Publications

Selected, recent papers from the Secure Systems Lab. Click a project name to filter by project.

    Conference Papers

    Understanding Misunderstandings in Source Code
    D. Gopstein, J. Iannacone, Y. Yan, L. DeLong, Y. Zhuang, K.C. Yeh,and J. Cappos
    The 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2017)
    Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories
    T. Kuppusamy, V. Diaz, and J. Cappos
    The 2017 USENIX Annual Technical Conference (USENIX ATC 2017)
    Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path
    Y. Li, B. Dolan-Gavitt, S. Weber, and J. Cappos
    The 2017 USENIX Annual Technical Conference (USENIX ATC 2017)
    Measuring the Fitness of Fitness Trackers
    C. Bender, J. Hoffstot, B. Combs, S. Hooshangi, and J. Cappos
    IEEE Sensors Applications Symposium (SAS 2017)
    Uptane: Securing Software Updates for Automobiles
    T.K. Kuppusamy, A. Brown, and S.Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, and J. Cappos
    14th Embedded Security in Cars Conference (escar 2016)
    On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities
    S. Torres-Arias, A. Ammula, R. Curtmola, and J. Cappos
    25th USENIX Security Symposium, (USENIX Sec 2016)
    Diplomat: Using Delegations to Protect Community Repositories
    T. Kuppusamy, S. Torres-Arias, V. Diaz, and J. Cappos
    13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)
    Detecting Latent Cross-platform API Violations
    J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi and J. Cappos
    2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE 2015)
    Trust Evaluation in Mobile Devices: An Empirical Study
    R. Weiss, L. Reznik, Y. Zhuang, A. Hoffman, D. Pollard, A. Rafetseder, T. Li, and J. Cappos
    2015 IEEE Trustcom/BigDataSE/ISPA
    Fence: Protecting Device Availability with Uniform Resource Control
    T. Li, A. Rafetseder, R. Fonseca, and J. Cappos
    2015 USENIX Annual Technical Conference (USENIX ATC 15)
    A Fast Multi-Server, Multi-Block Private Information Retrieval Protocol
    L. Wang, T. Kuppusamy, Y. Liu, and J. Cappos
    IEEE GLOBECOM 2015 Conference (GLOBECOM 2015)
    Selectively Taming Background Android Apps to Improve Battery Lifetime
    M. Martins, J. Cappos, and R. Fonseca
    2015 USENIX Annual Technical Conference (USENIX ATC 15)
    A First Look at Vehicle Data Collection via Smartphone Sensors
    M. Reininger, S. Miller, Y. Zhuang, and J. Cappos
    2015 IEEE Sensors Applications Symposium (SAS 2015)
    Can the Security Mindset Make Students Better Testers?
    S. Hooshangi, R. Weiss, and J. Cappos
    Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15)
    It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots
    D. Oliveira, M. Rosenthal, N. Morin, K-C Yeh, J. Cappos, and Y. Zhuang
    Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14)
    NetCheck: Network Diagnoses from Blackbox Traces
    Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, and J. Cappos
    11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14)
    BlurSense: Dynamic fine-grained access control for smartphone privacy
    J. Cappos, L. Wang, R. Weiss, Y. Yang, and Y. Zhuang
    IEEE Sensors Applications Symposium (SAS 2014)
    Teaching the Security Mindset with Reference Monitors
    J. Cappos and R. Weiss
    Proceedings of the 45th ACM Technical Symposium on Computer Science Education (SIGCSE '14)
    Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates
    J. Cappos
    Financial Cryptography and Data Security - 17th International Conference, FC 2013, Revised Selected Papers
    2013
    Survivable Key Compromise in Software Update Systems
    J. Samuel, N. Matthewson, J. Cappos, R. Dingledine
    17th ACM Conference on Computer and Communications Security (CCS'10)
    Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code
    J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, and T. Anderson
    17th ACM Conference on Computer and Communications Security (CCS '10)
    Seattle: A Platform for Educational Cloud Computing
    J. Cappos, I. Beschastnikh, A. Krishnamurthy, and T. Anderson
    Proceedings of the 40th ACM Technical Symposium on Computer Science Education (SIGCSE '09)

    Workshop Papers

    Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes
    J. Cappos, Y. Zhuang, D. Oliveira, N. Rosenthal, and K-C Yeh
    Proceedings of the 2014 New Security Paradigms Workshop (NSPW '14')
    Sensorium-A Generic Sensor Framework
    A. Rafetseder, F. Metzger, L. Pühringer, K. Tutschku, Y. Zhuang, and J. Cappos
    2013
    Towards a Representive Testbed: Harnessing Volunteers for Networks research
    M. Muhammad and J. Cappos
    The First GENI Research and Educational Workshop, GREE
    2012
    Lind: Challenges Turning Virtual Composition into Reality
    C. Matthews, J. Cappos, R. McGeer, S. Neville, and Y. Coady
    Workshop on Free Composition (FREECO '11)
    ET (Smart) Phone Home!
    L. Collares, C. Matthews, J. Cappos, Y. Coady, and R. McGeer
    Workshop on NExt-generation Applications of smarTphones (NEAT'11)
    Model-based Testing Without a Model: Assessing Portability in the Seattle Testbed
    J.Cappos and J. Jacky
    5th Workshop on Systems Software Verification (SSV'10)
    2010

    Journal Articles, Magazines, Tech Reports, etc.

    Securing Software Updates for Automotives Using Uptane
    T. Kuppusamy, L. DeLong, and J. Cappos
    ;login
    Summer 2017
    Uptane Design Overview
    T.K. Kuppusamy, A. Brown, S. Awwad, D. McCoy, R. Bielawski, S. Weber, J. Liming, C. Mott, S. Lauzon, A. Weimerskirch, and J. Cappos
    2017
    Uptane Implementation Specification
    2017
    Uptane Deployment Considerations
    2017
    PEP 480—Surviving a Compromise of PyPI: The Maximum Security Model
    T. Kuppusamy, V. Diaz, D. Stuffit, and J. Cappos
    2016
    Tsumiki: A Meta-Platform for Building your own Testbed
    J. Cappos, Y. Zhuang, A. Rafetseder, and I. Beschastnikh
    2015
    Privacy-Preserving Experimentation with Sensibility Testbed
    Y. Zhuang, A. Rafetseder, J. Cappos
    ;login
    2015
    PolyPasswordHasher: Improving Password Storage Security
    S. Torres and J. Cappos
    ;login
    2014
    PolyPasswordHasher: Protecting Passwords in the Event of a Password File Disclosure
    J. Cappos and S. Torres-Arias
    2014
    ToMaTo: A Virtual Research Environment for Large Scale Distributed Systems research
    P. Mueller, D. Schwerdel, and J. Cappos
    PIK
    2014
    PEP 458—Surviving a Compromise of PyPI
    T. Kuppusamy, V. Diaz, D. Stuffit, and J. Cappos
    2013
    Future Internet Bandwidth Trends: An Investigation on Current and Future Disruptive Technologies
    Y. Zhuang, J. Cappos, T.S. Rappaport, and R. McGeer
    2013
    NetCheck Test Cases: Input Traces and NetCheck Output
    J. Cappos, Y. Zhuang, and I. Beschastnikh
    2013
    Understanding Password Database Compromises
    D. Mirante and J. Cappos
    2013
    Hands-on Internet with Seattle and Computers from Across the Globe
    S.A Wallace, M. Muhammad, J. Mache, and J. Cappos
    Journal of Computing Sciences in College