Contact Information

Office: 2119D Collaborative Information Center (CIC) Building
Phone: (412) 268-9604
Email: jonmccune@cmu.edu
Curriculum Vitae: pdf

Research Area

• Trusted Computing Technology
• Operating system security
• Authentication in ad hoc networks
• Mobile, ad hoc networks
• Vehicular networks
• Worms and viruses
• Sensor network security

Publications in Conferences and Workshops

• GAnGS: Gather, Authenticate, and Group Securely. Mobicom 2008. To appear.
• Flicker: An Execution Infrastructure for TCB Minimization.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. The European Conference on Computer Systems (EuroSys), April 2008. ( PDF, BIB )
• How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter and Arvind Seshadri. Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2008. ( PDF, BIB )
• Turtles All the Way Down: Research Challenges in User-Based Attestation.
  Jonathan M. McCune, Adrian Perrig, Arvind Seshadri, and Leendert van Doorn. USENIX Workshop on Hot Topics in Security (HotSec '07) , August 2007. ( PDF, BIB)
• Minimal TCB Code Execution (Extended Abstract).
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. IEEE Symposium on Security and Privacy, May 2007. ( PDF, BIB)
• Shamon: A System for Distributed Mandatory Access Control.
  Jonathan M. McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer. Annual Computer Security Applications Conference, December, 2006. ( PDF, BIB )
• Bump in the Ether: A Framework for Securing Sensitive User Input.
  Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. USENIX Annual Technical Conference, May 2006. ( PDF, BIB) An early version appears as CMU Cylab Technical Report CMU-Cylab-05-007, December 2005.
• Device-Enabled Authorization in the Grey System.
  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. 8th Information Security Conference, July 2005. (PDF, BIB) Full version appears as Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005.
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. ( PDF, BIB) An early version appears as Computer Science Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004.
• Detection of Denial-of-Message Attacks on Sensor Network Broadcasts.
  Jonathan M. McCune, Elaine Shi, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. (PDF, BIB)
• A Study of Mass-mailing Worms.
  Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang. ACM Workshop on Rapid Malcode (WORM), 2004. (PDF, BIB)
• Power-Efficient Adaptable Wireless Sensor Networks.
  John Lach, David Evans, Jon McCune, Jason Brandon. Military and Aerospace Programmable Logic Devices (MAPLD) International Conference, 2003. ( web )
• Behavior Combination and Swarm Programming.
  Keen Browne, Jon McCune, Adam Trost, et al. Lecture Notes in Computer Science, Springer-Verlag Heidelberg. February 2002. ( web )

Journal Articles

• Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
  Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert Van Doorn. ACM SIGOPS Operating System Review Special Edition on Computer Forensics. Volume 42, Issue 3, April 2008. ( PDF, BIB )
  An early version appeared as CMU Cylab Technical Report CMU-CyLab-07-001, January 2007
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. International Journal of Security and Networks Special Issue on Secure Spontaneous Interaction, 2008. To appear.
  This work extends our 2005 IEEE S&P paper and Technical Report CMU-CS-04-174.

Technical Reports

• An Execution Infrastructure for TCB Minimization.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. CMU Cylab Technical Report CMU-CyLab-07-018, December 2007
• Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
  Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert van Doorn. CMU Cylab Technical Report CMU-CyLab-07-001, January 2007
• Bump in the Ether: A Framework for Securing Sensitive User Input.
  Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. CMU Cylab Technical Report CMU-Cylab-05-007, December 2005.
• Device-Enabled Authorization in the Grey System.
  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005.
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004.

Talks

Conference
• How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. ASPLOS, March 2008. ( PPT )
• Shamon: A System for Distributed Mandatory Access Control (ACSAC, Miami Beach, FL, December, 2006) ( pdf )
• Bump in the Ether: A Framework for Securing Sensitive User Input (Usenix ATC, Boston, MA, June, 2006) ( pdf )
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication (IEEE S&P, Oakland, CA, May, 2005) ( pdf )
• Power Efficient Adaptable Sensor Networks (MAPLD, Washington, DC, September, 2003)

Security Reading Group
• M. Vrable et al. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. (srg, 2.14.2006) (slides by R. Morales)
• W. Aiello, et al. Origin Authentication in Interdomain Routing. (srg, 9.3.2004) ( ppt )
• H. Feng, et al. Anomaly Detection Using Call Stack Information. (srg, 7.2.2004) ( ppt )
• A. Adams and M. A. Sasse. Users Are Not The Enemy. (srg, 2.6.2004) ( ppt )

Associated Faculty

Co-Advisor: Mike Reiter ( web )
Co-Advisor: Adrian Perrig ( web )

Projects

• Flicker: Minimal TCB Code Execution
• Using TCG and Camera Phones to Create Trusted Paths to Users
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication
• Grey: Access Control System for Mobile Devices
• A Peer-to-Peer Waypoint Architecture for End System Multicast
• Combating Malicious Code via DNS and SMTP Oddities
• Detection of Denial-of-Message Attacks on Sensor Network Broadcasts
• Automatic Mobility-Assisted Key Establishment

Completed TA and Coursework

Fall 2006
15-681: Machine Learning
Spring 2006
18-733: Applied Cryptography
Fall 2005
Teaching Assistant: 18-730: Introduction to Computer Security
15-712: Advanced Operating Systems and Distributed Systems
Spring 2005
Teaching Assistant: 18-731: Network Security
Fall 2004
18-751: Applied Stochastic Processes
Spring 2004
15-744:Networks ( project )
18-731: Network Security
Fall 2003
18-730: Introduction to Computer Security
18-839: Special Topics in Networking Security & Software Security ( project )

Affiliation

• CyLab

Links

• Cylab Student Seminar
• Seminal Papers in Security
• Security Reading Group (srg)
• Electrical and Computer Engineering at CMU
• Carnegie Mellon University


• Tartan Crew!


• David Evans' Home Page
• Wahoo Wunderkind
• The University of Virginia
• UVAMBC