-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathpublications.htm
407 lines (310 loc) · 17.4 KB
/
publications.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN" dir="ltr">
<head profile="http://gmpg.org/xfn/11">
<title>Justin Cappos's Publications</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="imagetoolbar" content="no" />
<link rel="stylesheet" href="styles/jout.css" type="text/css" />
</head>
<body id="top">
<div class="wrapper row1">
<div id="header" class="clear">
<div class="fl_right" >
<p><a href="http://nyu.edu/"> <img style="margin-right: 0px; padding-right:
80px;" src="images/nyu.png" alt="NYU Logo" width="200" /></a> <a
href="http://engineering.nyu.edu/"><img style="margin-right: 0px; padding-right: 80px;" src="images/NYU_Tandon_logo.png" alt="NYU Tandon Logo" width="200" /></a></p>
</div>
<div class="fl_left">
<h1 ><a href="index.htm">Prof. Justin Cappos</a></h1>
<p style="color:#FFF; font-size:14px">Professor <br/>
Computer Science & Engineering
</p>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row2">
<div id="topnav">
<ul>
<li class="active"><a href="index.htm">Home</a></li>
<!-- <li><a href="projects.htm">Projects</a></li> -->
<li><a href="publications.htm">Publications</a>
<li><a href="press.htm">Press</a></li>
<li><a href="philosophy.htm">Research Philosophy</a></li>
<li><a href="teaching.htm">Teaching</a></li>
<li><a href="calendar.htm">Calendar</a></li>
</li>
</ul>
<div class="clear"></div>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row4">
<div id="container" class="clear">
<!-- ####################################################################################################### -->
<div id="homepage" class="clear">
<div class="fl_right">
<br/>
<emph><p style="color:#000; font-size:16px">
This is a selected list of publications. A <a
href="fullpublications.html">full list</a> is available.
You can also learn more about my lab's research
on <a href="/publications">the Secure Systems Lab website</a></p></emph>
<br/>
<h2>Selected Conference Papers</h2>
<p><strong>"Rethinking Trust in Forge-Based Git Security"</strong>
<a href="/papers/yelgundhalli_gittuf_ndss_2025.pdf">PDF</a><br/>
A. Yelgundhalli, P. Zielinski, R. Curtmola, J. Cappos. <br/>
The <em>Network and Distributed System Security (NDSS) Symposium
2025 (NDSS 2025). [Artifact Available] [Artifact Functional] [Artifact Reproduced]</em><br/>
San Diego, CA 2025.<br/>
<strong>Distinguished Paper Award</a></strong></p>
<p><strong>"CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis"</strong>
<a href="/papers/covsbom_issre_2024.pdf">PDF</a><br/>
Y. Zhao, Y. Zhang, D. Chacko, J. Cappos. <br/>
The <em>35th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2024).</em><br/>
Tsukuba, Japan 2024.<br/>
<p><strong>"Securing Automotive Software Supply Chains"</strong>
<a href="/papers/moore_scudo_vehiclesec_2024.pdf">PDF</a><br/>
M. Moore, A. Yelgundhalli, J. Cappos. <br/>
The <em>Symposium on Vehicles Security and Privacy (VehicleSec) 2024.</em><br/>
San Diego, CA 2024.<br/>
<p><strong>"Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems"</strong>
<a href="/papers/moore_artemis_2023.pdf">PDF</a><br/>
M. Moore, T. Kuppusamy, J. Cappos</br>
<em>2023 Annual Computer Security Applications Conference (ACSAC) [Artifact Functional] [Artifact Reusable] [Results Reproduced]</em><br/>
Austin, Texas, 2023.</br>
<strong>Distinguished Paper with Artifacts Award</a></strong></p>
<p><strong>"Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings"</strong>(short paper)
<a href="/papers/moore_icsoft_port_22.pdf">PDF</a><br/>
P. Moore, T. Weis, M. Waldman, P. Frankl, J. Cappos. <br/>
The <em>17th International Conference on Software Technologies (ICSOFT 2022)</em><br/>
Lisbon, Portugal 2022.<br/>
<p><strong>"Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion"</strong>
<a href="/papers/gopstein_thinking_fse2020.pdf">PDF</a><br/>
D. Gopstein, A. L. Fayard, S. Apel, J. Cappos. <br/>
The <em>2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020) </em><br/>
Sacramento, California 2020.<br/>
<p><strong>"MicroCash: Practical Concurrent Processing of Micropayments"</strong>
<a href="/papers/almashaqbeh_microcash_fc20.pdf">PDF</a><br/>
G. Almashaqbeh, A. Bishop, J. Cappos. <br/>
The <em>Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC 2020).</em><br/>
Kota Kinabalu, Sabah, Malaysia 2020.<br/>
<p><strong>"Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures"</strong>
<a href="/papers/moore_crashsim_issre2019.pdf">PDF</a><br/>
P. Moore, J. Cappos, P. Frankl, T. Wies. <br/>
The <em>30th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2019).</em><br/>
Berlin, Germany 2019.<br/>
<strong>Best Paper Award</strong></p>
<p><strong>"in-toto: providing farm-to-table security properties for bits and bytes"</strong>
<a href="/papers/torres-toto-usenix19.pdf">PDF</a><br/>
S. Torres, H. Nanize, T. Kuppusamy, R. Curtmola, J. Cappos. <br />
The <em>28th USENIX Security Symposium (USENIX Security 2019).</em><br/>
Santa Clara, California 2019</p>
<p><strong>"CAPnet: A Defense Against Cache Accounting Attacks on Content
Distribution Networks"</strong>
<a href="/papers/almashaqbeh_capnet_cns19.pdf">PDF</a><br/>
G. Almashaqbeh, A. Bishop, K. Kelley, J. Cappos. <br />
The <em>IEEE Conference on Communications and Network Security
(IEEE CNS 2019).
</em><br/>
Washington, D.C. 2019</p>
<p><strong>"API Blindspots: Why Experienced Developers Write Vulnerable Code"</strong>
<a href="/papers/oliveira_blindspots_soups2018.pdf">PDF</a><br/>
D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate,
L. DeLong, J. Cappos, Y. Brun, N. Ebner. <br/>
<em>The Fourteenth Symposium on Usable Privacy and Security
(SOUPS 2018).</em><br/>
Baltimore, Maryland 2018</p>
<p><strong>"Prevalence of Confusing Code in Software Projects - Atoms of
Confusion in the Wild"</strong>
<a href="/papers/gopstein_atomswild_msr_2018.pdf">PDF</a><br/>
D. Gopstein, H. Zhou, P. Frankl, J. Cappos. <br/>
<em>The 15th International Conference on Mining Software
Repositories (MSR 2018).
</em><br/>
Gothenburg, Sweden 2018<br/>
<strong><a href="https://www.sigsoft.org/awards/distinguishedPaperAward.html">ACM SIGSOFT Distinguished Paper Award</a></strong></p>
<p><strong>"Towards Verifiable Web-based Git Repositories"</strong>
<a href="/papers/afzali_asiaccs_2018.pdf">PDF</a><br/>
H. Afzali, S. Torres, R. Curtmola, J. Cappos. <br/>
<em>The ACM Asia Conference on Computer and Communications Security
2018 (AsiaCCS 2018).
</em><br/>
Songdo, Korea 2018</p>
<p><strong>"Understanding Misunderstandings in Source Code"</strong>
<a href="/papers/gopstein_atoms_fse_2017.pdf">PDF</a><br/>
D. Gopstein, J. Iannacone, Y. Yan, L. Delong, Y. Zhuang, K.C. Yeh, and
J. Cappos. <br/>
<em>The 2017 ACM SIGSOFT Symposium on the Foundations of Software
Engineering (FSE 2017)</em><br/>
Paderborn, Germany 2017<br/>
<strong><a href="https://www.sigsoft.org/awards/distinguishedPaperAward.html">ACM SIGSOFT Distinguished Paper Award</a></strong></p>
<p><strong>"CHAINIAC: Software-Update Transparency via Collectively Signed
Skipchains and Verified Builds"</strong>
<a href="/papers/nikitin_chainiac_usenixsec_2017.pdf">PDF</a><br/>
K. Nikitin, L, Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi,
J. Cappos, B. Ford. <br/>
<em>The 26th USENIX Security Symposium (USENIX Security '17).</em><br/>
Vancouver, CA 2017</p>
<p><strong>"Mercury: Bandwidth-Effective Prevention of Rollback Attacks
Against Community Repositories"</strong>
<a href="/papers/kuppusamy-mercury-usenix-2017.pdf">PDF</a><br/>
T. Kuppusamy, V. Diaz, J. Cappos. <br/>
<em>The 2017 USENIX Annual Technical Conference (USENIX 2017).</em> <br />
Santa Clara, CA 2017.</p>
<p><strong>"Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path"</strong>
<a href="/papers/li_lind_usenix_2017.pdf">PDF</a><br/>
Y. Li, B. Dolan-Gavitt, S. Weber, J. Cappos. <br />
<em>The 2017 USENIX Annual Technical Conference (USENIX 2017).</em> <br />
Santa Clara, CA 2017.</p>
<p><strong>"Securing Software Updates for Automobiles"</strong>
<a href="/papers/kuppusamy_escar_16.pdf">PDF</a><br/>
T. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C.
Mott, S. Lauzon, A. Weimerskirch, J. Cappos. <br/>
<em>The 14th escar Europe (escar EU 2016).</em><br/>
Münich, Germany 2016.</p>
<p><strong>"On Omitting Commits and Committing Omissions: Preventing Git
Metadata Tampering That (Re)introduces Software Vulnerabilities"</strong>
<a href="/papers/torres_toto_usenixsec-2016.pdf">PDF</a><br/>
S. Torres-Arias, A. Ammula, R. Curtmola, J. Cappos. <br/>
<em>The 25th USENIX Security Symposium (USENIX Security '16).</em><br/>
Austin, TX 2016
<p><strong>"Diplomat: Using Delegations to Protect Community Repositories."</strong>
<a href="/papers/kuppusamy_nsdi_16.pdf">PDF</a><br/>
T. Kuppusamy, S. Torres-Arias, V. Diaz, J. Cappos. <br/>
<em>The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).</em><br/>
Santa Clara, CA 2016
<p><strong>"Detecting Latent Cross-Platform API Violations"</strong>
<a href="/papers/rasley_checkapi_issre2015.pdf">PDF</a><br/>
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi, J. Cappos. <br/>
<em>The 26th IEEE International Symposium on Software Reliability
Engineering (ISSRE 2015).</em><br/>
Gaithersburg, MD 2015.
<p><strong>"Fence: Protecting Device Availability With Uniform Resource
Control"</strong>
<a href="/papers/li-usenix-fence-2015.pdf">PDF</a>
<br/>
T. Li, A. Rafetseder, R. Fonseca, J. Cappos. <br />
<em>The 2015 USENIX Annual Technical Conference (USENIX 2015).</em> <br />
Santa Clara, CA 2015.</p>
<p><strong>"Selectively Taming Background Android Apps to Improve Battery Lifetime"</strong>
<a href="/papers/martins-atc15-camera.pdf">PDF</a>
<br/>
M. Martins, J. Cappos, R. Fonseca. <br />
<em>The 2015 USENIX Annual Technical Conference (USENIX 2015).</em> <br />
Santa Clara, CA 2015.</p>
<p><strong>"Can the Security Mindset Make Students Better Testers?" </strong>
<a href="/papers/hooshangi_sigcse15.pdf">PDF</a>
<br/>
S. Hooshangi, R. Weiss, J. Cappos. <br />
<em>The 46th Technical Symposium of the ACM Special Interest
Group for Computer Science Education (SIGCSE '15).</em> <br />
Kansas City, MO 2015.</p>
<p><strong>"It's the Psychology Stupid: How Heuristics Explain Software
Vulnerabilities and How Priming Can Illuminate Developer's Blind
Spots."</strong>
<a href="/papers/oliveira_puzzles_acsac_2014.pdf">PDF</a>
<br />
D. Oliveira, M. Rosenthal, N. Morin, K. Yeh, J. Cappos, Y. Zhuang.<br />
<em>The 30th Annual Computer Security Applications Conference
(ACSAC 2014).</em><br />
New Orleans, LA 2014<br />
<p><strong>"NetCheck: Network Diagnoses from Blackbox Traces."</strong> <a href="/papers/zhuang_netcheck_nsdi_14.pdf">PDF (recommended)</a> <a HREF="/papers/tr-cse-2013-03.pdf">Detailed Anaylsis</a><br />
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad,
I. Beschastnikh, J. Cappos. <br />
<em>The 11th USENIX Symposium on Networked Systems Design & Implementation (NSDI '14).</em><br />
Seattle, WA 2014. <br />
<p><strong>"Teaching the Security Mindset With Reference Monitors" </strong><a href="/papers/cappos_refmonitor_sigcse_14.pdf">PDF</a><br />
J. Cappos, R. Weiss. <br />
<em>The 45th Technical Symposium of the ACM Special Interest
Group for Computer Science Education (SIGCSE '14).</em> <br />
Atlanta, GA 2014.</p>
<p><strong>"Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates." </strong><a href="/papers/cappos_uppir_fc_13.pdf">PDF</a> <a href="/papers/tr-cse-2013-01.pdf">Extended TR (recommended)</a></strong><br />
J. Cappos. <br />
<em>Financial Cryptography and Data Security 2013 (FC '13).</em><br />
Okinawa, Japan 2013.</p>
<p><strong>"Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code." </strong><a href="/papers/cappos_seattle_ccs_10.pdf">PDF</a><br />
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson. <br />
<em>The 17th ACM Conference on Computer and Communications Security (CCS '10).</em> <br />
Chicago, IL, 2010.</p>
<p><strong>"Survivable Key Compromise in Software Update Systems." </strong><a href="/papers/samuel_tuf_ccs_2010.pdf">PDF</a><br />
J. Samuel, N. Mathewson, J. Cappos, R. Dingledine.<br />
<em>The 17th ACM Conference on Computer and Communications Security (CCS '10).</em> <br />
Chicago, IL, 2010.<br />
<strong>Finalist for <a href="http://www.poly.edu/csaw-research">2010 AT&T Award for Best Applied Security Research Paper</a></strong></p>
<p><strong>"Seattle: A Platform for Educational Cloud Computing." </strong><a href="/papers/cappos_seattle_sigcse_2009.pdf">PDF</a><br />
J. Cappos, I. Beschastnikh, A. Krishnamurthy, T. Anderson. <br />
<em>The 40th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '09).</em> <br />
Chattanooga, TN USA, March 2009</p>
<p><strong>"A Look In the Mirror: Attacks on Package Managers." </strong><a href="/papers/cappos_mirror_ccs_08.pdf">PDF</a><br />
J. Cappos, J. Samuel, S. Baker, J. Hartman. <br />
<em>The 15th ACM Conference on Computer and Communications Security (CCS '08).</em> <br />
Alexandria, VA, 2008.</p>
<p><strong>"San Fermin: Aggregating Large Data Sets using Dynamic Binomial Trees." </strong><a href="/papers/cappos_sanfermin_nsdi_08.pdf">PDF</a><br />
J. Cappos, J. Hartman. <br />
<em>The 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08).</em><br />
San Francisco, CA, 2008. <br />
<strong>Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department</strong> (superceeding University of Arizona Tech Report 07-01)</p>
<p><strong>"Stork: Package Management for Distributed VM Environments." </strong><a href="/papers/cappos_stork_lisa_07.pdf">PDF</a><br />
J. Cappos, S. Baker, J. Plichta, D. Nyugen, J. Hardies, M. Borgard, J. Johnston, J. Hartman. <br />
<em>The 21st Large Installation System Administration Conference (LISA 2007).</em> <br />
Dallas, TX, 2007. (superceeding University of Arizona Tech Report 07-02)</p>
<p><strong>"Proper: Privileged Operations in a Virtualised System Environment." </strong><a href="/papers/muir_proper_usenix05short_2005.pdf">PDF</a><br />
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman.<br />
<em>USENIX '05 Annual Technical Conference.</em><br />
Anaheim, CA, 2005.</p>
</div>
<div class="fl_left">
<h2 class="title">Quick Links</h2>
<div id="hpage_quicklinks">
<ul class="clear">
<li> <a href="https://en.wikipedia.org/wiki/Justin_Cappos">
Justin's Wikipedia profile</a>
<li> <a href="/">Secure Systems Lab</a>
<hr/>
<li><a href="http://engineering.nyu.edu/academics/departments/computer-science-engineering">Department of Computer Science and Engineering</a></li>
<li> <a href="http://engineering.nyu.edu/business/future-labs">NYU's Incubators</a>
<!-- <li><a href="http://nyuwireless.com/">NYU WIRELESS</a></li>
<li> <a href="http://catt.poly.edu/">New York State Center for Advanced Technology in Telecommunications</a>
<li> <a href="http://www.nycmedialab.org/">NYC Media Lab</a>
-->
</ul>
</div>
<div id="hpage_socialize">
<h2 class="title">Contact</h2>
<ul id="contact-info">
<li> Phone: (646) 997 3116</li>
<br/>
<li> Email: <a href="mailto:[email protected]">[email protected]</a></li>
<li><a href="justincappos.pgp-pubkey.asc">PGP/GPG key</a> </li>
<i><li>fingerprint E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A</li></i>
</ul>
<br/> <br/>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="clear"></div>
</div>
</div>
</div>
<!-- ####################################################################################################### -->
<div class="wrapper row5">
<div id="copyright" class="clear">
<div id="copyright" class="clear">
<hr/>
<p style="color:#000;padding:15px 0;
border-top:0px solid ##522E91;"class="fl_left">
This work was supported in part by the NSF (under grants 0966187, 0834243,
1345049, 1223588, 1205415, 1241568, 1241653, 0937157, 1405904, 1405907,
1407161, and 1444827), Time Warner Cable,
CATT, the GPO, the NYC Media Lab, CRISSP, the NW-DCSD project, AIG, DARPA,
DHS, and
NYU WIRELESS. The
views and conclusions contained in this document are those of the authors and
should not be interpreted as necessarily representing the official policies,
either expressed or implied, of any of the sponsors.
</br>
</p>
</div>
<!-- ####################################################################################################### -->