Justin Cappos

Justin Cappos
Born	(1977-02-27) February 27, 1977 (age 47)
Nationality	American
Alma mater	University of Arizona
Scientific career
Fields	Security, operating Systems, networks
Thesis	(2008)
Doctoral advisor	John Hartman
Website	engineering.nyu.edu/people/justin-cappos isis.poly.edu/~jcappos/index.php

Justin Cappos (born February 27, 1977) is a computer scientist and cybersecurity expert whose data-security software is employed by a number of widely used open-source cloud computing projects.

Cappos is a professor in the department of Computer Science and Engineering at New York University Tandon School of Engineering. His research centers on systems, software update systems, security, and virtualization, with a focus on real-world security problems, often in large open-source projects.^[1][2][3]

Research and Projects

His Ph.D. dissertation in computer science at the University of Arizona was on the Stork Project,^[4] a software package manager he built with John H. Hartman, professor in the department of computer science.

While a post-doctoral researcher at the University of Washington in 2009, Cappos developed peer-to-peer computing platform Seattle,^[5][6]which allows device-to-device connectivity in a decentralized network. For this and other research "Popular Science" in 2013 recognized Cappos as one of its "Brilliant 10" research scientists under 40.^[7]

In 2010 he developed The Update Framework (TUF),^[8] a flexible security library designed to be added to software updaters to make them resilient to compromise.^[9][10]

Docker, an open-source system for deploying Linux containers, integrated TUF in 2015 when it launched Docker Content Trust.^[11][12] Docker Content Trust is an implementation of Docker's Notary project, which is built on TUF.^[13] Notary can both certify the validity of the sources of Docker images, and encrypt the contents of those images.^[14]

Flynn, an open-source platform as service (PaaS) for running applications in production^[15] employs TUF for secure distribution of its components.^[16][17]

In 2013, credit card processing company Square began integrating TUF with the open-source file-server RubyGems in an effort to prevent a repeat of that year's hack^[18] of RubyGems.org, which interrupted the widely used Heroku cloud application architecture.^[19][20]

In 2014 Cappos developed PolyPasswordHasher, a password storage scheme that prevents efficient password cracking.^[21][22]

Selected Publications

• List of Publications from Microsoft Academic Search
• Justin Cappos' Publications indexed by Google Scholar

References

1. Cappos, Justin; Samuel, Justin; Baker, Scott; Hartman, John H. (1 January 2008). "A Look in the Mirror: Attacks on Package Managers". ACM. pp. 565–574. doi:10.1145/1455770.1455841 – via ACM Digital Library.
2. Cappos, J.; Wang, L.; Weiss, R.; Yang, Y.; Zhuang, Y. (1 February 2014). "BlurSense: Dynamic fine-grained access control for smartphone privacy". pp. 329–332. doi:10.1109/SAS.2014.6798970 – via IEEE Xplore.
3. Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (1 January 2016). "Diplomat: Using Delegations to Protect Community Repositories". {{cite journal}}: Cite journal requires |journal= (help)
4. Cappos, Justin (11 November 2007). "Stork: Package Management for Distributed VM Environments". www.usenix.org: 79-94. Retrieved 1 October 2016.
5. Cappos, Justin; Beschastnikh, Ivan; Krishnamurthy, Arvind; Anderson, Tom (1 January 2009). "Seattle: A Platform for Educational Cloud Computing". ACM. pp. 111–115. doi:10.1145/1508865.1508905 – via ACM Digital Library.
6. Cappos, Justin. "NSF Award Search: Award#1205415 - CI-ADDO-EN: Enhancing and Supporting a Community Testbed". www.nsf.gov. National Science Foundation. Retrieved 1 October 2016.
7. Greenwood, Veronique. "How Justin Cappos Created A New Way To Cloud Compute". www.Popsci.com. Popular Science. Retrieved 1 October 2016.
8. Cappos, Justin. "NSF Award Search: Award#1345049 - TTP: Securing Python Package Management with The Update Framework (TUF)". www.nsf.gov. Retrieved 2 October 2016.
9. Li, Ying; Lawrence, David. "Presentation: When the going gets tough, get TUF going | PyCon 2016 in Portland, OR". us.pycon.org. Python Software Foundation. Retrieved 2 October 2016.
10. Seifried, Kurt. "TUF Love » Linux Magazine". Linux Magazine. Linux Pro Magazine. Retrieved 3 October 2016.
11. Monica, Diogo (12 August 2015). "Introducing Docker Content Trust - Docker Blog". Blog.Docker.com. Docker. Retrieved 2 October 2016.
12. "Docker Content Trust Protects Integrity of Dockerized Content". www.CIOReview.com. CIO Review. Retrieved 2 October 2016.
13. Fulton III, Scott M. (12 August 2015). "Docker: With Content Trust, You Can Run Containers on Untrusted Networks - The New Stack". TheNewStack.io. The New Stack. Retrieved 3 October 2016.
14. Vaughan-Nichols, Steven J. "​Docker 1.8 adds serious container security ZDNet". ZDNet. CBS Interactive. Retrieved 3 October 2016. {{cite web}}: zero width space character in |title= at position 1 (help)
15. Yegulalp, Serdar. "Open source Flynn takes the headaches out of app deployment". www.Infoworld.com. IDG. Retrieved 3 October 2016.
16. "Security – Flynn". flynn.io. Retrieved 3 October 2016.
17. "flynn/go-tuf". www.github.com. GitHub, Inc. Retrieved 3 October 2016.
18. Koetsier, John. "RubyGems.org hacked, interrupting Heroku services and putting sites using Rails at risk". VentureBeat. VentureBeat. Retrieved 3 October 2016.
19. Engineering, Square (6 December 2013). "Applying The Update Framework (TUF) to RubyGems to secure it against nefarious activity".
20. Atlassian (29 January 2014). "Atlassian Dev Den Tech Talk Series: "Securing Rubygems with TUF"" – via YouTube.
21. Prince, Brian. "New Protection Scheme Makes Weak Passwords Virtually Uncrackable | SecurityWeek.Com". www.securityweek.com. Wired Business Media. Retrieved 3 October 2016.
22. "Interview With NYU-Poly's Professor Justin Cappos: Security Lessons From Retail Breaches". blog.varonis.com. Varonis Blog. 6 January 2015. Retrieved 3 October 2016.

Media Citations and Commentary

• Vice (6 July 2016) Pearl, Mike "We Asked a Cybersecurity Expert if Clinton's Email System Could Have Jeopardized National Security"
• Scientific American (23 March 2016) Sneed, Annie "The Most Vulnerable Ransomware Targets Are the Institutions We Rely On Most"
• CBS News (15 August 2014) "How a password manager can help you stay more secure online"
• CNN Money Pagliery, Jose (15 August 2016) "Hacker claims to be selling stolen NSA spy tools"
• CBS News (3 December 2014) "​5 counterintuitive ways to protect against hackers"
• MIT Technology Review (21 February 2013) Lim, Dawn. "Startup Red Balloon Security Offers to Protect Printers, Phones, and Other Devices from Hackers"
• PBS Newshour (18 April 2015) "The hack attack that takes your computer hostage till you pay"
• NY Daily News (4 March 2015) "Should you check your personal email at work?"
• Varonis (6 January 2015) Interview With NYU-Poly’s Professor Justin Cappos: Security Lessons From Retail Breaches