You can also learn more about my lab's research on the Secure Systems Lab website


Conference Papers

"Understanding Misunderstandings in Source Code" PDF
D. Gopstein, J. Iannacone, Y. Yan, L. Delong, Y. Zhuang, K.C. Yeh, and J. Cappos.
To appear at the 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2017)
Paderborn, Germany 2017
ACM SIGSOFT Distinguished Paper Award

"CHAINIAC: Software-Update Transparency via Collectively Signed Skipchains and Verified Builds"
K. Nikitin, L, Kokoris-Kogias, P. Jovanovic, N. Gailly, L. Gasser, I. Khoffi, J. Cappos, B. Ford.
To appear at the 26th USENIX Security Symposium (USENIX Security '17).
Vancouver, CA 2017

"Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories" PDF
T. Kuppusamy, V. Diaz, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path" PDF
Y. Li, B. Dolan-Gavitt, S. Weber, J. Cappos.
The 2017 USENIX Annual Technical Conference (USENIX 2017).
Santa Clara, CA 2017.

"Measuring the Fitness of Fitness Trackers"  PDF
C. Bender, J. Hoffstot, B. Combs, S. Hooshangi, J. Cappos.
The 2017 IEEE Sensors Applications Symposium (SAS 2017).
Glassboro, NJ 2017.

"Securing Software Updates for Automobiles" PDF
T. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, J. Cappos.
The 14th escar Europe (escar EU 2016).
Münich, Germany 2016.

"On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities" PDF
S. Torres-Arias, A. Ammula, R. Curtmola, J. Cappos.
The 25th USENIX Security Symposium (USENIX Security '16).
Austin, TX 2016

"Diplomat: Using Delegations to Protect Community Repositories." PDF
T. Kuppusamy, S. Torres-Arias, V. Diaz, J. Cappos.
The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).
Santa Clara, CA 2016

"Finding Sensitive Accounts on Twitter: An Automated Approach Based on Follower Anonymity" PDF Longer Version (recommended)
S. Peddinti, K. Ross, J. Cappos.
Tenth International AAAI Conference on Web and Social Media (ICWSM 16).
Cologne, Germany 2016.

"Detecting Latent Cross-Platform API Violations" PDF
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi, J. Cappos.
The 26th IEEE International Symposium on Software Reliability Engineering (ISSRE 2015).
Gaithersburg, MD 2015.

"A Fast Multi-Server, Multi-Block Private Information Retrieval Protocol." PDF
L. Wang, T. Kuppusamy, Y. Liu, J. Cappos.
The IEEE GLOBECOM 2015 Conference.
San Diego, CA 2015.

"Trust Evaluation in Mobile Devices: An Empirical Study." PDF
R. Weiss, L. Reznik, Y. Zhuang, A. Hoffman, A. Rafetseder, T. Li, J. Cappos.
The IEEE TrustCom 2015 conference.
Helsinki, Finland 2015.

"Fence: Protecting Device Availability With Uniform Resource Control"  PDF
T. Li, A. Rafetseder, R. Fonseca, J. Cappos.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"Selectively Taming Background Android Apps to Improve Battery Lifetime"  PDF
M. Martins, J. Cappos, R. Fonseca.
The 2015 USENIX Annual Technical Conference (USENIX 2015).
Santa Clara, CA 2015.

"A First Look at Vehicle Data Collection via Smartphone Sensors"  PDF
M. Reininger, S. Miller, Y. Zhuang, J. Cappos.
The 2015 IEEE Sensors Applications Symposium (SAS 2015).
Zadar, Croatia 2015.

"Can the Security Mindset Make Students Better Testers?"  PDF
S. Hooshangi, R. Weiss, J. Cappos. 
The 46th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '15).
Kansas City, MO 2015.

"It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots."  PDF
D. Oliveira, M. Rosenthal, N. Morin, K. Yeh, J. Cappos, Y. Zhuang.
The 30th Annual Computer Security Applications Conference (ACSAC 2014).
New Orleans, LA 2014

"On the Internet, nobody knows you're a dog": A Twitter Case Study of Anonymity in Social Networks. PDF
S. Peddinti, K. Ross, J. Cappos.
The Conference on Online Social Networks (COSN'14).
Dublin, Ireland 2014.

"NetCheck: Network Diagnoses from Blackbox Traces." PDF (recommended) Detailed Anaylsis
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, J. Cappos. 
The 11th USENIX Symposium on Networked Systems Design & Implementation (NSDI '14).
Seattle, WA 2014.

"BlurSense: Dynamic Fine-Grained Access Control for Smartphone Privacy" PDF
J. Cappos, L. Wang, R. Weiss, Y. Yang, Y. Zhuang. 
The 2014 IEEE Sensors Applications Symposium (SAS 2014).
Queenstown, New Zealand 2014.

"Teaching the Security Mindset With Reference Monitors" PDF
J. Cappos, R. Weiss. 
The 45th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '14).
Atlanta, GA 2014.

"Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates." PDF Extended TR (recommended)
J. Cappos. 
Financial Cryptography and Data Security 2013 (FC '13).
Okinawa, Japan 2013.

"Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code." PDF
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, T. Anderson.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.

"Survivable Key Compromise in Software Update Systems." PDF
J. Samuel, N. Mathewson, J. Cappos, R. Dingledine.
The 17th ACM Conference on Computer and Communications Security (CCS '10).
Chicago, IL, 2010.
Finalist for 2010 AT&T Award for Best Applied Security Research Paper

"Rhizoma: a runtime for self-deploying, self-managing overlays." PDF
Q. Yin, A. Schupbach, J. Cappos, A. Baumann, T. Roscoe.
The 10th International Middleware Conference (MIDDLEWARE '09).
Urbana Champagne, IL USA, November 2009

"Seattle: A Platform for Educational Cloud Computing." PDF
J. Cappos, I. Beschastnikh, A. Krishnamurthy, T. Anderson. 
The 40th Technical Symposium of the ACM Special Interest Group for Computer Science Education (SIGCSE '09).
Chattanooga, TN USA, March 2009

"A Look In the Mirror: Attacks on Package Managers." PDF
J. Cappos, J. Samuel, S. Baker, J. Hartman. 
The 15th ACM Conference on Computer and Communications Security (CCS '08).
Alexandria, VA, 2008.

"San Fermin: Aggregating Large Data Sets using Dynamic Binomial Trees." PDF
J. Cappos, J. Hartman. 
The 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI '08).
San Francisco, CA, 2008.
Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department (superceeding University of Arizona Tech Report 07-01)

"Stork: Package Management for Distributed VM Environments." PDF
J. Cappos, S. Baker, J. Plichta, D. Nyugen, J. Hardies, M. Borgard, J. Johnston, J. Hartman.
The 21st Large Installation System Administration Conference (LISA 2007).
Dallas, TX, 2007. (superceeding University of Arizona Tech Report 07-02)

"Simultaneous Graph Embedding with Bends and Circular Arcs." PDF
J. Cappos, A. Estrella-Balderrama, J. Fowler, S. Kobourov. 
14th International Symposium on Graph Drawing (GD 2006).
Karlsruhe, Germany, 2006

"Proper: Privileged Operations in a Virtualised System Environment." PDF
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman.
USENIX '05 Annual Technical Conference.
Anaheim, CA, 2005.

"Collaboration with DiamondTouch." PDF
S. Kobourov, K. Pavlou, J. Cappos, M. Stepp, M. Miles, A. Wixted,
The Tenth IFIP TC13 International Conference on Human-Computer Interaction (INTERACT 2005).
Rome, Italy, 2005


Workshop Papers

"Vulnerabilities as Blind Spots in Developer's Heuristic-Based Mental Models." PDF
Justin Cappos, Yanyan Zhuang, Daniela Oliveira, Marissa Rosenthal and Kuo-Chuan Yeh.
The New Security Paradigms Workshop (NSPW'14)
Victoria, BC, Canada, September 2014.

"Experience with Seattle: A Community Platform for Research and Education" PDF
Y. Zhuang, A. Rafetseder, J. Cappos.
The Second GENI Research and Educational Workshop.
Salt Lake City, USA, March 2013. 

"Sensorium - The Generic Sensor Framework." 1 page (PDF) Networked Systems Demo (PDF)
A. Rafetseder, F. Metzger, L. Pühringer, K. Tutschku, Y. Zhuang, J. Cappos
PIK 2013.
Stuttgart, Germany 2013.

"Towards a Representative Testbed: Harnessing Volunteers for Networks Research" PDF
M. Muhammad, J. Cappos.
The First GENI Research and Educational Workshop.
Los Angeles, CA, USA, March 2012. 

"Lind: Challenges turning virtual composition into reality" PDF
C. Matthews, J. Cappos, R. McGeer, S. Neville, Y. Coady.
Workshop on Free Composition (FREECO '11).
Portland, OR, USA, October 2011. 

"ET (Smart) Phone Home!" PDF
L. Collares, C. Matthews, J. Cappos, Y. Coady, R. McGeer.
Workshop on NExt-generation Applications of smarTphones (NEAT '11).
Portland, OR, USA, October 2011. 

"NanoXen : Better Systems Through Rigorous Containment and Active Modeling." PDF
C. Matthews, J. Cappos, Y. Coady, J. Hartman, J. Jacky, R. McGeer.
The Ninth Workshop on Specification and Verification of Component-Based Systems (SAVCBS '10). 
Santa-Fe, NM, USA, November 2010. 

"Model-based testing without a model: assessing portability in the Seattle testbed." PDF
J. Cappos, J. Jacky, 
The Fifth Workshop on Systems Software Verification (SSV '10).
Vancouver, BC, Canada, October, 2010.

"Dependable Self-Hosting Distributed Systems Using Constraints." PDF
Q. Yin, J. Cappos, A. Baumann, T. Roscoe, 
Proceedings of the Fourth Workshop on Hot Topics in Systems Dependability (HotDep 2008).
San Diego, CA, USA, December 7, 2008.

"Net-X: Unified Data-Centric Internet Services." PDF
P. Rao, J. Cappos, V. Khare, B. Moon, B. Zhang,
NetDB: Workshop On Networking Meets Databases (2007).
Cambridge, MA, April 2007

"Why It Is Hard to Build a Long Running Service on Planetlab." PDF
J. Cappos, J. Hartman, 
Workshop on Real Large Distributed Systems (WORLDS 2005).
San Francisco, CA, December 2005. 

"Trees on Tracks." PDF
J. Cappos, S. Kobourov. 
14th Annual Fall Workshop on Computational Geometry.
MIT, Cambridge, MA, 2004.


Selected Journal Articles, Magazine Articles, and Tech Reports

"User Anonymity on Twitter"  PDF
S. T. Peddinti and K. W. Ross and J. Cappos. 
IEEE Security Privacy
pages 84-87, 2017.

"Securing Software Updates for Automotives Using Uptane"  PDF
T. Kuppusamy, L. Delong, J. Cappos. 
;login:
Summer, 2017.

"Tsumiki: A Meta-Platform for Building Your Own Testbed"  PDF
J. Cappos, Y. Zhuang, A. Rafetseder, I. Beschastnikh. 
Technical Report
2015.

"Privacy-Preserving Experimentation with Sensibility Testbed"  PDF
Y. Zhuang, A. Rafetseder, J. Cappos. 
;login:
pages 18-21, August, 2015.

"PolyPasswordHasher: Improving Password Storage Security"  PDF
S. Torres, J. Cappos. 
;login:
pages 18-21, December, 2014.

"Future Internet Bandwidth Trends: An Investigation on Current and Future Disruptive Technologies." PDF
Y. Zhuang, J. Cappos, T. S. Rappaport and R. McGeer
NYU Poly Computer Science Tech Report TR-CSE-2013-04.2013.

"ToMaTo: A Virtual Research Environment for Large Scale Distributed Systems Research." PDF
P. Müller, D. Schwerdel, J. Cappos. 
PIK 2014.

"PEP 458 -- Surviving a Compromise of PyPI" link
T. Kuppusamy, D. Stufft, J. Cappos.
Python Enhancement Proposal 458, Sep. 2013.

"Understanding Password Database Compromises." PDF
D. Mirante, J. Cappos. 
NYU Poly Computer Science Tech Report TR-CSE-2013-02.2013.

"Hands-on Internet with Seattle and Computers from Across the Globe." PDF
S. Wallace, M. Muhammad, J. Mache, J. Cappos
Journal of Computing Sciences in Colleges
Volume 27 Issue 1, October 2011.

"TUF: Secure Software Updates in Python."  Talk
G. Condra, J. Cappos. 
The Python Developer's Conference (PyCon '11).
Atlanta, GA, March 2011

"Seattle: A Python-based Platform for Easy Development and Deployment of Networked Systems and Applications." Talk
I. Beschastnikh, J. Samuel, J. Cappos. 
The Python Developer's Conference (PyCon '10).
Atlanta, GA, February 2010

"Package Managers Still Vulnerable: How to Protect Your Systems." PDF
J. Samuel, J. Cappos. 
;login:
pages 7-15, February, 2009.

"Simultaneous Graph Embedding with Bends and Circular Arcs." PDF
J. Cappos, A. Estrella-Balderrama, J. Fowler, S. Kobourov. 
Computational Geometry
Volume 42, Issue 2, February 2009, pages 173-182.

"Stork: Secure Package Management for VM Environments." PDF
J. Cappos. 
Dissertation
supervised by John H. Hartman, May, 2008. (also University of Arizona Tech Report 08-04)

"Centralized Package Management Using Stork." PDF
J. Samuel, J. Plichta, J. Cappos. 
;login:
pages 25-31, February, 2008.
Awarded the Graduate Research Excellence Award by the University of Arizona Computer Science Department

"Privileged Operations in a Virtualised System Environment." PDF
S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, J. Hartman. 
Operating Systems Review Volume 40, Issue 1,
pages 75-88, 2006.

"Package Management Security." PDF
J. Cappos, J. Samuel, S. Baker, J. Hartman. 
University of Arizona Tech Report 08-02.2008.

"Cost-aware view materialization for highly distributed datasets." PDF
J. Cappos, A. Donnelly, R. Mortier, D. Narayanan, A. Rowstron. 
University of Arizona Tech Report 07-05.2007.

"A Resource Allocation Framework for Global Service-Oriented Networks." PDF
J. Cappos, J. Hartman. 
University of Arizona Tech Report 05-02.2005.

"Animating Data Structures for CS 2 and CS 3 Courses." PDF
J. Cappos, P. Homer, 
University of Arizona Tech Report 01-02. 2001