Publications

Selected, recent papers from the Secure Systems Lab. Click a project name to filter by project.

Conference Papers

Rethinking Trust in Forge-Based Git Security
A.S.A. Yelgundhalli, P. Zielinski, R. Curtmola, J. Cappos
Network and Distributed System Security Symposium 2025 (NDSS 2025)
2025
CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis
Y. Zhao, Y. Zhang, D. Chacko, J. Cappos.
The 35th IEEE International Symposium on Software Reliability Engineering (ISSRE 2024)
2024
Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems
M. Moore, T. Kuppusamy, J. Cappos
2023 Annual Computer Security Applications Conference (ACSAC 2023)[Artifact Functional] [Artifact Reusable] [Results Reproduced]
2023
Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings
P. Moore, T. Wies, M. Waldman, P. Frankl, J. Cappos
2022 International Conference on Software Technologies (ICSOFT 2022)
Cybersecurity Shuffle: Using Card Magic to Teach Introductory Cybersecurity Topics
P. Moore, J. Cappos
2022 Consortium for Computer Science Education Northeast (CCSNE 2022)
Thinking Aloud About Confusing Code: A Qualitative Investigation of Program Comprehension and Atoms of Confusion
D. Gopstein, A. L. Fayard, S. Apel, J. Cappos
2020 Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 20)
Microcash: Practical Concurrent Processing of Micropayments
G. Almashaqbeh, A. Bishop, J. Cappos
24th International Conference on Financial Cryptography and Data Security (FC '20)
Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures
P. Moore, J. Cappos, P. Frankl, and T. Wies
30th IEEE International Symposium on Software Reliability Engineering (ISSRE'19) Best Paper Award
in-toto: providing farm-to-table security properties for bits and bytes
S. Torres-Arias, H. Nanize, T. Kuppusamy, R. Curtmola, and J. Cappos
28th USENIX Security Symposium (USENIX Sec'19)
Commit Signatures for Centralized Version Control Systems
S. Vaidya, S. Torres-Arias, R. Curtmola, and J. Cappos
34th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19)
CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks
G. Almashaqbeh, A. Bishop, K. Kelley, and J. Cappos
7th Annual IEEE Conference on Communications and Network Security (CNS '19)
API Blindspots: Why Experienced Developers Write Vulnerable Code
D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate, L. DeLong, J. Cappos, Y. Brun, and N. Ebner
14th Symposium on Usable Privacy and Security (SOUPS '18)
le-git-imate: Towards Verifiable Web-based Git Repositories
H. Afzali, S. Torres, R. Curtmola, and J.Cappos
13th ACM Asia Conference on Computer & Communications Security (AsiaCCS '18)
Prevalence of Confusing Code in Software Projects: Atoms of Confusion in the Wild
D. Gopstein, H. Zhou, P. Frankl, and J. Cappos
The 15th International Conference on Mining Software Repositories (MSR '18)
Distinguished Paper Award
Four Years Experience: Making Sensibility Testbed Work for SAS
Y. Zhuang, A. Rafetseder, R. Weiss, and J. Cappos
13th Annual Sensors Applications Symposium (SAS '18)
Detecting and Comparing Brain Activity in Short Program Comprehension Using EEG
M.K.-C. Yeh, D. Gopstein, Y. Yan, and Y. Zhuang
IEEE Frontiers in Education Conference (FIE '17)
Practical Fog Computing with Seattle
A. Rafetseder, L. Pühringer, and J. Cappos
Fog World Congress 2017
Understanding Misunderstandings in Source Code
D. Gopstein, J. Iannacone, Y. Yan, L. DeLong, Y. Zhuang, K.C. Yeh,and J. Cappos
The 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2017)
Distinguished Paper Award
Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories
T. Kuppusamy, V. Diaz, and J. Cappos
The 2017 USENIX Annual Technical Conference (USENIX ATC 2017)
Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path
Y. Li, B. Dolan-Gavitt, S. Weber, and J. Cappos
The 2017 USENIX Annual Technical Conference (USENIX ATC 2017)
Measuring the Fitness of Fitness Trackers
C. Bender, J. Hoffstot, B. Combs, S. Hooshangi, and J. Cappos
IEEE Sensors Applications Symposium (SAS 2017)
Uptane: Securing Software Updates for Automobiles
T.K. Kuppusamy, A. Brown, and S.Awwad, D. McCoy, R. Bielawski, C. Mott, S. Lauzon, A. Weimerskirch, and J. Cappos
14th Embedded Security in Cars Conference (escar 2016)
On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities
S. Torres-Arias, A. Ammula, R. Curtmola, and J. Cappos
25th USENIX Security Symposium (USENIX Sec 2016)
Diplomat: Using Delegations to Protect Community Repositories
T. Kuppusamy, S. Torres-Arias, V. Diaz, and J. Cappos
13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)
Finding Sensitive Accounts on Twitter: An Automated Approach Based on Follower Anonymity
S.T. Peddinti, K.W. Ross, and J. Cappos
Tenth International AAAI Conference on Web and Social Media (ICWSM 16)
Detecting Latent Cross-platform API Violations
J. Rasley, E. Gessiou, T. Ohmann, Y. Brun, S. Krishnamurthi and J. Cappos
2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE 2015)
Trust Evaluation in Mobile Devices: An Empirical Study
R. Weiss, L. Reznik, Y. Zhuang, A. Hoffman, D. Pollard, A. Rafetseder, T. Li, and J. Cappos
2015 IEEE Trustcom/BigDataSE/ISPA
2015
Fence: Protecting Device Availability With Uniform Resource Control
T. Li, A. Rafetseder, R. Fonseca, and J. Cappos
2015 USENIX Annual Technical Conference (USENIX ATC 15)
A Fast Multi-Server, Multi-Block Private Information Retrieval Protocol
L. Wang, T. Kuppusamy, Y. Liu, and J. Cappos
IEEE GLOBECOM 2015 Conference (GLOBECOM 2015)
Selectively Taming Background Android Apps to Improve Battery Lifetime
M. Martins, J. Cappos, and R. Fonseca
2015 USENIX Annual Technical Conference (USENIX ATC 15)
A First Look at Vehicle Data Collection via Smartphone Sensors
M. Reininger, S. Miller, Y. Zhuang, and J. Cappos
2015 IEEE Sensors Applications Symposium (SAS 2015)
Can the Security Mindset Make Students Better Testers?
S. Hooshangi, R. Weiss, and J. Cappos
Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15)
It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots
D. Oliveira, M. Rosenthal, N. Morin, K-C Yeh, J. Cappos, and Y. Zhuang
Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14)
On the Internet, Nobody Knows You're a Dog: A Twitter Case Study of Anonymity in Social Networks
S.T. Peddinti, K.W. Ross, and J. Cappos
Proceedings of the Second ACM Conference on Online Social Networks (COSN '14)
NetCheck: Network Diagnoses from Blackbox Traces
Y. Zhuang, E. Gessiou, S. Portzer, F. Fund, M. Muhammad, I. Beschastnikh, and J. Cappos
11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14)
BlurSense: Dynamic fine-grained access control for smartphone privacy
J. Cappos, L. Wang, R. Weiss, Y. Yang, and Y. Zhuang
IEEE Sensors Applications Symposium (SAS 2014)
Teaching the Security Mindset with Reference Monitors
J. Cappos and R. Weiss
Proceedings of the 45th ACM Technical Symposium on Computer Science Education (SIGCSE '14)
Avoiding Theoretical Optimality to Efficiently and Privately Retrieve Security Updates
J. Cappos
Financial Cryptography and Data Security - 17th International Conference, FC 2013, Revised Selected Papers
2013
Survivable Key Compromise in Software Update Systems
J. Samuel, N. Matthewson, J. Cappos, R. Dingledine
17th ACM Conference on Computer and Communications Security (CCS'10)
Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code
J. Cappos, A. Dadgar, J. Rasley, J. Samuel, I. Beschastnikh, C. Barsan, A. Krishnamurthy, and T. Anderson
17th ACM Conference on Computer and Communications Security (CCS '10)
Seattle: A Platform for Educational Cloud Computing
J. Cappos, I. Beschastnikh, A. Krishnamurthy, and T. Anderson
Proceedings of the 40th ACM Technical Symposium on Computer Science Education (SIGCSE '09)

Workshop Papers

Securing Automotive Software Supply Chains
M. Moore, A.S.A. Yelgundhalli, J. Cappos
Symposium on Vehicles Security and Privacy (VehicleSec) 2024
2024
ABC: A Cryptocurrency-Focused Threat Modeling Framework
G. Almashaqbeh, A. Bishop, and J. Cappos
2nd Workshop on Cryptocurrencies and Blockchains for Distributed Systems (CryBlock '19)
Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps
Y. Zhuang, A. Rafetseder, Y. Hu, Y. Tian, and J. Cappos
Proceedings of the 19th International Workshop on Mobile Computing Systems (HotMobile '18)
Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes
J. Cappos, Y. Zhuang, D. Oliveira, N. Rosenthal, and K-C Yeh
Proceedings of the 2014 New Security Paradigms Workshop (NSPW '14')
Experience with Seattle: A Community Platform for Research and Education
Y. Zhuang, A. Rafetseder and J. Cappos
Second GENI Research and Educational Experiment Workshop
2013
Sensorium-A Generic Sensor Framework
A. Rafetseder, F. Metzger, L. Pühringer, K. Tutschku, Y. Zhuang, and J. Cappos
2013
Towards a Representive Testbed: Harnessing Volunteers for Networks research
M. Muhammad and J. Cappos
The First GENI Research and Educational Workshop, GREE
2012
Lind: Challenges Turning Virtual Composition into Reality
C. Matthews, J. Cappos, R. McGeer, S. Neville, and Y. Coady
Workshop on Free Composition (FREECO '11)
ET (Smart) Phone Home!
L. Collares, C. Matthews, J. Cappos, Y. Coady, and R. McGeer
Workshop on NExt-generation Applications of smarTphones (NEAT'11)
Model-based Testing Without a Model: Assessing Portability in the Seattle Testbed
J.Cappos and J. Jacky
5th Workshop on Systems Software Verification (SSV'10)
2010

Journal Articles, Magazines, Tech Reports, etc.

Identifying Program Confusion using Electroencephalogram Measurements
M.K-C. Yeh, Y. Yan, Y. Zhuang, L.A. DeLong
Behaviour & Information Technology
Towards Adding Verifiability to Web-based Git Repositories
H. Afzali, S. Torres-Arias, R. Curtmola, J. Cappos
The Journal of Computer Security
Using a Dual-Layer Specification to Offer Selective Interoperability for Uptane
M. Moore, I. McDonald, A. Weimerskirch, S. Awwad, L. A. DeLong, J. Cappos
ESCAR USA 2020 Special Issue
IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation
Uptane Standards Group
2019
Tsumiki: A Meta-Platform for Building Your Own Testbed
J.Cappos, Y. Zhuang, A. Rafetseder, and I. Beschastnikh
Transactions on Parallel and Distributed Systems
2018
Uptane: Security and Customizability of Software Updates for Vehicles
T. Kuppusamy, L. DeLong, and J. Cappos
Vehicular Technology Magazine
March 2018
Securing Software Updates for Automotives Using Uptane
T. Kuppusamy, L. DeLong, and J. Cappos
;login
Summer 2017
PEP 480—Surviving a Compromise of PyPI: The Maximum Security Model
T. Kuppusamy, V. Diaz, D. Stuffit, and J. Cappos
2016
Tsumiki: A Meta-Platform for Building your own Testbed
J. Cappos, Y. Zhuang, A. Rafetseder, and I. Beschastnikh
2015
Privacy-Preserving Experimentation with Sensibility Testbed
Y. Zhuang, A. Rafetseder, J. Cappos
;login
2015
PolyPasswordHasher: Improving Password Storage Security
S. Torres and J. Cappos
;login
2014
PolyPasswordHasher: Protecting Passwords in the Event of a Password File Disclosure
J. Cappos and S. Torres-Arias
2014
ToMaTo: A Virtual Research Environment for Large Scale Distributed Systems research
P. Mueller, D. Schwerdel, and J. Cappos
PIK
2014
PEP 458—Surviving a Compromise of PyPI
T. Kuppusamy, V. Diaz, D. Stuffit, and J. Cappos
2013
Future Internet Bandwidth Trends: An Investigation on Current and Future Disruptive Technologies
Y. Zhuang, J. Cappos, T.S. Rappaport, and R. McGeer
2013
NetCheck Test Cases: Input Traces and NetCheck Output
J. Cappos, Y. Zhuang, and I. Beschastnikh
2013
Understanding Password Database Compromises
D. Mirante and J. Cappos
2013
Hands-on Internet with Seattle and Computers from Across the Globe
S.A Wallace, M. Muhammad, J. Mache, and J. Cappos
Journal of Computing Sciences in College