Justin Cappos

From Wikipedia, the free encyclopedia
Justin Cappos
Born (1977-02-27) February 27, 1977 (age 46)
Alma materUniversity of Arizona
Scientific career
FieldsSecurity, operating systems, networks
Thesis (2008)
Doctoral advisorJohn Hartman

Justin Cappos (born February 27, 1977) is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems.[1][2][3]

Cappos has been a faculty member at New York University Tandon School of Engineering since 2011, and was awarded tenure in 2017. Now an associate professor in the Department of Computer Science and Engineering, he has introduced a number of new software products and system protocols as head of the school's Secure Systems Laboratory. These include technologies that detect and isolate security faults,[4] secure private data,[5] provide a secure mechanism for fixing software flaws in different contexts,[6] and even foster a deeper understanding about how to help programmers avoid security flaws in the first place.[7]

Recognizing the practical impact of his work, Popular Science selected Cappos as one of its Brilliant 10 in 2013,[8] naming him as one of 10 brilliant scientists under 40. His awareness of the risks of today's connected culture—a knowledge strong enough to keep him from owning a smartphone or other connected device,[9] or from using social media like Facebook and Twitter—has led to numerous requests to serve as an expert commentator on issues of cyber security and privacy for local, national, and international media.

Education and early research initiatives[edit]

The topic of Cappos' Ph.D. dissertation at the University of Arizona was the Stork Project,[10] a software package manager he built with John H. Hartman, a professor in the Department of Computer Science. Stork is still used today in some applications, but, more importantly, the project called attention to the need for improved security for software update processes, a research area Cappos has continued to pursue.

While a post-doctoral researcher at the University of Washington in 2009, Cappos also developed a peer-to-peer computing platform called Seattle,[11][12] which allows device-to-device connectivity in a decentralized network. Seattle is currently used by thousands of developers, who can access, download, and use the program on any type of smart device. In addition, spin-off technologies, such as Sensibility Testbed,[13] have extended the use of Seattle's security and enforced privacy protection strategies, allowing researchers to collect data from sensors at no risk to the privacy of the device owner.

Compromise-resilient strategies[edit]

In 2010, Cappos developed The Update Framework (TUF),[14][15] a flexible software framework that builds system resilience against key compromises and other attacks that can threaten the integrity of a repository.[16][17] TUF was designed for easy integration into the native programming languages of existing update systems, and since its inception, it has been adopted or is in the process of being integrated by a number of high-profile open-source projects. One of the more significant earlier adoptions was Docker Content Trust.[18][19] an implementation of the Notary project from Docker that deploys Linux containers.[20] Notary, which is built on TUF, can certify the validity of the sources of Docker images.[21] In October 2017, Notary and TUF were both adopted as hosted projects by the Linux Foundation as part of its Cloud Native Computing Foundation.[22] In December 2019, TUF became the first specification and first security-focused project to graduate from CNCF.[23] TUF has also been standardized in Python,[24][25] and been independently implemented in the Go language by Flynn, an open-source platform as a service (PaaS) for running applications in production.[26][27][28] To date, the list of tech companies and organizations using TUF include IBM,[29] VMware,[30] Digital Ocean,[31] Microsoft,[32] Google,[33] Amazon,[34] Leap,[35] Kolide,[36] Docker,[37] and Cloudflare.[38]

Another significant compromise-resilient software update framework by Cappos is the 2017 launch of a TUF-adapted technology called Uptane.[39][40] Uptane is designed to secure software updates for automobiles, particularly those delivered via over-the-air programming.[41][42][43] Developed in partnership with the University of Michigan Transportation Research Institute and the Southwest Research Institute, and in collaboration with stakeholders in industry, academia, and government, Uptane modifies the TUF design to meet the specific security needs of the automotive industry. These needs include accommodating computing units that vary greatly in terms of memory, storage capability, and access to the Internet, while preserving the customizability manufacturers need to design cars for specific client usage.[44] To date, Uptane has been integrated into OTA Plus and ATS Garage, two over-the-air software update products from Advanced Telematic Systems, and is a key security component of the OTAmatic program created by Airbiquity.[45][46] The Airbiquity project was honored with a BIG Award for Business in the 2017 New Product Category in January 2018, and Popular Science magazine named Uptane one of the top 100 inventions for 2017.[47] The first standard volume issued for the project, entitled IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation, was released on July 31, 2019.[48] Uptane is now a Joint Development Foundation project of the Linux Foundation, operating under the formal title of Joint Development Foundation Projects, LLC, Uptane Series.

Other significant research projects[edit]

In 2016, Cappos introduced in-toto,[49] an open metadata standard that provides documentation of the end-to-end security of a software supply chain. The framework gathers both key information and signatures from all who can access a piece of software through the various stages of coding, testing, building and packaging, thus making transparent all the steps that were performed, by whom and in what order. By creating accountability, in-toto can prevent attackers from either directly introducing malicious changes into the code, or from altering the metadata that keeps the record of those changes along the supply chain.[50] in-toto has collaborated with open source communities such as Docker and OpenSUSE. Datadog utilizes both in-toto and TUF.[51] In December 2020, the framework released its first major version.

While working on in-toto, Cappos and the SSL research group identified metadata manipulation as a new threat against Version Control Systems like Git. His team has developed several new approaches to address this problem, including a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions.[52] By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. One recent accomplishment in this research arena is Arch Linux integrating a patch to check for invalid tags in git into the next release of its pacman utility.[53] More recently, Cappos and his collaborators have focused on development of a browser extension that can ensure users of convenient web-based hosting services, such as GitHub or GitLab, that the server will faithfully carry out their requested actions.

Another Cappos project, developed in 2014, introduced a method to make passwords for databases harder to crack. PolyPasswordHasher,[54] is a secure scheme that interrelates stored password data, forcing hackers to crack passwords in sets.[55][56] By making it significantly harder for attackers to figure out the necessary threshold of passwords needed to gain access, PolyPasswordHasher-enabled databases become very difficult to breach. PPH is currently used in several projects, including the Seattle Clearinghouse and BioBank. Implementations are available for seven languages, including Java,[57] Python,[58] C,[59] and Ruby.[60]


  1. ^ Cappos, Justin; Samuel, Justin; Baker, Scott; Hartman, John H. (1 January 2008). "A look in the mirror". A Look in the Mirror: Attacks on Package Managers. ACM. pp. 565–574. doi:10.1145/1455770.1455841. ISBN 9781595938107. S2CID 132035.
  2. ^ Cappos, J.; Wang, L.; Weiss, R.; Yang, Y.; Zhuang, Y. (1 February 2014). "BlurSense: Dynamic fine-grained access control for smartphone privacy". 2014 IEEE Sensors Applications Symposium (SAS). pp. 329–332. doi:10.1109/SAS.2014.6798970. ISBN 978-1-4799-2179-9. S2CID 18791689 – via IEEE Xplore.
  3. ^ Kuppusamy, Trishank Karthik; Torres-Arias, Santiago; Diaz, Vladimir; Cappos, Justin (March 2016). Diplomat: Using Delegations to Protect Community Repositories. Usenix. pp. 567–581. ISBN 9781931971294.
  4. ^ Li, Yiwen; Dolan-Gavitt, Brendan; Weber, Sam; Cappos, Justin (2017). "Lock-in-Pop:Securing Privileged Operating System Kernels by Keeping on the Beaten Path" (PDF). USENIX Association. pp. 1–13.
  5. ^ Zhuang, Yanyan; Rafetseder, Albert; Hu, Yu; Tian, Yuan; Cappos, Justin (2018). "Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps" (PDF). ACM.
  6. ^ Kuppusamy, Trishank; Diaz, Vladimir; Cappos, Justin (2017). Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories. USENIX Association. pp. 673–688. ISBN 9781931971386.
  7. ^ Gopstein, Dan; Iannacone, Jake; Yan, Yu; DeLong, Lois; Zhuang, Yanyan; Yeh, Martin K.-C.; Cappos, Justin (2017). "Understanding Misunderstandings in Source Code". Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2017. ACM. pp. 129–139. doi:10.1145/3106237.3106264. ISBN 9781450351058. S2CID 5537907.
  8. ^ Greenwood, Veronique (16 October 2013). "How Justin Cappos Created A New Way To Cloud Compute". www.Popsci.com. Popular Science. Retrieved 1 October 2016.
  9. ^ "Staying Safe Online". Al Jazeera America. 28 September 2013. Retrieved 15 May 2019.
  10. ^ Cappos, Justin (11 November 2007). "Stork: Package Management for Distributed VM Environments". www.usenix.org: 79–94. Retrieved 1 October 2016.
  11. ^ Cappos, Justin; Beschastnikh, Ivan; Krishnamurthy, Arvind; Anderson, Tom (1 January 2009). "Seattle". Seattle: A Platform for Educational Cloud Computing. ACM. pp. 111–115. doi:10.1145/1508865.1508905. ISBN 9781605581835. S2CID 2892867.
  12. ^ Cappos, Justin. "NSF Award Search: Award#1205415 - CI-ADDO-EN: Enhancing and Supporting a Community Testbed". www.nsf.gov. National Science Foundation. Retrieved 1 October 2016.
  13. ^ "Sensibility Testbed.com". Retrieved 19 October 2017.
  14. ^ Cappos, Justin. "NSF Award Search: Award#1345049 – TTP: Securing Python Package Management with The Update Framework (TUF)". www.nsf.gov. Retrieved 2 October 2016.
  15. ^ Samuel, Justin; Mathewson, Nick; Cappos, Justin; Dingledine, Roger. "Survivable Key Compromise in Software Update Systems" (PDF). ACM. pp. 61–72. Retrieved 13 November 2017 – via CCS 2010.
  16. ^ Li, Ying; Lawrence, David. "Presentation: When the going gets tough, get TUF going". us.pycon.org. Python Software Foundation. Retrieved 2 October 2016.
  17. ^ Seifried, Kurt. "TUF Love". Linux Magazine. Linux Pro Magazine. Retrieved 3 October 2016.
  18. ^ Monica, Diogo (12 August 2015). "Introducing Docker Content Trust – Docker Blog". Blog.Docker.com. Docker. Retrieved 2 October 2016.
  19. ^ "Docker Content Trust Protects Integrity of Dockerized Content". www.CIOReview.com. CIO Review. Retrieved 2 October 2016.
  20. ^ Fulton III, Scott M. (12 August 2015). "Docker: With Content Trust, You Can Run Containers on Untrusted Networks – The New Stack". TheNewStack.io. The New Stack. Retrieved 3 October 2016.
  21. ^ Vaughan-Nichols, Steven J. "Docker 1.8 adds serious container security ZDNet". ZDNet. CBS Interactive. Retrieved 3 October 2016.
  22. ^ Jackson, Joab (24 October 2017). "CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption". The New Stack.
  23. ^ Melanson, Mike (19 December 2019). "TUF Is First Security Project to Graduate the Cloud Native Computing Foundation". The New Stack.
  24. ^ Kuppusamy, Trishank Karthik; Diaz, Vladimir; Stufft, Donald; Cappos, Justin (27 September 2013). "PEP 458—Surviving a Compromise of PyPI". Retrieved 2 April 2018.
  25. ^ Kuppusamy, Trishank Karthik; Diaz, Vladimir; Stufft, Donald; Cappos, Justin (8 October 2014). "PEP 480—Surviving a Compromise of PyPI: The Maximum Security Model". Retrieved 2 April 2018.
  26. ^ Yegulalp, Serdar (28 July 2016). "Open source Flynn takes the headaches out of app deployment". www.Infoworld.com. IDG. Retrieved 3 October 2016.
  27. ^ "Security – Flynn". flynn.io. Retrieved 3 October 2016.
  28. ^ "flynn/go-tuf". www.github.com. GitHub, Inc. Retrieved 3 October 2016.
  29. ^ "Signing images for trusted content". IBM Cloud Docs. 13 February 2020. Retrieved 13 April 2020.
  30. ^ . VMware https://www.vmware.com/. Retrieved 13 April 2020. {{cite web}}: Missing or empty |title= (help)
  31. ^ . Digital Ocean https://www.digitalocean.com/. Retrieved 13 April 2020. {{cite web}}: Missing or empty |title= (help)
  32. ^ "Content trust in Azure Container Registry". Microsoft. 6 September 2019. Retrieved 13 April 2020.
  33. ^ "Fuchsia Project". 2 April 2020. Retrieved 13 April 2020.
  34. ^ "AWS Tough Repository". Amazon. 9 April 2020. Retrieved 13 April 2020.
  35. ^ "New releases for a new year". Leap Encryption Action Project. 23 December 2014. Retrieved 13 April 2020.
  36. ^ "Kolide Updater". Kolide. 1 November 2014. Retrieved 13 April 2020.
  37. ^ "Docker Trusted Registry". Mirantis.com. Retrieved 13 April 2020.
  38. ^ Sullivan, Nick (16 March 2018). "A container identity bootstrapping tool". Cloudflare Blog. Retrieved 13 April 2020.
  39. ^ Detsch, Jack (18 January 2017). "Are software updates key to stopping criminal car hacks?". www.csmonitor.com. Christian Science Monitor. Retrieved 20 February 2017.
  40. ^ Rowe, Martin (23 January 2017). "Automotive ECU Updates: Keeping the Hackers Out". www.eetimes.com. EE Times. Retrieved 20 February 2017.
  41. ^ "Remote Software Update: Future growth business". IHS Markit Automotive Blog. IHS.com. 14 January 2015. Retrieved 13 November 2017.
  42. ^ Merian, Lucas (15 March 2016). "Cybersecurity and recalls will mean over-the-air updates for 203M cars by 2022". Computerworld. Retrieved 13 November 2017.
  43. ^ Sage, Alexandria (29 September 2017). "Big Auto look to tech companies to fix cars over the air". Reuters. Retrieved 29 January 2018.
  44. ^ Kuppusamy, Trishank Karthik; DeLong, Lois Anne; Cappos, Justin (Summer 2017). Securing Software Updates for Automobiles Using Uptane (PDF). Vol. 42. login.
  45. ^ "ATS is Integrating the Uptane Security Framework for Over-the-air Software Updates to Connected Vehicles". World News.com. 13 June 2017.
  46. ^ "Airbiquity introduces OTAmatic for connected vehicle Over-The-Air (OTA) software updates and data management". Airbiquity.com. 18 May 2017. Retrieved 16 March 2018.
  47. ^ Atherton, Kelsey D.; Feltman, Rachel (17 October 2017). "The Year's Most Important Innovations in Security". Popular Science.
  48. ^ "IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation" (PDF). IEEE/ISTO. 31 July 2019. Retrieved 8 January 2020.
  49. ^ "in-toto website". Retrieved 19 October 2017.
  50. ^ "in-toto Specification" (PDF). GitHub. 11 April 2017. Retrieved 6 April 2018.
  51. ^ "Secure Publication of Datadog Agent Integrations with TUF and in-toto". 3 June 2019. Retrieved 14 December 2020.
  52. ^ Torres-Arias, Santiago; Ammula l, Anil Kumar; Curtmola, Reza; Cappos, Justin. "On omitting commits and committing omissions: Preventing git metadata tampering that (re)introduces software vulnerabilities" (PDF). 25th USENIX Security Symposium Proceedings. pp. 379–395.
  53. ^ "libmakepkg: check for invalid tags in git". Arch Linux<. Retrieved 13 September 2017.
  54. ^ "PolyPasswordHasher website". Secure Systems Lab at NYU. Retrieved 14 December 2020.
  55. ^ Prince, Brian. "New Protection Scheme Makes Weak Passwords Virtually Uncrackable". Wired Business Media. Retrieved 14 December 2020.
  56. ^ "Interview With NYU-Poly's Professor Justin Cappos: Security Lessons From Retail Breaches". blog.varonis.com. Varonis Blog. 6 January 2015. Retrieved 3 October 2016.
  57. ^ "PolyPasswordHasher-Java implementation". Secure Systems Lab at NYU. 6 October 2015. Retrieved 19 October 2017.
  58. ^ "PolyPasswordHasher/python-reference-implementation". Secure Systems Lab at NYU. Retrieved 19 October 2017.
  59. ^ "PolyPasswordHasher-C". Secure Systems Lab at NYU. 26 January 2017. Retrieved 19 October 2017.
  60. ^ "PolyPasswordHasher/PolyPasswordHasher-Ruby/". Secure Systems Lab at NYU. Retrieved 19 October 2017.

External links[edit]

Selected publications[edit]

Media citations and commentary[edit]