An official website of the United States government
- Home
- Search Results
- Page 1 of 1
Search for: All records
-
Total Resources5
- Resource Type
-
0003000002000000
- More
- Availability
-
50
- Author / Contributor
- Filter by Author / Creator
-
-
Curtmola, Reza (5)
-
Cappos, Justin (4)
-
Torres-Arias, Santiago (4)
-
Afzali, Hammad (3)
-
Chakraborti, Anrin (1)
-
Katz, Jonathan (1)
-
Kuppusamy, Trishank Karthik (1)
-
Nieh, Jason (1)
-
Sadeghi, Ahmad-Reza (1)
-
Sion, Radu (1)
-
Vaidya, Sangat (1)
-
Zhang, Yinqian (1)
-
#Tyler Phillips, Kenneth E. (0)
-
#Willis, Ciara (0)
-
& Abreu-Ramos, E. D. (0)
-
& Abramson, C. I. (0)
-
& Abreu-Ramos, E. D. (0)
-
& Adams, S.G. (0)
-
& Ahmed, K. (0)
-
& Ahmed, Khadija. (0)
-
- Filter by Editor
-
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
(submitted - in Review for IEEE ICASSP-2024) (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
Afzali, Hammad; Torres-Arias, Santiago; Curtmola, Reza; Cappos, Justin (, Journal of Computer Security)
-
Torres-Arias, Santiago; Afzali, Hammad; Kuppusamy, Trishank Karthik; Curtmola, Reza; Cappos, Justin (, Proc. of the 28th USENIX Security Symposium)The software development process is quite complex and involves a number of independent actors. Developers check source code into a version control system, the code is compiled into software at a build farm, and CI/CD systems run multiple tests to ensure the software’s quality among a myriad of other operations. Finally, the software is packaged for distribution into a delivered product, to be consumed by end users. An attacker that is able to compromise any single step in the process can maliciously modify the software and harm any of the software’s users. To address these issues, we designed in-toto, a framework that cryptographically ensures the integrity of the software supply chain. in-toto grants the end user the ability to verify the software’s supply chain from the project’s inception to its deployment. We demonstrate in-toto’s effectiveness on 30 software supply chain compromises that affected hundreds of million of users and showcase in-toto’s usage over cloud-native, hybrid-cloud and cloud-agnostic applications. in-toto is integrated into products and open source projects that are used by millions of people daily.more » « less
-
Vaidya, Sangat; Torres-Arias, Santiago; Curtmola, Reza; Cappos, Justin (, Proceedings of the IFIP 34th International Conference on ICT Systems Security and Privacy Protection (SEC ’19))
-
Afzali, Hammad; Torres-Arias, Santiago; Curtmola, Reza; Cappos, Justin (, Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS '18))
