Justin Cappos | |
---|---|
Born | February 27, 1977 |
Nationality | American |
Alma mater | University of Arizona |
Scientific career | |
Fields | Security, operating systems, networks |
Thesis | (2008) |
Doctoral advisor | John Hartman |
Website | engineering ssl |
Justin Cappos (born February 27, 1977) is a computer scientist and cybersecurity expert whose data-security software has been adopted by a number of widely used open-source projects. His research centers on software update systems, security, and virtualization, with a focus on real-world security problems. [1] [2] [3]
Cappos has been a faculty member at New York University Tandon School of Engineering since 2011, and was awarded tenure in 2017. Now an associate professor in the Department of Computer Science and Engineering, he has introduced a number of new software products and system protocols as head of the school's Secure Systems Laboratory. These include technologies that detect and isolate security faults, [4] secure private data, [5] provide a secure mechanism for fixing software flaws in different contexts, [6] and even foster a deeper understanding about how to help programmers avoid security flaws in the first place. [7]
Recognizing the practical impact of his work, Popular Science selected Cappos as one of its Brilliant 10 in 2013, [8] naming him as one of 10 brilliant scientists under 40. His awareness of the risks of today's connected culture—a knowledge strong enough to keep him from owning a smartphone or other connected device, [9] or from using social media like Facebook and Twitter—has led to numerous requests to serve as an expert commentator on issues of cyber security and privacy for local, national, and international media.
The topic of Cappos' Ph.D. dissertation at the University of Arizona was the Stork Project, [10] a software package manager he built with John H. Hartman, a professor in the Department of Computer Science. Stork is still used today in some applications, but, more importantly, the project called attention to the need for improved security for software update processes, a research area Cappos has continued to pursue.
While a post-doctoral researcher at the University of Washington in 2009, Cappos also developed a peer-to-peer computing platform called Seattle, [11] [12] which allows device-to-device connectivity in a decentralized network. Seattle is currently used by thousands of developers, who can access, download, and use the program on any type of smart device. In addition, spin-off technologies, such as Sensibility Testbed, [13] have extended the use of Seattle's security and enforced privacy protection strategies, allowing researchers to collect data from sensors at no risk to the privacy of the device owner.
In 2010, Cappos developed The Update Framework (TUF), [14] [15] a flexible software framework that builds system resilience against key compromises and other attacks that can threaten the integrity of a repository. [16] [17] TUF was designed for easy integration into the native programming languages of existing update systems, and since its inception, it has been adopted or is in the process of being integrated by a number of high-profile open-source projects. One of the more significant earlier adoptions was Docker Content Trust. [18] an implementation of the Notary project from Docker that deploys Linux containers. [19] Notary, which is built on TUF, can certify the validity of the sources of Docker images. [20] In October 2017, Notary and TUF were both adopted as hosted projects by the Linux Foundation as part of its Cloud Native Computing Foundation. [21] In December 2019, TUF became the first specification and first security-focused project to graduate from CNCF. [22] TUF has also been standardized in Python, [23] [24] and been independently implemented in the Go language by Flynn, an open-source platform as a service (PaaS) for running applications in production. [25] [26] [27] To date, the list of tech companies and organizations using TUF include Foundries.io [28] ,IBM, [29] VMware, [30] Digital Ocean, [31] Microsoft, [32] Google, [33] Amazon, [34] Leap, [35] Kolide, [36] Docker, [37] and Cloudflare. [38]
Another significant compromise-resilient software update framework by Cappos is the 2017 launch of a TUF-adapted technology called Uptane. [39] [40] Uptane is designed to secure software updates for automobiles, particularly those delivered via over-the-air programming. [41] [42] [43] Developed in partnership with the University of Michigan Transportation Research Institute and the Southwest Research Institute, and in collaboration with stakeholders in industry, academia, and government, Uptane modifies the TUF design to meet the specific security needs of the automotive industry. These needs include accommodating computing units that vary greatly in terms of memory, storage capability, and access to the Internet, while preserving the customizability manufacturers need to design cars for specific client usage. [44] To date, Uptane has been integrated into OTA Plus and ATS Garage, two over-the-air software update products from Advanced Telematic Systems, and is a key security component of the OTAmatic program created by Airbiquity. [45] [46] The Airbiquity project was honored with a BIG Award for Business in the 2017 New Product Category in January 2018, and Popular Science magazine named Uptane one of the top 100 inventions for 2017. [47] The first standard volume issued for the project, entitled IEEE-ISTO 6100.1.0.0 Uptane Standard for Design and Implementation, was released on July 31, 2019. [48] Uptane is now a Joint Development Foundation project of the Linux Foundation, operating under the formal title of Joint Development Foundation Projects, LLC, Uptane Series.
In 2016, Cappos introduced in-toto, [49] an open metadata standard that provides documentation of the end-to-end security of a software supply chain. The framework gathers both key information and signatures from all who can access a piece of software through the various stages of coding, testing, building and packaging, thus making transparent all the steps that were performed, by whom and in what order. By creating accountability, in-toto can prevent attackers from either directly introducing malicious changes into the code, or from altering the metadata that keeps the record of those changes along the supply chain. [50] in-toto has collaborated with open source communities such as Docker and OpenSUSE. Datadog utilizes both in-toto and TUF. [51] In December 2020, the framework released its first major version.
While working on in-toto, Cappos and the SSL research group identified metadata manipulation as a new threat against Version Control Systems like Git. His team has developed several new approaches to address this problem, including a defense scheme that mitigates these attacks by maintaining a cryptographically-signed log of relevant developer actions. [52] By documenting the state of the repository at a particular time when an action is taken, developers are given a shared history, so irregularities are easily detected. One recent accomplishment in this research arena is Arch Linux integrating a patch to check for invalid tags in git into the next release of its pacman utility. [53] More recently, Cappos and his collaborators have focused on development of a browser extension that can ensure users of convenient web-based hosting services, such as GitHub or GitLab, that the server will faithfully carry out their requested actions.
Another Cappos project, developed in 2014, introduced a method to make passwords for databases harder to crack. PolyPasswordHasher, [54] is a secure scheme that interrelates stored password data, forcing hackers to crack passwords in sets. [55] [56] By making it significantly harder for attackers to figure out the necessary threshold of passwords needed to gain access, PolyPasswordHasher-enabled databases become very difficult to breach. PPH is currently used in several projects, including the Seattle Clearinghouse and BioBank. Implementations are available for seven languages, including Java, [57] Python, [58] C, [59] and Ruby. [60]
John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It is among the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, automatically detects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions, Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
Unionfs is a filesystem service for Linux, FreeBSD and NetBSD which implements a union mount for other file systems. It allows files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system. Contents of directories which have the same path within the merged branches will be seen together in a single merged directory, within the new, virtual filesystem.
In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.
chroot
is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.
Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He is currently the chief information officer of DARPA. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.
Git is a distributed version control system that tracks versions of files. It is often used to control source code by programmers who are developing software collaboratively.
In software development, time-of-check to time-of-use is a class of software bugs caused by a race condition involving the checking of the state of a part of a system and the use of the results of that check.
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
NixOS is a free and open source Linux distribution based on the Nix package manager. NixOS uses an immutable design and an atomic update model. Its use of a declarative configuration system allows reproducibility and portability.
SipHash is an add–rotate–xor (ARX) based family of pseudorandom functions created by Jean-Philippe Aumasson and Daniel J. Bernstein in 2012, in response to a spate of "hash flooding" denial-of-service attacks (HashDoS) in late 2011.
crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.
Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine. It was first released in 2013 and is developed by Docker, Inc.
Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, macOS, and Windows. Examples of hashcat-supported hashing algorithms are LM hashes, MD4, MD5, SHA-family and Unix Crypt formats as well as algorithms used in MySQL and Cisco PIX.
Librem is a line of computers manufactured by Purism, SPC featuring free (libre) software. The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel, avoiding the Intel Active Management Technology, and gradually freeing and securing firmware. Librem laptops feature hardware kill switches for the microphone, webcam, Bluetooth and Wi-Fi.
Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.
Uptane is a Linux Foundation / Joint Development Foundation hosted software framework designed to ensure that valid, current software updates are installed in adversarial environments. It establishes a process of checks and balances on these electronic control units (ECUs) that can ensure the authenticity of incoming software updates. Uptane is designed for "compromise-resilience," or to limit the impact of a compromised repository, an insider attack, a leaked signing key, or similar attacks. It can be incorporated into most existing software update technologies, but offers particular support for over-the-air programming or OTA programming strategies originating from The Update Framework.
The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. TUF uses a series of roles and keys to provide a means to retain security, even when some keys or servers are compromised. It does this with a stated goal of requiring minimal changes and effort from repository administrators, software developers, and end users. In this way, it protects software repositories, which are an increasingly desirable target for hackers.
Bitwarden is a freemium open-source password management service that is used to store sensitive information, such as website credentials, in an encrypted vault. The platform hosts multiple client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. The platform offers a free US or European cloud-hosted service as well as the ability to self-host.
Container Linux is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments. One of its focuses was scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.
{{cite web}}
: Missing or empty |title=
(help){{cite web}}
: Missing or empty |title=
(help)