This is a selected list of publications. A full list is available. You can also learn more about my lab's research on the Secure Systems Lab website


Selected Conference Papers

"API Blindspots: Why Experienced Developers Write Vulnerable Code"
D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate, L. DeLong, J. Cappos, Y. Brun, N. Ebner.
To appear at the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018).
Baltimore, Maryland 2018

"Prevalence of Confusing Code in Software Projects - Atoms of Confusion in the Wild" PDF
D. Gopstein, H. Zhou, P. Frankl, J. Cappos.
To appear at the 15th International Conference on Mining Software Repositories (MSR 2018).
Gothenburg, Sweden 2018

"Towards Verifiable Web-based Git Repositories"
H. Afzali, S. Torres, R. Curtmola, J. Cappos. PDF
To appear at the ACM Asia Conference on Computer and Communications Security 2018 (AsiaCCS 2018).
Songdo, Korea 2018

"Understanding Misunderstandings in Source Code" PDF
D. Gopstein, J. Iannacone, Y. Yan, L. Delong, Y. Zhuang, K.C. Yeh, and J. Cappos.
The 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2017)
Paderborn, Germany 2017
ACM SIGSOFT Distinguished Paper Award

"CHAINIAC: Software-Update Transparency via Collectively Signed Skipchains and Verified Builds" PDF
K. Nikitin, L, Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi, J. Cappos, B. Ford.
The 26th USENIX Security Symposium (USENIX Security '17).
Vancouver, CA 2017

"Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories" PDF
T. Kuppusamy, V. Diaz, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path" PDF
Y. Li, B. Dolan-Gavitt, S. Weber, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Securing Software Updates for Automobiles" PDF
T. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, J. Cappos.
The 14th escar Europe (escar EU 2016).
Münich, Germany 2016.

"On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities" PDF
S. Torres-Arias, A. Ammula, R. Curtmola, J. Cappos.
The 25th USENIX Security Symposium (USENIX Security '16).
Austin, TX 2016

"Diplomat: Using Delegations to Protect Community Repositories." PDF
T. Kuppusamy, S. Torres-Arias, V. Diaz, J. Cappos.
The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).
Santa Clara, CA 2016

"Detecting Latent Cross-Platform API Violations" PDF
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi, J. Cappos.
The 26th IEEE International Symposium on Software Reliability Engineering (ISSRE 2015).
Gaithersburg, MD 2015.

"Fence: Protecting Device Availability With Uniform Resource Control"  PDF
T. Li, A. Rafetseder, R. Fonseca, J. Cappos.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"Selectively Taming Background Android Apps to Improve Battery Lifetime"  PDF
M. Martins, J. Cappos, R. Fonseca.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"Can the Security Mindset Make Students Better Testers?"  PDF
S. Hooshangi, R. Weiss, J. Cappos. 
The 46th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '15).
Kansas City, MO 2015.

"It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots."  PDF
D. Oliveira, M. Rosenthal, N. Morin, K. Yeh, J. Cappos, Y. Zhuang.
The 30th Annual Computer Security Applications Conference (ACSAC 2014).
New Orleans, LA 2014

"On the Internet, nobody knows you're a dog": A Twitter Case Study of Anonymity in Social Networks. PDF
S. Peddinti, K. Ross, J. Cappos.
The Conference on Online Social Networks (COSN'14).
Dublin, Ireland 2014.

"NetCheck: Network Diagnoses from Blackbox Traces." PDF (recommended) Detailed Anaylsis
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, J. Cappos. 
The 11th USENIX Symposium on Networked Systems Design & Implementation (NSDI '14).
Seattle, WA 2014.

"Teaching the Security Mindset With Reference Monitors" PDF
J. Cappos, R. Weiss. 
The 45th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '14).
Atlanta, GA 2014.

"Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates." PDF Extended TR (recommended)
J. Cappos. 
Financial Cryptography and Data Security 2013 (FC '13).
Okinawa, Japan 2013.

"Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code." PDF
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.

"Survivable Key Compromise in Software Update Systems." PDF
J. Samuel, N. Mathewson, J. Cappos, R. Dingledine.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.
Finalist for 2010 AT&T Award for Best Applied Security Research Paper

"Seattle: A Platform for Educational Cloud Computing." PDF
J. Cappos, I. Beschastnikh, A. Krishnamurthy, T. Anderson. 
The 40th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '09).
Chattanooga, TN USA, March 2009

"A Look In the Mirror: Attacks on Package Managers." PDF
J. Cappos, J. Samuel, S. Baker, J. Hartman. 
The 15th ACM Conference on Computer and Communications Security (CCS '08).
Alexandria, VA, 2008.

"San Fermin: Aggregating Large Data Sets using Dynamic Binomial Trees." PDF
J. Cappos, J. Hartman. 
The 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08).
San Francisco, CA, 2008.
Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department (superceeding University of Arizona Tech Report 07-01)

"Stork: Package Management for Distributed VM Environments." PDF
J. Cappos, S. Baker, J. Plichta, D. Nyugen, J. Hardies, M. Borgard, J. Johnston, J. Hartman.
The 21st Large Installation System Administration Conference (LISA 2007).
Dallas, TX, 2007. (superceeding University of Arizona Tech Report 07-02)

"Proper: Privileged Operations in a Virtualised System Environment." PDF
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman.
USENIX '05 Annual Technical Conference.
Anaheim, CA, 2005.

Quick Links

Contact