Jump to content

User:Kgberg/sandbox

From Wikipedia, the free encyclopedia
< User:Kgberg

This is an old revision of this page, as edited by Kgberg (talk | contribs) at 16:02, 3 July 2019 (using Cappos page to create new page for Ed Amoroso). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Edward Amoroso
File:Edward Amoroso, American expert in computer security and Distinguished Research Professor at the New York University Tandon School of Engineering in the Computer Science and Engineering Department.png
Born (1977-02-27) February 27, 1977 (age 47)
NationalityAmerican
Alma materUniversity of Arizona
Scientific career
FieldsSecurity, operating Systems, networks
Thesis (2008)
Doctoral advisorJohn Hartman
Websiteengineering.nyu.edu/people/justin-cappos
isis.poly.edu/~jcappos/index.php

Justin Cappos (born February 27, 1977) is a computer scientist and cybersecurity expert whose data-security software is employed by a number of widely used open-source cloud computing projects.

Cappos is a professor in the department of Computer Science and Engineering at New York University Tandon School of Engineering. His research centers on systems, software update systems, security, and virtualization, with a focus on real-world security problems, often in large open-source projects.[1][2][3]

His Ph.D. dissertation in computer science at the University of Arizona was on the Stork Project,[4] a software package manager he built with John H. Hartman, professor in the department of computer science.

Research and Projects

While a post-doctoral researcher at the University of Washington in 2009, Cappos developed peer-to-peer computing platform Seattle,[5][6]which allows device-to-device connectivity in a decentralized network. For this and other research "Popular Science" in 2013 recognized Cappos as one of its "Brilliant 10" research scientists under 40.[7]

In 2010 he developed The Update Framework (TUF),[8] a flexible security library designed to be added to software updaters to make them resilient to compromise.[9][10]

Docker,[11] an open-source system for deploying Linux containers, integrated TUF in 2015 when it launched Docker Content Trust.[12] Docker Content Trust is an implementation of Docker's Notary project, which is built on TUF[13]. Notary can both certify the validity of the sources of Docker images, and encrypt the contents of those images.[14]

Flynn, an open-source platform as service (PaaS) for running applications in production[15] employs TUF for secure distribution of its components.[16][17][18].

In 2013, credit card processing company Square began integrating TUF with the open-source file-server RubyGems in an effort to prevent a repeat of that year's hack[19] of RubyGems.org, which interrupted the widely used Heroku cloud application architecture.[20][21]

In 2014 Cappos developed PolyPasswordHasher, a password storage scheme that prevents efficient password cracking.[22][23]

Selected Publications

References

  1. ^ Cappos, Justin; Samuel, Justin; Baker, Scott; Hartman, John H. (1 January 2008). "A Look in the Mirror: Attacks on Package Managers". ACM. pp. 565–574. doi:10.1145/1455770.1455841 – via ACM Digital Library.
  2. ^ Cappos, J.; Wang, L.; Weiss, R.; Yang, Y.; Zhuang, Y. (1 February 2014). "BlurSense: Dynamic fine-grained access control for smartphone privacy". pp. 329–332. doi:10.1109/SAS.2014.6798970 – via IEEE Xplore.
  3. ^ Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (1 January 2016). "Diplomat: Using Delegations to Protect Community Repositories". {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ Cappos, Justin (November, 2007). "Stork: Package Management for Distributed VM Environements". Proceedings of the 21st Large Installation System Adminitration Conference (LISA '07): 79-94. {{cite journal}}: Check date values in: |date= (help)
  5. ^ Cappos, Justin; Beschastnikh, Ivan; Krishnamurthy, Arvind; Anderson, Tom (1 January 2009). "Seattle: A Platform for Educational Cloud Computing". ACM. pp. 111–115. doi:10.1145/1508865.1508905 – via ACM Digital Library.
  6. ^ http://www.nsf.gov/awardsearch/showAward?AWD_ID=1205415
  7. ^ "How Justin Cappos Created A New Way To Cloud Compute".
  8. ^ http://www.nsf.gov/awardsearch/showAward?AWD_ID=1345049&HistoricalAwards=false
  9. ^ "Presentation: When the going gets tough, get TUF going - PyCon 2016 in Portland, OR".
  10. ^ http://www.linux-magazine.com/Issues/2014/160/Security-Lessons-TUF
  11. ^ "Introducing Docker Content Trust - Docker Blog". 12 August 2015.
  12. ^ http://www.cioreview.com/news/docker-content-trust-protects-integrity-of-dockerized-content-nid-8372-cid-92.html
  13. ^ http://thenewstack.io/docker-content-trust-can-run-containers-untrusted-networks/
  14. ^ http://www.zdnet.com/article/docker-1-8-adds-serious-container-security/
  15. ^ http://www.infoworld.com/article/3101765/open-source-tools/open-source-flynn-takes-the-headaches-out-of-app-deployment.html
  16. ^ https://flynn.io/docs/security
  17. ^ "flynn/go-tuf".
  18. ^ "Development – Flynn".
  19. ^ http://venturebeat.com/2013/01/30/rubygems-org-hacked-interrupting-heroku-services-and-putting-millions-of-sites-using-rails-at-risk/
  20. ^ Engineering, Square (6 December 2013). "Applying The Update Framework (TUF) to RubyGems to secure it against nefarious activity".
  21. ^ Atlassian (29 January 2014). "Atlassian Dev Den Tech Talk Series: "Securing Rubygems with TUF"" – via YouTube.
  22. ^ http://www.securityweek.com/new-protection-scheme-makes-weak-passwords-virtually-uncrackable
  23. ^ https://blog.varonis.com/conversation-nyu-polys-professor-justin-cappos-data-security-lessons-tips-companies/


Media Citations and Commentary


Category:New York University Category:1977 births Category:Living people

Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Kgberg/sandbox&oldid=904656080"