th International Conference on Mining Software
Repositories (MSR 2018).
</em><br/>
Gothenburg, Sweden 2018<br/>
<strong><a href="https://www.sigsoft.org/awards/distinguishedPaperAward.html">ACM SIGSOFT Distinguished Paper Award</a></strong></p>
<p><strong>"Towards Verifiable Web-based Git Repositories"</strong>
<a href="/papers/afzali_asiaccs_2018.pdf">PDF</a><br/>
H. Afzali, S. Torres, R. Curtmola, J. Cappos. <br/>
<em>The ACM Asia Conference on Computer and Communications Security
2018 (AsiaCCS 2018).
</em><br/>
Songdo, Korea 2018</p>
<p><strong>"Four Years Experience: Making Sensibility Testbed Work for
SAS"</strong>
<a href="/papers/zhuang_sensibility_sas_2018.pdf">PDF</a><br/>
Y. Zhuang, A. Rafetseder, R. Weiss, J. Cappos. <br/>
<em>The 2018 IEEE Sensors Applications Symposium (SAS 2018).</em><br/>
Seoul, Korea 2018</p>
<p><strong>"Design of Activity Recognition Systems with Wearable
Sensors"</strong>
<a href="/papers/khokhlov_sensing_sas_2018.pdf">PDF</a><br/>
I. Khokhlov, L. Reznik, J. Cappos, R. Bhaskar. <br/>
<em>The 2018 IEEE Sensors Applications Symposium (SAS 2018).</em><br/>
Seoul, Korea 2018</p>
<p><strong>"Understanding Misunderstandings in Source Code"</strong>
<a href="/papers/gopstein_atoms_fse_2017.pdf">PDF</a><br/>
D. Gopstein, J. Iannacone, Y. Yan, L. Delong, Y. Zhuang, K.C. Yeh, and
J. Cappos. <br/>
<em>The 2017 ACM SIGSOFT Symposium on the Foundations of Software
Engineering (FSE 2017)</em><br/>
Paderborn, Germany 2017<br/>
<strong><a href="https://www.sigsoft.org/awards/distinguishedPaperAward.html">ACM SIGSOFT Distinguished Paper Award</a></strong></p>
<p><strong>"CHAINIAC: Software-Update Transparency via Collectively Signed
Skipchains and Verified Builds"</strong>
<a href="/papers/nikitin_chainiac_usenixsec_2017.pdf">PDF</a><br/>
K. Nikitin, L, Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi,
J. Cappos, B. Ford. <br/>
<em>The 26th USENIX Security Symposium (USENIX Security '17).</em><br/>
Vancouver, CA 2017</p>
<p><strong>"Mercury: Bandwidth-Effective Prevention of Rollback Attacks
Against Community Repositories"</strong>
<a href="/papers/kuppusamy-mercury-usenix-2017.pdf">PDF</a><br/>
T. Kuppusamy, V. Diaz, J. Cappos. <br/>
<em>The 2017 USENIX Annual Technical Conference (USENIX 2017).</em> <br />
Santa Clara, CA 2017.</p>
<p><strong>"Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path"</strong>
<a href="/papers/li_lind_usenix_2017.pdf">PDF</a><br/>
Y. Li, B. Dolan-Gavitt, S. Weber, J. Cappos. <br />
<em>The 2017 USENIX Annual Technical Conference (USENIX 2017).</em> <br />
Santa Clara, CA 2017.</p>
<p><strong>"Practical Fog Computing with Seattle"</strong>
<a href="https://github.com/aaaaalbert/fogwc/raw/SUBMITTED/paper.pdf">PDF</a><br/>
A. Rafetseder, L. Pühringer, and J. Cappos. <br />
<em>Fog World Congress 2017.</em> <br />
Santa Clara, CA 2017.</p>
<p><strong>"Measuring the Fitness of Fitness Trackers"</strong>
<a href="/papers/bender_sas_17.pdf">PDF</a><br/>
C. Bender, J. Hoffstot, B. Combs, S. Hooshangi, J. Cappos. <br />
<em>The 2017 IEEE Sensors Applications Symposium (SAS 2017).</em> <br />
Glassboro, NJ 2017.</p>
<p><strong>"Securing Software Updates for Automobiles"</strong>
<a href="/papers/kuppusamy_escar_16.pdf">PDF</a><br/>
T. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C.
Mott, S. Lauzon, A. Weimerskirch, J. Cappos. <br/>
<em>The 14th ESCAR Europe (ESCAR EU 2016).</em><br/>
Münich, Germany 2016.</p>
<p><strong>"On Omitting Commits and Committing Omissions: Preventing Git
Metadata Tampering That (Re)introduces Software Vulnerabilities"</strong>
<a href="/papers/torres_toto_usenixsec-2016.pdf">PDF</a><br/>
S. Torres-Arias, A. Ammula, R. Curtmola, J. Cappos. <br/>
<em>The 25th USENIX Security Symposium (USENIX Security '16).</em><br/>
Austin, TX 2016
<p><strong>"Diplomat: Using Delegations to Protect Community Repositories."</strong>
<a href="/papers/kuppusamy_nsdi_16.pdf">PDF</a><br/>
T. Kuppusamy, S. Torres-Arias, V. Diaz, J. Cappos. <br/>
<em>The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).</em><br/>
Santa Clara, CA 2016
<p><strong>"Finding Sensitive Accounts on Twitter: An Automated Approach Based
on Follower Anonymity"</strong> <a
href="/papers/Peddinti_ICWSM_2016.pdf">PDF</a> <a href="/papers/Peddinti_arXiv_Twitter_2016.pdf">Longer Version (recommended)</a><br />
S. Peddinti, K. Ross, J. Cappos.<br />
<em>Tenth International AAAI Conference on Web and Social Media (ICWSM 16).</em><br />
Cologne, Germany 2016. <br />
<p><strong>"Detecting Latent Cross-Platform API Violations"</strong>
<a href="/papers/rasley_checkapi_issre2015.pdf">PDF</a><br/>
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi, J. Cappos. <br/>
<em>The 26th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2015).</em><br/>
Gaithersburg, MD 2015.
<p><strong>"A Fast Multi-Server, Multi-Block Private Information Retrieval Protocol."</strong>
<a href="/papers/wang_globecom2015.pdf">PDF</a>
<br/>
L. Wang, T. Kuppusamy, Y. Liu, J. Cappos.<br/>
<em>The IEEE GLOBECOM 2015 Conference.</em><br/>
San Diego, CA 2015.
<p><strong>"Trust Evaluation in Mobile Devices: An Empirical Study."</strong>
<a href="/papers/weiss_trustcom2015.pdf">PDF</a>
<br/>
R. Weiss, L. Reznik, Y. Zhuang, A. Hoffman, A. Rafetseder, T. Li, J. Cappos.<br/>
<em>The IEEE TrustCom 2015 conference.</em><br/>
Helsinki, Finland 2015.
<p><strong>"Fence: Protecting Device Availability With Uniform Resource
Control"</strong>
<a href="/papers/li-usenix-fence-2015.pdf">PDF</a>
<br/>
T. Li, A. Rafetseder, R. Fonseca, J. Cappos. <br />
<em>The 2015 USENIX Annual Technical Conference (USENIX 2015).</em> <br />
Santa Clara, CA 2015.</p>
<p><strong>"Selectively Taming Background Android Apps to Improve Battery Lifetime"</strong>
<a href="/papers/martins-atc15-camera.pdf">PDF</a>
<br/>
M. Martins, J. Cappos, R. Fonseca. <br />
<em>The 2015 USENIX Annual Technical Conference (USENIX 2015).</em> <br />
Santa Clara, CA 2015.</p>
<p><strong>"A First Look at Vehicle Data Collection via Smartphone Sensors"</strong>
<a href="/papers/reininger_sensevis_sas15.pdf">PDF</a>
<br/>
M. Reininger, S. Miller, Y. Zhuang, J. Cappos. <br />
<em>The 2015 IEEE Sensors Applications Symposium (SAS 2015).</em> <br />
Zadar, Croatia 2015.</p>
<p><strong>"Can the Security Mindset Make Students Better Testers?" </strong>
<a href="/papers/hooshangi_sigcse15.pdf">PDF</a>
<br/>
S. Hooshangi, R. Weiss, J. Cappos. <br />
<em>The 46th Technical Symposium of the ACM Special Interest
Group for Computer Science Education (SIGCSE '15).</em> <br />
Kansas City, MO 2015.</p>
<p><strong>"It's the Psychology Stupid: How Heuristics Explain Software
Vulnerabilities and How Priming Can Illuminate Developer's Blind
Spots."</strong>
<a href="/papers/oliveira_puzzles_acsac_2014.pdf">PDF</a>
<br />
D. Oliveira, M. Rosenthal, N. Morin, K. Yeh, J. Cappos, Y. Zhuang.<br />
<em>The 30th Annual Computer Security Applications Conference
(ACSAC 2014).</em><br />
New Orleans, LA 2014<br />
<p><strong>"On the Internet, nobody knows you're a dog": A Twitter
Case Study of Anonymity in Social Networks.</strong> <a
href="/papers/peddinti_cosn_14.pdf">PDF</a><br />
S. Peddinti, K. Ross, J. Cappos.<br />
<em>The Conference on Online Social Networks (COSN'14).</em><br />
Dublin, Ireland 2014. <br />
<p><strong>"NetCheck: Network Diagnoses from Blackbox Traces."</strong> <a href="/papers/zhuang_netcheck_nsdi_14.pdf">PDF (recommended)</a> <a HREF="/papers/tr-cse-2013-03.pdf">Detailed Anaylsis</a><br />
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad,
I. Beschastnikh, J. Cappos. <br />
<em>The 11th USENIX Symposium on Networked Systems Design & Implementation (NSDI '14).</em><br />
Seattle, WA 2014. <br />
<p><strong>"BlurSense: Dynamic Fine-Grained Access Control for Smartphone Privacy"</strong> <a href="/papers/cappos_blursense_sas_14.pdf">PDF</a><br />
J. Cappos, L. Wang, R. Weiss, Y. Yang, Y. Zhuang. <br />
<em>The 2014 IEEE Sensors Applications Symposium (SAS 2014).</em> <br />
Queenstown, New Zealand 2014.</p>
<p><strong>"Teaching the Security Mindset With Reference Monitors" </strong><a href="/papers/cappos_refmonitor_sigcse_14.pdf">PDF</a><br />
J. Cappos, R. Weiss. <br />
<em>The 45th Technical Symposium of the ACM Special Interest
Group for Computer Science Education (SIGCSE '14).</em> <br />
Atlanta, GA 2014.</p>
<p><strong>"Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates." </strong><a href="/papers/cappos_uppir_fc_13.pdf">PDF</a> <a href="/papers/tr-cse-2013-01.pdf">Extended TR (recommended)</a></strong><br />
J. Cappos. <br />
<em>Financial Cryptography and Data Security 2013 (FC '13).</em><br />
Okinawa, Japan 2013.</p>
<p><strong>"Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code." </strong><a href="/papers/cappos_seattle_ccs_10.pdf">PDF</a><br />
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson. <br />
<em>The 17th ACM Conference on Computer and Communications Security (CCS '10).</em> <br />
Chicago, IL, 2010.</p>
<p><strong>"Survivable Key Compromise in Software Update Systems." </strong><a href="/papers/samuel_tuf_ccs_2010.pdf">PDF</a><br />
J. Samuel, N. Mathewson, J. Cappos, R. Dingledine.<br />
<em>The 17th ACM Conference on Computer and Communications Security (CCS '10).</em> <br />
Chicago, IL, 2010.<br />
<strong>Finalist for <a href="http://www.poly.edu/csaw-research">2010 AT&T Award for Best Applied Security Research Paper</a></strong></p>
<p><strong>"Rhizoma: a runtime for self-deploying, self-managing overlays."</strong> <a href="/papers/yin_rhizoma_middleware_09.pdf">PDF</a><br />
Q. Yin, A. Schupbach, J. Cappos, A. Baumann, T. Roscoe. <br />
<em>The 10th International Middleware Conference (MIDDLEWARE '09).</em> <br />
Urbana Champagne, IL USA, November 2009</p>
<p><strong>"Seattle: A Platform for Educational Cloud Computing." </strong><a href="/papers/cappos_seattle_sigcse_2009.pdf">PDF</a><br />
J. Cappos, I. Beschastnikh, A. Krishnamurthy, T. Anderson. <br />
<em>The 40th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '09).</em> <br />
Chattanooga, TN USA, March 2009</p>
<p><strong>"A Look In the Mirror: Attacks on Package Managers." </strong><a href="/papers/cappos_mirror_ccs_08.pdf">PDF</a><br />
J. Cappos, J. Samuel, S. Baker, J. Hartman. <br />
<em>The 15th ACM Conference on Computer and Communications Security (CCS '08).</em> <br />
Alexandria, VA, 2008.</p>
<p><strong>"San Fermin: Aggregating Large Data Sets using Dynamic Binomial Trees." </strong><a href="/papers/cappos_sanfermin_nsdi_08.pdf">PDF</a><br />
J. Cappos, J. Hartman. <br />
<em>The 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08).</em><br />
San Francisco, CA, 2008. <br />
<strong>Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department</strong> (superceeding University of Arizona Tech Report 07-01)</p>
<p><strong>"Stork: Package Management for Distributed VM Environments." </strong><a href="/papers/cappos_stork_lisa_07.pdf">PDF</a><br />
J. Cappos, S. Baker, J. Plichta, D. Nyugen, J. Hardies, M. Borgard, J. Johnston, J. Hartman. <br />
<em>The 21st Large Installation System Administration Conference (LISA 2007).</em> <br />
Dallas, TX, 2007. (superceeding University of Arizona Tech Report 07-02)</p>
<p><strong>"Simultaneous Graph Embedding with Bends and Circular Arcs." </strong><a href="/papers/cappos_simemb_gd_06.pdf">PDF</a><br />
J. Cappos, A. Estrella-Balderrama, J. Fowler, S. Kobourov. <br />
<em>14th International Symposium on Graph Drawing (GD 2006).</em> <br />
Karlsruhe, Germany, 2006</p>
<p><strong>"Proper: Privileged Operations in a Virtualised System Environment." </strong><a href="/papers/muir_proper_usenix05short_2005.pdf">PDF</a><br />
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman.<br />
<em>USENIX '05 Annual Technical Conference.</em><br />
Anaheim, CA, 2005.</p>
<p><strong> "Collaboration with DiamondTouch." </strong><a href="/papers/kobourov_diamondtouch_interact_05.pdf">PDF</a><br />
S. Kobourov, K. Pavlou, J. Cappos, M. Stepp, M. Miles, A. Wixted, <br />
<em>The Tenth IFIP TC13 International Conference on Human-Computer Interaction (INTERACT 2005).</em> <br />
Rome, Italy, 2005</p>
<hr/>
<h2>Workshop / Demo Papers</h2>
<p><strong>"EdgeNet, a Production Internet-Scale Container-Based Distributed System Testbed."</strong> (Demonstration paper)<br/>
B. C. Senel, M, Mouchet, J. Cappos, T. Friedman, O. Fourmaux, R. McGeer.<br/>
<em>42nd IEEE International Conference on Distributed Computing Systems (ICDCS 2022)</em><br/>
July 2022.
<p><strong>"Federating EdgeNet with Fed4FIRE+ and Deploying its Nodes Behind NATs."</strong><br/>
B. C. Senel, M, Mouchet, J. Cappos, T. Friedman, O. Fourmaux, R. McGeer.<br/>
<em>SLICES ``Scientific Instruments to support digital infrastructure science'' workshop (Co-located with the International Federation for Information Processing (IFIP) Networking 2022 Conference)</em><br/>
June 2022.
<p><strong>"EdgeNet: Building a Testbed as a Global Kubernetes Cluster."</strong><a href="/papers/senel_edgenet_cnert_2021.pdf">PDF</a>
<br />
B. C. Senel, M, Mouchet, J. Cappos, O. Fourmaux, T. Friedman, R. McGeer. <br />
<em>IEEE INFOCOM WKSHPS: CNERT: Computer and Networking Experimental Research
using Testbeds</em><br />
May 2021.
<p><strong>"EdgeNet: A Multi-Tenant and Multi-Provider Edge Cloud."</strong><a href="/papers/senel_edgenet_edgesys_2021.pdf">PDF</a>
<br />
B. C. Senel, M, Mouchet, J. Cappos, O. Fourmaux, T. Friedman, R. McGeer. <br />
The <em>Fourth International Workshop of Edge Systems, Analytics and Networking
(EdgeSys'21)</em><br />
April 2021.
<strong>Best Paper Award</strong></p>
<p><strong>"Shared internet-scale measurement platforms."</strong><a href="/papers/senel_edgenet_wombir_2021.pdf">PDF</a>
<br />
B. C. Senel, M, Mouchet, J. Cappos, O. Fourmaux, T. Friedman, R. McGeer. <br />
The <em>NSF Workshop on Overcoming Measurement Barriers to Internet Research
(WOMBIR-2021)</em><br />
January 2021.</p>
<p><strong>"ABC: A Cryptocurrency-Focused Threat Modeling Framework."
</strong> <a href="/papers/abc-material.zip">Supplemental Material</a>
<br />
G. Almashaqbeh, A. Bishop, J. Cappos. <br />
<em>The IEEE Workshop on Cryptocurrencies and Blockchains For Distributed
Systems (CryBlock 2019)</em><br />
Paris, France, April 2019.</p>
<p><strong>"Sensibility Testbed: Automated IRB Policy Enforcement in
Mobile Research Apps."</strong> <a href="/papers/zhuang_sensibility_hotmobile_2018.pdf">PDF</a> <br />
Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, J. Cappos. <br />
<em>The Nineteenth International Workshop on Mobile Computing Systems and
Applications (HotMobile 2018)</em><br />
Tempe, AZ, February 2018.</p>
<p><strong>"Vulnerabilities as Blind Spots in Developer's Heuristic-Based
Mental Models."</strong> <a href="/papers/cappos_nspw_2014.pdf">PDF</a> <br />
J. Cappos, Y. Zhuang, D. Oliveira, M. Rosenthal and K.C. Yeh. <br />
<em>The New Security Paradigms Workshop (NSPW'14)</em><br />
Victoria, BC, Canada, September 2014.</p>
<p><strong>"Experience with Seattle: A Community Platform for Research and Education"</strong> <a href="/papers/zhuang_seattle_gree_13.pdf">PDF</a><br />
Y. Zhuang, A. Rafetseder, J. Cappos. <br />
<em>The Second GENI Research and Educational Workshop.</em> <br />
Salt Lake City, USA, March 2013. </p>
<p><strong>"Sensorium - The Generic Sensor Framework."</strong> <a href="/papers/rafetseder_sensorium_pik_13.pdf">1 page (PDF)</A> <a href="/papers/rafetseder_sensorium_netsys_13.pdf">Networked Systems Demo (PDF)</A><br />
A. Rafetseder, F. Metzger, L. Pühringer, K. Tutschku, Y. Zhuang, J. Cappos<br />
<em>PIK 2013.</em><br />
Stuttgart, Germany 2013.</p>
<p><strong>"Towards a Representative Testbed: Harnessing Volunteers for Networks Research"</strong> <a href="/papers/muhammad_seattle_geni_12.pdf">PDF</a><br />
M. Muhammad, J. Cappos. <br />
<em>The First GENI Research and Educational Workshop.</em><br />
Los Angeles, CA, USA, March 2012. </p>
<p><strong>"Lind: Challenges turning virtual composition into reality"</strong> <a href="/papers/matthews_etal.pdf">PDF</a><br />
C. Matthews, J. Cappos, R. McGeer, S. Neville, Y. Coady. <br />
<em>Workshop on Free Composition (FREECO '11).</em> <br />
Portland, OR, USA, October 2011. </p>
<p><strong>"ET (Smart) Phone Home!"</strong> <a href="/papers/collares_ET_neat_11.pdf">PDF</a><br />
L. Collares, C. Matthews, J. Cappos, Y. Coady, R. McGeer. <br />
<em>Workshop on NExt-generation Applications of smarTphones (NEAT '11).</em> <br />
Portland, OR, USA, October 2011. </p>
<p><strong>"NanoXen : Better Systems Through Rigorous Containment and Active Modeling."</strong> <a href="/papers/matthews_nanoxen_savcbs_10.pdf">PDF</a><br />
C. Matthews, J. Cappos, Y. Coady, J. Hartman, J. Jacky, R. McGeer. <br />
<em>The Ninth Workshop on Specification and Verification of Component-Based Systems (SAVCBS '10). </em><br />
Santa-Fe, NM, USA, November 2010. </p>
<p><strong>"Model-based testing without a model: assessing portability in the Seattle testbed." </strong><a href="/papers/cappos_nomodel_ssv_10.pdf">PDF</a><br />
J. Cappos, J. Jacky, <br />
<em>The Fifth Workshop on Systems Software Verification (SSV '10).</em> <br />
Vancouver, BC, Canada, October, 2010.</p>
<p><strong>"Dependable Self-Hosting Distributed Systems Using Constraints." </strong><a href="/papers/yin_rhizoma_hotdep_08.pdf">PDF</a><br />
Q. Yin, J. Cappos, A. Baumann, T. Roscoe, <br />
<em>Proceedings of the Fourth Workshop on Hot Topics in Systems Dependability (HotDep 2008).</em><br />
San Diego, CA, USA, December 7, 2008.</p>
<p><strong>"Net-X: Unified Data-Centric Internet Services." </strong><a href="/papers/rao_netx_netdb_07.pdf">PDF</a><br />
P. Rao, J. Cappos, V. Khare, B. Moon, B. Zhang, <br />
<em>NetDB: Workshop On Networking Meets Databases (2007).</em> <br />
Cambridge, MA, April 2007</p>
<p><strong>"Why It Is Hard to Build a Long Running Service on Planetlab." </strong><a href="/papers/cappos_service_worlds_05.pdf">PDF</a><br />
J. Cappos, J. Hartman, <br />
<em>Workshop on Real Large Distributed Systems (WORLDS 2005).</em> <br />
San Francisco, CA, December 2005. </p>
<p><strong>"Trees on Tracks." </strong><a href="/papers/cappos_trees_fwcg_04.pdf">PDF</a><br />
J. Cappos, S. Kobourov. <br />
<em>14th Annual Fall Workshop on Computational Geometry.</em><br />
MIT, Cambridge, MA, 2004.</p>
<hr/>
<h2>Selected Journal Articles, Magazine Articles, and Tech Reports</h2>
<p><strong>"Multitenant Containers as a Service (CaaS) for Clouds and Edge Clouds" </strong> <br />
B. C. Senel, M, Mouchet, J. Cappos, T. Friedman, O. Fourmaux, R. McGeer.<br/>
<em>IEEE Access</em> 2023 Volume 11 on pages 144574-144601<br />
December 2023</p>
<p><strong>"Towards Verifiable Web-based Code Review Systems" </strong> <br />
H. Afzali, S. Torres-Arias, R. Curtmola, and J. Cappos<br/>
The <em>Journal of Computer Security</em><br />
Accepted July 1st, 2022</p>
<p><strong>"Using a Dual-Layer Specification to Offer Selective Interoperability for Uptane" </strong> <a href="/papers/moore_pouf_2020.pdf">PDF</a><br />
M. Moore, J, Cappos, I, McDonald, A. Weimerskirch and S. Awwad.
<em>ESCAR USA 2020 Special Issue in the SAE International Journal for Transportation Cybersecurity and Privacy.</em><br />
August 2020, p113-129</p>
<p><strong>"Towards Adding Verifiability to Web-based Git Repositories" </strong> <a href="/papers/afzali-webgit-jcs20.pdf">PDF</a><br />
H. Afzali, S. Torres-Arias, R. Curtmola, and J. Cappos<br/>
<em>The Journal of Computer Security (JCS)</em><br />
April 2020, pp 1-32.</p>
<p><strong>"EdgeNet: A Global Cloud That Spreads by Local Action"</strong><br/>
J. Cappos, M. Hennings, R. McGeer, A. Rafetseder, and G. Ricart.<br/>
Short paper / demo at the <em>Third ACM/IEEE Symposium on Edge Computing
(SEC 2018)</em>
<p><strong>"Tsumiki: A Meta-Platform for Building Your Own Testbed" </strong> <a href="/papers/cappos_tsumiki_tpds2018.pdf">PDF</a><br />
J. Cappos, Y. Zhuang, A. Rafetseder, I. Beschastnikh. <br />
<em>Transactions on Parallel and Distributed Systems</em><br />
Volume 29 Issue 12, December 2018. </p>
<p><strong>"User Anonymity on Twitter" </strong> <a href="/papers/peddinti_ieeemag_2017.pdf">PDF</a><br />
S. T. Peddinti and K. W. Ross and J. Cappos. <br />
<em>IEEE Security & Privacy</em> May/June 2017.<br />
pages 84-87, 2017.</p>
<p><strong>"Securing Software Updates for Automotives Using Uptane" </strong> <a href="/papers/kuppusamy_login_2017.pdf">PDF</a><br />
T. Kuppusamy, L. Delong, J. Cappos. <br />
<em>;login:</em><br />
Summer, 2017.</p>
<p><strong>"Tsumiki: A Meta-Platform for Building Your Own Testbed" </strong> <a href="/papers/zhuang-tr-cse-2015-01.pdf">PDF</a><br />
J. Cappos, Y. Zhuang, A. Rafetseder, I. Beschastnikh. <br />
<em>Technical Report</em><br />
2015.</p>
<p><strong>"Privacy-Preserving Experimentation with Sensibility Testbed" </strong> <a href="/papers/zhuang_sensibility_login_2015.pdf">PDF</a><br />
Y. Zhuang, A. Rafetseder, J. Cappos. <br />
<em>;login:</em><br />
pages 18-21, August, 2015.</p>
<p><strong>"PolyPasswordHasher: Improving Password Storage Security" </strong> <a href="/papers/torres_pph_login_2014.pdf">PDF</a><br />
S. Torres, J. Cappos. <br />
<em>;login:</em><br />
pages 18-21, December, 2014.</p>
<p><strong>"Future Internet Bandwidth Trends: An Investigation on Current and
Future Disruptive Technologies."</strong> <a href="/papers/tr-cse-2013-04.pdf">PDF</a><br />
Y. Zhuang, J. Cappos, T. S. Rappaport and R. McGeer<br />
<em>NYU Poly Computer Science Tech Report TR-CSE-2013-04.</em>2013.</p>
<p><strong>"ToMaTo: A Virtual Research Environment for Large Scale Distributed
Systems Research."</strong> <a href="/papers/mueller_tomato_pik_14.pdf">PDF</a><br />
P. Müller, D. Schwerdel, J. Cappos. <br />
<em>PIK</em> 2014.</p>
<p><strong>"PEP 458 -- Surviving a Compromise of PyPI"</strong> <a href="http://legacy.python.org/dev/peps/pep-0458/">PDF</a><br />
T. Kuppusamy, D. Stufft, J. Cappos. <br />
Python Enhancement Proposal 458, Sep. 2013.
<p><strong>"Understanding Password Database Compromises."</strong> <a href="/papers/tr-cse-2013-02.pdf">PDF</a><br />
D. Mirante, J. Cappos. <br />
<em>NYU Poly Computer Science Tech Report TR-CSE-2013-02.</em>2013.</p>
<p><strong>"Hands-on Internet with Seattle and Computers from Across the Globe."</strong> <a href="/papers/wallace_JCSC_seattle_2011.pdf">PDF</a><br/>
S. Wallace, M. Muhammad, J. Mache, J. Cappos<br/>
<em>Journal of Computing Sciences in Colleges</em><br/>
Volume 27 Issue 1, October 2011.
</p>
<p><strong>"TUF: Secure Software Updates in Python."</strong>
<a href="http://blip.tv/pycon-us-videos-2009-2010-2011/pycon-2011-tuf-secure-software-updates-in-python-4898775">Talk</a><br />
G. Condra, J. Cappos. <br />
<em>The Python Developer's Conference (PyCon '11).</em><br />
Atlanta, GA, March 2011
</p>
<p><strong>"Seattle: A Python-based Platform for Easy Development and Deployment of Networked Systems and Applications."</strong>
<a href="http://python.mirocommunity.org/video/1485/pycon-2010-seattle-a-python-ba">Talk</a><br />
I. Beschastnikh, J. Samuel, J. Cappos. <br />
<em>The Python Developer's Conference (PyCon '10).</em><br />
Atlanta, GA, February 2010<br /> </p>
<p><strong>"Package Managers Still Vulnerable: How to Protect Your Systems." </strong><a href="/papers/samuel_pm_login_09.pdf">PDF</a><br />
J. Samuel, J. Cappos. <br />
<em>;login:</em><br />
pages 7-15, February, 2009.</p>
<p><strong>"Simultaneous Graph Embedding with Bends and Circular Arcs." </strong><a href="/papers/cappos_simemb_gd_06.pdf">PDF</a><br />
J. Cappos, A. Estrella-Balderrama, J. Fowler, S. Kobourov. <br />
<em>Computational Geometry</em><br />
Volume 42, Issue 2, February 2009, pages 173-182.</p>
<p><strong>"Stork: Secure Package Management for VM Environments." </strong><a href="/papers/cappos_stork_dissertation_08.pdf">PDF</a><br />
J. Cappos. <br />
<em>Dissertation</em><br />
supervised by John H. Hartman, May, 2008. (also University of Arizona Tech Report 08-04)</p>
<p><strong>"Centralized Package Management Using Stork."</strong> <a href="/papers/samuel_centralpm_login_08.pdf">PDF</a><br />
J. Samuel, J. Plichta, J. Cappos. <br />
<em>;login:</em> <br />
pages 25-31, February, 2008. <br />
<strong>Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department</strong></p>
<p><strong>"Privileged Operations in a Virtualised System Environment." </strong><a href="/papers/muir_proper_osr_06.pdf">PDF</a><br />
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman. <br />
<em>Operating Systems Review Volume 40, Issue 1,</em><br />
pages 75-88, 2006.</p>
<p><strong>"Package Management Security."</strong> <a href="/papers/cappos_pmsec_tr08-02.pdf">PDF</a><br />
J. Cappos, J. Samuel, S. Baker, J. Hartman. <br />
<em>University of Arizona Tech Report 08-02.</em>2008.</p>
<p><strong>"Cost-aware view materialization for highly distributed datasets."</strong> <a href="/papers/cappos_seaweed_TR07-05.pdf">PDF</a><br />
J. Cappos, A. Donnelly, R. Mortier, D. Narayanan, A. Rowstron. <br />
<em>University of Arizona Tech Report 07-05.</em>2007.</p>
<p><strong>"A Resource Allocation Framework for Global Service-Oriented Networks." </strong><a href="/papers/cappos_backs_TR05-02.pdf">PDF</a><br />
J. Cappos, J. Hartman. <br />
<em>University of Arizona Tech Report 05-02.</em>2005.</p>
<p><strong>"Animating Data Structures for CS 2 and CS 3 Courses."</strong> <a href="/papers/cappos_dscats_tr_01.pdf">PDF</a><br />
J. Cappos, P. Homer, <br />
<em>University of Arizona Tech Report 01-02.</em> 2001</p>
</div>
<div class="fl_left">
<h2 class="title">Quick Links</h2>
<div id="hpage_quicklinks">
<ul class="clear">
<li> <a href="/">Secure Systems Lab</a>
<hr/>
<li><a href="http://engineering.nyu.edu/academics/departments/computer-science-engineering">Department of Computer Science and Engineering</a></li>
<li> <a href="http://engineering.nyu.edu/business/future-labs">NYU's Incubators</a>
<!-- <li><a href="http://nyuwireless.com/">NYU WIRELESS</a></li>
<li> <a href="http://catt.poly.edu/">New York State Center for Advanced Technology in Telecommunications</a>
<li> <a href="http://www.nycmedialab.org/">NYC Media Lab</a>
-->
</ul>
</div>
<div id="hpage_socialize">
<h2 class="title">Contact</h2>
<ul id="contact-info">
<li> Phone: (646) 997 3116</li>
<br/>
<li> Email: <a href="mailto:[email protected]">[email protected]</a></li>
<li><a href="justincappos.pgp-pubkey.asc">PGP/GPG key</a> </li>
<i><li>fingerprint E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A</li></i>
</ul>
<br/> <br/>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="clear"></div>
</div>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row5">
<div id="copyright" class="clear">
<div id="copyright" class="clear">
<hr/>
<p style="color:#000;padding:15px 0;
border-top:0px solid ##522E91;"class="fl_left">
This work was supported in part by the NSF (under grants 0966187, 0834243,
1345049, 1223588, 1205415, 1241568, 1241653, 0937157, 1405904, 1405907,
1407161, and 1444827), Time Warner Cable,
CATT, the GPO, the NYC Media Lab, CRISSP, the NW-DCSD project, AIG, DARPA,
DHS, and
NYU WIRELESS. The
views and conclusions contained in this document are those of the authors and
should not be interpreted as necessarily representing the official policies,
either expressed or implied, of any of the sponsors.
</br>
</p>
</div>
<!-- ####################################################################################################### -->