Diplomat: Using delegations to protect community repositories TK Kuppusamy, S Torres-Arias, V Diaz, J Cappos 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI …, 2016 | 57 | 2016 |
in-toto: Providing farm-to-table guarantees for bits and bytes S Torres-Arias, H Afzali, TK Kuppusamy, R Curtmola, J Cappos 28th USENIX Security Symposium (USENIX Security 19), 1393-1410, 2019 | 33 | 2019 |
Sok: Analysis of software supply chain security by establishing secure design properties C Okafor, TR Schorlemmer, S Torres-Arias, JC Davis Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive …, 2022 | 31 | 2022 |
Sigstore: Software signing for everybody Z Newman, JS Meyers, S Torres-Arias Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications …, 2022 | 31 | 2022 |
On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities S Torres-Arias, AK Ammula, R Curtmola, J Cappos 25th USENIX Security Symposium (USENIX Security 16), 379-395, 2016 | 30 | 2016 |
Commit signatures for centralized version control systems S Vaidya, S Torres-Arias, R Curtmola, J Cappos ICT Systems Security and Privacy Protection: 34th IFIP TC 11 International …, 2019 | 13 | 2019 |
Signing in four public software package registries: Quantity, quality, and influencing factors TR Schorlemmer, KG Kalu, L Chigges, KM Ko, EAMA Isghair, S Baghi, ... arXiv preprint arXiv:2401.14635, 2024 | 8 | 2024 |
Speranza: Usable, privacy-friendly software signing K Merrill, Z Newman, S Torres-Arias, KR Sollins Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications …, 2023 | 8 | 2023 |
le-git-imate: Towards verifiable web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Proceedings of the 2018 on Asia Conference on Computer and Communications …, 2018 | 7 | 2018 |
What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake S Torres-Arias The Conversation 22, 2021 | 5 | 2021 |
In-toto: Practical Software Supply Chain Security S Torres-Arias New York University Tandon School of Engineering, 2020 | 5 | 2020 |
Towards adding verifiability to web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Journal of Computer Security 28 (4), 405-436, 2020 | 4 | 2020 |
Rust for Embedded Systems: Current State, Challenges and Open Problems A Sharma, S Sharma, S Torres-Arias, A Machiry arXiv preprint arXiv:2311.05063, 2023 | 3 | 2023 |
A Viewpoint on Software Supply Chain Security: Are We Getting Lost in Translation? MS Melara, S Torres-Arias IEEE Security & Privacy 21 (6), 55-58, 2023 | 2 | 2023 |
Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager PC Amusuo, KA Robinson, S Torres-Arias, L Simon, JC Davis arXiv preprint arXiv:2310.14117, 2023 | 2 | 2023 |
COLBAC: Shifting cybersecurity from hierarchical to horizontal designs K Gallagher, S Torres-Arias, N Memon, J Feldman Proceedings of the 2021 New Security Paradigms Workshop, 13-27, 2021 | 2 | 2021 |
An Industry Interview Study of Software Signing for Supply Chain Security KG Kalu, T Singla, C Okafor, S Torres-Arias, JC Davis arXiv preprint arXiv:2406.08198, 2024 | 1 | 2024 |
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines R Chandramouli, F Kautz, S Torres Arias https://doi.org/10.6028/NIST.SP.800-204D, 2024 | 1 | 2024 |
A Viewpoint on Knowing Software: Bill of Materials Quality When You See It S Torres-Arias, D Geer, JS Meyers IEEE Security & Privacy 21 (6), 50-54, 2023 | 1 | 2023 |
Towards verifiable web-based code review systems H Afzali, S Torres-Arias, R Curtmola, J Cappos Journal of Computer Security 31 (2), 153-184, 2023 | 1 | 2023 |