This is a selected list of publications. A full list is available. You can also learn more about my lab's research on the Secure Systems Lab website


Selected Conference Papers

"Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems" PDF
M. Moore, T. Kuppusamy, J. Cappos
2023 Annual Computer Security Applications Conference (ACSAC) [Artifact Functional] [Artifact Reusable] [Results Reproduced]
Austin, Texas, 2023.

"Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings"(short paper)
P. Moore, T. Weis, M. Waldman, P. Frankl, J. Cappos.
To appear at the 17th International Conference on Software Technologies (ICSOFT 2022)
Lisbon, Portugal 2022.

"Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion" PDF
D. Gopstein, A. L. Fayard, S. Apel, J. Cappos.
The 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020)
Sacramento, California 2020.

"MicroCash: Practical Concurrent Processing of Micropayments" PDF
G. Almashaqbeh, A. Bishop, J. Cappos.
The Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC 2020).
Kota Kinabalu, Sabah, Malaysia 2020.

"Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures" PDF
P. Moore, J. Cappos, P. Frankl, T. Wies.
The 30th IEEE International Symposium on Software Reliability Engineering (ISSRE 2019).
Berlin, Germany 2019.
Best Paper Award

"in-toto: providing farm-to-table security properties for bits and bytes" PDF
S. Torres, H. Nanize, T. Kuppusamy, R. Curtmola, J. Cappos.
The 28th USENIX Security Symposium (USENIX Security 2019).
Santa Clara, California 2019

"CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks" PDF
G. Almashaqbeh, A. Bishop, K. Kelley, J. Cappos.
The IEEE Conference on Communications and Network Security (IEEE CNS 2019).
Washington, D.C. 2019

"API Blindspots: Why Experienced Developers Write Vulnerable Code" PDF
D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate, L. DeLong, J. Cappos, Y. Brun, N. Ebner.
The Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018).
Baltimore, Maryland 2018

"Prevalence of Confusing Code in Software Projects - Atoms of Confusion in the Wild" PDF
D. Gopstein, H. Zhou, P. Frankl, J. Cappos.
The 15th International Conference on Mining Software Repositories (MSR 2018).
Gothenburg, Sweden 2018
ACM SIGSOFT Distinguished Paper Award

"Towards Verifiable Web-based Git Repositories" PDF
H. Afzali, S. Torres, R. Curtmola, J. Cappos.
The ACM Asia Conference on Computer and Communications Security 2018 (AsiaCCS 2018).
Songdo, Korea 2018

"Understanding Misunderstandings in Source Code" PDF
D. Gopstein, J. Iannacone, Y. Yan, L. Delong, Y. Zhuang, K.C. Yeh, and J. Cappos.
The 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2017)
Paderborn, Germany 2017
ACM SIGSOFT Distinguished Paper Award

"CHAINIAC: Software-Update Transparency via Collectively Signed Skipchains and Verified Builds" PDF
K. Nikitin, L, Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi, J. Cappos, B. Ford.
The 26th USENIX Security Symposium (USENIX Security '17).
Vancouver, CA 2017

"Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories" PDF
T. Kuppusamy, V. Diaz, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path" PDF
Y. Li, B. Dolan-Gavitt, S. Weber, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Securing Software Updates for Automobiles" PDF
T. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, J. Cappos.
The 14th escar Europe (escar EU 2016).
Münich, Germany 2016.

"On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities" PDF
S. Torres-Arias, A. Ammula, R. Curtmola, J. Cappos.
The 25th USENIX Security Symposium (USENIX Security '16).
Austin, TX 2016

"Diplomat: Using Delegations to Protect Community Repositories." PDF
T. Kuppusamy, S. Torres-Arias, V. Diaz, J. Cappos.
The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).
Santa Clara, CA 2016

"Detecting Latent Cross-Platform API Violations" PDF
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi, J. Cappos.
The 26th IEEE International Symposium on Software Reliability Engineering (ISSRE 2015).
Gaithersburg, MD 2015.

"Fence: Protecting Device Availability With Uniform Resource Control"  PDF
T. Li, A. Rafetseder, R. Fonseca, J. Cappos.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"Selectively Taming Background Android Apps to Improve Battery Lifetime"  PDF
M. Martins, J. Cappos, R. Fonseca.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"Can the Security Mindset Make Students Better Testers?"  PDF
S. Hooshangi, R. Weiss, J. Cappos. 
The 46th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '15).
Kansas City, MO 2015.

"It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots."  PDF
D. Oliveira, M. Rosenthal, N. Morin, K. Yeh, J. Cappos, Y. Zhuang.
The 30th Annual Computer Security Applications Conference (ACSAC 2014).
New Orleans, LA 2014

"NetCheck: Network Diagnoses from Blackbox Traces." PDF (recommended) Detailed Anaylsis
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, J. Cappos. 
The 11th USENIX Symposium on Networked Systems Design & Implementation (NSDI '14).
Seattle, WA 2014.

"Teaching the Security Mindset With Reference Monitors" PDF
J. Cappos, R. Weiss. 
The 45th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '14).
Atlanta, GA 2014.

"Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates." PDF Extended TR (recommended)
J. Cappos. 
Financial Cryptography and Data Security 2013 (FC '13).
Okinawa, Japan 2013.

"Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code." PDF
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.

"Survivable Key Compromise in Software Update Systems." PDF
J. Samuel, N. Mathewson, J. Cappos, R. Dingledine.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.
Finalist for 2010 AT&T Award for Best Applied Security Research Paper

"Seattle: A Platform for Educational Cloud Computing." PDF
J. Cappos, I. Beschastnikh, A. Krishnamurthy, T. Anderson. 
The 40th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '09).
Chattanooga, TN USA, March 2009

"A Look In the Mirror: Attacks on Package Managers." PDF
J. Cappos, J. Samuel, S. Baker, J. Hartman. 
The 15th ACM Conference on Computer and Communications Security (CCS '08).
Alexandria, VA, 2008.

"San Fermin: Aggregating Large Data Sets using Dynamic Binomial Trees." PDF
J. Cappos, J. Hartman. 
The 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08).
San Francisco, CA, 2008.
Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department (superceeding University of Arizona Tech Report 07-01)

"Stork: Package Management for Distributed VM Environments." PDF
J. Cappos, S. Baker, J. Plichta, D. Nyugen, J. Hardies, M. Borgard, J. Johnston, J. Hartman.
The 21st Large Installation System Administration Conference (LISA 2007).
Dallas, TX, 2007. (superceeding University of Arizona Tech Report 07-02)

"Proper: Privileged Operations in a Virtualised System Environment." PDF
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman.
USENIX '05 Annual Technical Conference.
Anaheim, CA, 2005.

Quick Links

Contact