- SPIFFE Security Analysis Made Public
2018-09-13 · Posted by: Justin Cappos · Categories: · Comments
Over the past few months, I have been working with contributors to SPIFFE and SPIRE to do a security analysis of their projects. Part 1 of our analysis is now live...
- Eliminating Weak Links in the Software Supply Chain
2018-07-02 · Posted by: Lois Anne DeLong · Categories: in-toto · Comments
There is a growing awareness in the open source software development community that, even if a new or revised program is secured at each individual step of its development an uncontaminated final product is still not guaranteed. The nature...
- Retiring Seattle Testbed -- 10 Years and Thousands of Users.
2018-06-26 · Posted by: Justin Cappos · Categories: SeattleSensibility · Comments
Ten years ago, I (Justin Cappos) wrote the first few lines of code in a Python based sandbox called Repy, intended for use in a new peer-to-peer cloud environment. This started...
- What makes confusing code so confusing? Current Atoms initiatives look for the Hows, Whys and Wheres
2018-06-05 · Posted by: Lois Anne DeLong · Categories: Atoms of Confusion · Comments
The Atoms of Confusion project deals with perhaps the most random variable in the development of software—the human programmer who writes and/or maintains the code. The contention of...
- TUFening the Cloud: CII Badge Acknowledges Standards of The Update Framework
2018-05-06 · Posted by: Lois Anne DeLong · Categories: TUF · Comments
When the Linux Foundation adopted The Update Framework (TUF) in October of 2017, it both recognized what the software update framework had already achieved to date and set a new standard for it to strive for. As one of...
- SAS Hackathon Creates Teachable Moments for Sensibility Developers
2018-04-03 · Posted by: Lois Anne DeLong · Categories: Sensibility · Comments
Prior to its 2014 gathering, the IEEE Sensors Application Symposium (SAS) invited the Sensibility Testbed team from SSL to run a hands-on, day-long workshop for participants at the conference in Queenstown, New Zealand. At the time...
- Seattle and Fog Computing: Bringing the Cloud Closer to the IoT
2018-02-13 · Posted by: Lois Anne DeLong · Categories: Seattle · Comments
There is no doubt that cloud computing, in one form or another, is here to stay. In 2017, Gartner, a prominent research firm, estimated an 18% growth in worldwide revenue...
- Creating a Web-enabled USB Driver with WebUSB
2018-01-08 · Posted by: Santiago Torres-Arias · Categories: Informational · Comments
WebUSB is an emerging technology that opens numerous possibilities for interaction with hardware devices without the need to install any drivers on the user side. This could be very useful for playing web-based games...
- TUF Featured at CloudNativeCon
2017-12-07 · Posted by: Justin Cappos · Categories: TUF · Comments
A few months ago, TUF was adopted by the Linux Foundations [Cloud Native Computing Foundation](https://techcrunch.com/2017/10/24/the-cloud-native-computing-foundation-adds-two-security-projects-to-its-open-source-stable/). The CNCF provides a more...
- Uptane named one of the Top Security Innovations of 2017 by Popular Science
2017-10-18 · Posted by: Justin Cappos · Categories: Uptane · Comments
- CacheCash Hackathon: It Takes a Village (or a Lab…)
2017-08-15 · Posted by: Lois Anne DeLong · Categories: CacheCash · Comments
A hackathon can be likened to the barn raisings of old, in which a community would come together for one day to build a barn or a home for a neighbor. Like those earlier communal activities, a hackathon involves a group of individuals collaborating...
- Welcome to Brooklyn: Summer is Intern Season
2017-07-27 · Posted by: Lois Anne DeLong · Categories: UptaneSeattleLindin-totoAtoms of Confusion andCrashSimulator · Comments
Over the past few weeks, SSL has welcomed a diverse group of summer interns to 2 Metrotech. A total of 11 undergraduate, master’s, and high school students are now conducting hands-on research in advancement of...
- SSL to NTIA: Secure Software Updates on the IoT
2017-07-03 · Posted by: Lois Anne DeLong · Categories: TUF · Comments
On May 11, President Trump issued an Executive Order to improve the “cybersecurity of Federal networks and critical infrastructure.” The document is a call to action to a number of Federal agencies..
- Medical Device Insecurity --- A Prescription For Disaster
2017-06-17 · Posted by: Justin Cappos · Categories: Upccinate · Comments
This past week I spent time in Finland working with medical device experts. I talked to vendors, hospital IT personnel, and security experts which helped me learn a lot...
- Atoms of Confusion: Tracking the Tiny Causes of Programmer Misunderstanding
2017-06-05 · Posted by: Dan Gopstein · Categories: Atoms of Confusion · Comments
Atoms of Confusion is a project designed to understand the root causes of programmers’ misunderstanding of source code. It is anchored in the idea that empirical software engineering research...
- Rubber Meets the Road: Classroom Lessons Learned from Seattle
2017-05-29 · Posted by: Lois Anne DeLong · Categories: Seattle · Comments
When Seattle first debuted in 2009, it brought to life several exciting ideas. For starters, it demonstrated the potential of cloud technology that could securely run on donated devices. It also gave educators..
- Google Summer of Code -- Python Dependency Resolution
2017-05-22 · Posted by: Justin Cappos · Categories: TUF · Comments
This summer we are giving back to the Python community. I am excited to be working with Donald Stufft to mentor Pradyun Gedam, while he works on dependency resolution for pip...
- TUFening UP Conex
2017-05-15 · Posted by: Justin Cappos · Categories: TUF · Comments
I spent this week with Hannes Mehnert figuring out how best to secure Conex, a TUF-like system for the OCaml community. We spent quite a bit of time pouring over the Conex proposal...
- Demonstrated defense: Uptane takes a test drive
2017-05-08 · Posted by: Lois Anne DeLong · Categories: Uptane · Comments
While the Uptane group continues to invite white hat hackers to “break our system” before malicious parties attempt to do so for real, several of the developers..
- All in One Day’s Work: Fourth Sensibility Testbed Hackathon
2017-05-01 · Posted by: Yanyan Zhuang · Categories: Sensibility · Comments
For four years, the Sensibility Testbed project has thrown down a gauntlet to students——in less than one day, use the platform to design and test a new sensor...
- Notes from DockerCon 2017
2017-04-24 · Posted by: Justin Cappos · Categories: TUF, in-toto, and lind · Comments
This week several members of the lab went to DockerCon 2017 to learn about some of the exciting new things happening in the Docker eco-system. We also gave a talk on TUF...
- Coming Attractions. PPH and CrashSimulator at the Expo, April 21
2017-04-17 · Posted by: Lois Anne DeLong · Categories: PolyPasswordHasher and CrashSimulator · Comments
The Research Expo at the NYU Tandon School of Engineering is a showcase where students and faculty alike can share their current research activities with the greater academic...
- Where the Rubber Meets the Road. Lessons learned from NetCheck
2017-04-10 · Posted by: Justin Cappos · Categories: NetCheck · Comments
In 2014, Eleni Gessiou, Yanyan Zhuang, Justin Cappos, and four of their students introduced a new diagnostic tool called...
- Driving Forward. How a Big Idea Begins its Journey Towards Marketplace Acceptance
2017-04-04 · Posted by: Lois Anne DeLong · Categories: Uptane · Comments
So, you’ve come up with a really cool idea, discussed it with some knowledgeable people in order to frame that idea for a specific market, and written a program that is now attracting attention...
- SHAttered: Not All It's Cracked Up to Be
2017-03-27 · Posted by: Lois Anne DeLong · Categories: Informational · Comments
NYU graduate student Santiago Torres-Arias has a one-word message for those who might be shaken up by Google’s February 23 announcement of "the first practical technique" for attacking systems based on SHA-1, and that word is "relax."
- Why Does Our Lab Need A Blog?
2017-03-20 · Posted by: Justin Cappos · Categories: Informational · Comments
Ideas do not always come in conference paper-sized chunks. Sometimes they are too small to fill a paper. Other times they find themselves cut loose from a paper that did not have enough pages to discuss everything. And, in...