Jump to content

Justin Cappos: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Kgberg (talk | contribs)
148 edits
No edit summary
Kgberg (talk | contribs)
148 edits
No edit summary
Line 44: Line 44:
[https://www.docker.com Docker], an [[open-source]] system for deploying Linux containers, integrated TUF in 2015 when it launched Docker Content Trust.<ref>{{cite web|last1=Monica|first1=Diogo|title=Introducing Docker Content Trust - Docker Blog|url=https://blog.docker.com/2015/08/content-trust-docker-1-8/|website=Blog.Docker.com|publisher=Docker|accessdate=2 October 2016|date=12 August 2015}}</ref><ref>{{cite web|title=Docker Content Trust Protects Integrity of Dockerized Content|url=http://www.cioreview.com/news/docker-content-trust-protects-integrity-of-dockerized-content-nid-8372-cid-92.html|website=www.CIOReview.com|publisher=CIO Review|accessdate=2 October 2016}}</ref> Docker Content Trust is an implementation of Docker's [[Notary]] project, which is built on TUF.<ref>{{cite web|last1=Fulton III|first1=Scott M.|title=Docker: With Content Trust, You Can Run Containers on Untrusted Networks - The New Stack|url=http://thenewstack.io/docker-content-trust-can-run-containers-untrusted-networks/|website=TheNewStack.io|publisher=The New Stack|accessdate=3 October 2016|date=12 August 2015}}</ref> Notary can both certify the validity of the sources of Docker images, and encrypt the contents of those images.<ref>{{cite web|last1=Vaughan-Nichols|first1=Steven J.|title=​Docker 1.8 adds serious container security ZDNet|url=http://www.zdnet.com/article/docker-1-8-adds-serious-container-security/|website=ZDNet|publisher=CBS Interactive|accessdate=3 October 2016}}</ref>
[https://www.docker.com Docker], an [[open-source]] system for deploying Linux containers, integrated TUF in 2015 when it launched Docker Content Trust.<ref>{{cite web|last1=Monica|first1=Diogo|title=Introducing Docker Content Trust - Docker Blog|url=https://blog.docker.com/2015/08/content-trust-docker-1-8/|website=Blog.Docker.com|publisher=Docker|accessdate=2 October 2016|date=12 August 2015}}</ref><ref>{{cite web|title=Docker Content Trust Protects Integrity of Dockerized Content|url=http://www.cioreview.com/news/docker-content-trust-protects-integrity-of-dockerized-content-nid-8372-cid-92.html|website=www.CIOReview.com|publisher=CIO Review|accessdate=2 October 2016}}</ref> Docker Content Trust is an implementation of Docker's [[Notary]] project, which is built on TUF.<ref>{{cite web|last1=Fulton III|first1=Scott M.|title=Docker: With Content Trust, You Can Run Containers on Untrusted Networks - The New Stack|url=http://thenewstack.io/docker-content-trust-can-run-containers-untrusted-networks/|website=TheNewStack.io|publisher=The New Stack|accessdate=3 October 2016|date=12 August 2015}}</ref> Notary can both certify the validity of the sources of Docker images, and encrypt the contents of those images.<ref>{{cite web|last1=Vaughan-Nichols|first1=Steven J.|title=​Docker 1.8 adds serious container security ZDNet|url=http://www.zdnet.com/article/docker-1-8-adds-serious-container-security/|website=ZDNet|publisher=CBS Interactive|accessdate=3 October 2016}}</ref>


Flynn, an open-source [[platform as service]] (PaaS) for running applications in production<ref>{{cite web|last1=Yegulalp|first1=Serdar|title=Open source Flynn takes the headaches out of app deployment|url=http://www.infoworld.com/article/3101765/open-source-tools/open-source-flynn-takes-the-headaches-out-of-app-deployment.html|website=www.Infoworld.com|publisher=IDG|accessdate=3 October 2016}}</ref> employs TUF for secure distribution of its components.<ref>{{cite web|title=Security – Flynn|url=https://flynn.io/docs/security|website=flynn.io|accessdate=3 October 2016}}</ref><ref>{{cite web|title=flynn/go-tuf|url=https://github.com/flynn/go-tuf#install|website=www.github.com|publisher=GitHub, Inc.|accessdate=3 October 2016}}</ref>.
Flynn, an open-source [[platform as service]] (PaaS) for running applications in production<ref>{{cite web|last1=Yegulalp|first1=Serdar|title=Open source Flynn takes the headaches out of app deployment|url=http://www.infoworld.com/article/3101765/open-source-tools/open-source-flynn-takes-the-headaches-out-of-app-deployment.html|website=www.Infoworld.com|publisher=IDG|accessdate=3 October 2016}}</ref> employs TUF for secure distribution of its components.<ref>{{cite web|title=Security – Flynn|url=https://flynn.io/docs/security|website=flynn.io|accessdate=3 October 2016}}</ref><ref>{{cite web|title=flynn/go-tuf|url=https://github.com/flynn/go-tuf#install|website=www.github.com|publisher=GitHub, Inc.|accessdate=3 October 2016}}</ref>


In 2013, credit card processing company Square began integrating TUF with the open-source file-server RubyGems in an effort to prevent a repeat of that year's hack<ref>{{cite web|last1=Koetsier|first1=John|title=RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk|url=http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/|website=VentureBeat|publisher=VentureBeat|accessdate=3 October 2016}}</ref> of RubyGems.org, which interrupted the widely used Heroku [[cloud application architecture]].<ref>{{cite web|url=https://medium.com/square-corner-blog/securing-rubygems-with-tuf-part-1-d374fdd05d85#.z0s8x1kqg|title=Applying The Update Framework (TUF) to RubyGems to secure it against nefarious activity.|first=Square|last=Engineering|date=6 December 2013|publisher=}}</ref><ref>{{cite web|url=https://www.youtube.com/watch?v=J0GkcToeDiM|title=Atlassian Dev Den Tech Talk Series: "Securing Rubygems with TUF"|first=|last=Atlassian|date=29 January 2014|publisher=|via=YouTube}}</ref>
In 2013, credit card processing company Square began integrating TUF with the open-source file-server RubyGems in an effort to prevent a repeat of that year's hack<ref>{{cite web|last1=Koetsier|first1=John|title=RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk|url=http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/|website=VentureBeat|publisher=VentureBeat|accessdate=3 October 2016}}</ref> of RubyGems.org, which interrupted the widely used Heroku [[cloud application architecture]].<ref>{{cite web|url=https://medium.com/square-corner-blog/securing-rubygems-with-tuf-part-1-d374fdd05d85#.z0s8x1kqg|title=Applying The Update Framework (TUF) to RubyGems to secure it against nefarious activity.|first=Square|last=Engineering|date=6 December 2013|publisher=}}</ref><ref>{{cite web|url=https://www.youtube.com/watch?v=J0GkcToeDiM|title=Atlassian Dev Den Tech Talk Series: "Securing Rubygems with TUF"|first=|last=Atlassian|date=29 January 2014|publisher=|via=YouTube}}</ref>

Revision as of 13:50, 3 October 2016

Justin Cappos
Born (1977-02-27) February 27, 1977 (age 47)
NationalityAmerican
Alma materUniversity of Arizona
Scientific career
FieldsSecurity, operating Systems, networks
Thesis (2008)
Doctoral advisorJohn Hartman
Websiteengineering.nyu.edu/people/justin-cappos
isis.poly.edu/~jcappos/index.php

Justin Cappos (born February 27, 1977) is a computer scientist and cybersecurity expert whose data-security software is employed by a number of widely used open-source cloud computing projects.

Cappos is a professor in the department of Computer Science and Engineering at New York University Tandon School of Engineering. His research centers on systems, software update systems, security, and virtualization, with a focus on real-world security problems, often in large open-source projects.[1][2][3]

Research and Projects

His Ph.D. dissertation in computer science at the University of Arizona was on the Stork Project,[4] a software package manager he built with John H. Hartman, professor in the department of computer science.

While a post-doctoral researcher at the University of Washington in 2009, Cappos developed peer-to-peer computing platform Seattle,[5][6]which allows device-to-device connectivity in a decentralized network. For this and other research "Popular Science" in 2013 recognized Cappos as one of its "Brilliant 10" research scientists under 40.[7]

In 2010 he developed The Update Framework (TUF),[8] a flexible security library designed to be added to software updaters to make them resilient to compromise.[9][10]

Docker, an open-source system for deploying Linux containers, integrated TUF in 2015 when it launched Docker Content Trust.[11][12] Docker Content Trust is an implementation of Docker's Notary project, which is built on TUF.[13] Notary can both certify the validity of the sources of Docker images, and encrypt the contents of those images.[14]

Flynn, an open-source platform as service (PaaS) for running applications in production[15] employs TUF for secure distribution of its components.[16][17]

In 2013, credit card processing company Square began integrating TUF with the open-source file-server RubyGems in an effort to prevent a repeat of that year's hack[18] of RubyGems.org, which interrupted the widely used Heroku cloud application architecture.[19][20]

In 2014 Cappos developed PolyPasswordHasher, a password storage scheme that prevents efficient password cracking.[21][22]

Selected Publications

References

  1. ^ Cappos, Justin; Samuel, Justin; Baker, Scott; Hartman, John H. (1 January 2008). "A Look in the Mirror: Attacks on Package Managers". ACM. pp. 565–574. doi:10.1145/1455770.1455841 – via ACM Digital Library.
  2. ^ Cappos, J.; Wang, L.; Weiss, R.; Yang, Y.; Zhuang, Y. (1 February 2014). "BlurSense: Dynamic fine-grained access control for smartphone privacy". pp. 329–332. doi:10.1109/SAS.2014.6798970 – via IEEE Xplore.
  3. ^ Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (1 January 2016). "Diplomat: Using Delegations to Protect Community Repositories". {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ Cappos, Justin (11 November 2007). "Stork: Package Management for Distributed VM Environments". www.usenix.org: 79-94. Retrieved 1 October 2016.
  5. ^ Cappos, Justin; Beschastnikh, Ivan; Krishnamurthy, Arvind; Anderson, Tom (1 January 2009). "Seattle: A Platform for Educational Cloud Computing". ACM. pp. 111–115. doi:10.1145/1508865.1508905 – via ACM Digital Library.
  6. ^ Cappos, Justin. "NSF Award Search: Award#1205415 - CI-ADDO-EN: Enhancing and Supporting a Community Testbed". www.nsf.gov. National Science Foundation. Retrieved 1 October 2016.
  7. ^ Greenwood, Veronique. "How Justin Cappos Created A New Way To Cloud Compute". www.Popsci.com. Popular Science. Retrieved 1 October 2016.
  8. ^ Cappos, Justin. "NSF Award Search: Award#1345049 - TTP: Securing Python Package Management with The Update Framework (TUF)". www.nsf.gov. Retrieved 2 October 2016.
  9. ^ Li, Ying; Lawrence, David. "Presentation: When the going gets tough, get TUF going | PyCon 2016 in Portland, OR". us.pycon.org. Python Software Foundation. Retrieved 2 October 2016.
  10. ^ Seifried, Kurt. "TUF Love » Linux Magazine". Linux Magazine. Linux Pro Magazine. Retrieved 3 October 2016.
  11. ^ Monica, Diogo (12 August 2015). "Introducing Docker Content Trust - Docker Blog". Blog.Docker.com. Docker. Retrieved 2 October 2016.
  12. ^ "Docker Content Trust Protects Integrity of Dockerized Content". www.CIOReview.com. CIO Review. Retrieved 2 October 2016.
  13. ^ Fulton III, Scott M. (12 August 2015). "Docker: With Content Trust, You Can Run Containers on Untrusted Networks - The New Stack". TheNewStack.io. The New Stack. Retrieved 3 October 2016.
  14. ^ Vaughan-Nichols, Steven J. "​Docker 1.8 adds serious container security ZDNet". ZDNet. CBS Interactive. Retrieved 3 October 2016. {{cite web}}: zero width space character in |title= at position 1 (help)
  15. ^ Yegulalp, Serdar. "Open source Flynn takes the headaches out of app deployment". www.Infoworld.com. IDG. Retrieved 3 October 2016.
  16. ^ "Security – Flynn". flynn.io. Retrieved 3 October 2016.
  17. ^ "flynn/go-tuf". www.github.com. GitHub, Inc. Retrieved 3 October 2016.
  18. ^ Koetsier, John. "RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk". VentureBeat. VentureBeat. Retrieved 3 October 2016.
  19. ^ Engineering, Square (6 December 2013). "Applying The Update Framework (TUF) to RubyGems to secure it against nefarious activity".
  20. ^ Atlassian (29 January 2014). "Atlassian Dev Den Tech Talk Series: "Securing Rubygems with TUF"" – via YouTube.
  21. ^ Prince, Brian. "New Protection Scheme Makes Weak Passwords Virtually Uncrackable | SecurityWeek.Com". www.securityweek.com. Wired Business Media. Retrieved 3 October 2016.
  22. ^ "Interview With NYU-Poly's Professor Justin Cappos: Security Lessons From Retail Breaches". blog.varonis.com. Varonis Blog. 6 January 2015. Retrieved 3 October 2016.


Media Citations and Commentary

Retrieved from "https://en.wikipedia.org/w/index.php?title=Justin_Cappos&oldid=742402279"