Jonathan McCune

	Jonathan M. McCune

Contact Information Office: 2126 Collaborative Information Center (CIC) Building Phone: (412) 268-3992 Email: jonmccune@cmu.edu Curriculum Vitae: pdf Advertisements Trusted Infrastructure Workshop Workshop on Scalable Trusted Computing (STC) IEEE Symposium on Security and Privacy (Oakland) Active Research Areas Trusted Computing technology Operating system and virtualization security Authentication in ad hoc networks Publications in Conferences and Workshops SPATE: Small-group PKI-less Authenticated Trust Establishment. Yue-Hsun Lin, Ahren Studer, Hsu-Chin Hsiao, Jonathan M. McCune, King-Hang Wang, Maxwell Krohn, Phen-Lan Lin, Adrian Perrig, Hung-Min Sun, and Bo-Yin Yang. Conference on Mobile Systems, Applications and Services (MobiSys), June 2009. ( PDF BIB ) Best Paper Award. CLAMP: Practical Prevention of Large-Scale Data Leaks. Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, and Adrian Perrig. IEEE Symposium on Security and Privacy, May 2009. ( PDF, BIB ) Safe Passage for Passwords and Other Sensitive Data. Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Network and Distributed System Security Symposium (NDSS), February 2009. ( PDF, BIB ) GAnGS: Gather, Authenticate, and Group Securely. Chia-Hsin Owen Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai, Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, and Tzong-Chen Wu. The International Conference on Mobile Computing and Networking (Mobicom), September 2008. ( PDF, BIB ) Flicker: An Execution Infrastructure for TCB Minimization. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. The European Conference on Computer Systems (EuroSys), April 2008. ( PDF, BIB ) How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter and Arvind Seshadri. Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2008. ( PDF, BIB ) Turtles All the Way Down: Research Challenges in User-Based Attestation. Jonathan M. McCune, Adrian Perrig, Arvind Seshadri, and Leendert van Doorn. USENIX Workshop on Hot Topics in Security (HotSec '07) , August 2007. ( PDF, BIB) Minimal TCB Code Execution (Extended Abstract). Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. IEEE Symposium on Security and Privacy, May 2007. ( PDF, BIB) Shamon: A System for Distributed Mandatory Access Control. Jonathan M. McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer. Annual Computer Security Applications Conference, December, 2006. ( PDF, BIB ) Bump in the Ether: A Framework for Securing Sensitive User Input. Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. USENIX Annual Technical Conference, May 2006. ( PDF, BIB) An early version appears as CMU Cylab Technical Report CMU-Cylab-05-007, December 2005. Device-Enabled Authorization in the Grey System. Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. 8th Information Security Conference, July 2005. (PDF, BIB) Full version appears as Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005. Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. ( PDF, BIB) An early version appears as Computer Science Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004. Detection of Denial-of-Message Attacks on Sensor Network Broadcasts. Jonathan M. McCune, Elaine Shi, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. (PDF, BIB) A Study of Mass-mailing Worms. Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang. ACM Workshop on Rapid Malcode (WORM), 2004. (PDF, BIB) Power-Efficient Adaptable Wireless Sensor Networks. John Lach, David Evans, Jon McCune, Jason Brandon. Military and Aerospace Programmable Logic Devices (MAPLD) International Conference, 2003. ( web ) Behavior Combination and Swarm Programming. Keen Browne, Jon McCune, Adam Trost, et al. Lecture Notes in Computer Science, Springer-Verlag Heidelberg. February 2002. ( web ) Journal Articles Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert Van Doorn. ACM SIGOPS Operating System Review Special Edition on Computer Forensics. Volume 42, Issue 3, April 2008. ( PDF, BIB ) An early version appeared as CMU Cylab Technical Report CMU-CyLab-07-001, January 2007 Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. International Journal of Security and Networks Special Issue on Secure Spontaneous Interaction. 4(1-2):43-56, 2009. ( PDF BIB ) This work extends our 2005 IEEE S&P paper and Technical Report CMU-CS-04-174. Technical Reports An Execution Infrastructure for TCB Minimization. Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. CMU Cylab Technical Report CMU-CyLab-07-018, December 2007 Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert van Doorn. CMU Cylab Technical Report CMU-CyLab-07-001, January 2007 Bump in the Ether: A Framework for Securing Sensitive User Input. Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. CMU Cylab Technical Report CMU-Cylab-05-007, December 2005. Device-Enabled Authorization in the Grey System. Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005. Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004. Talks Conference Safe Passage for Passwords and Other Sensitive Data. NDSS, February 2009. ( PPT ) How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. ASPLOS, March 2008. ( PPT ) Shamon: A System for Distributed Mandatory Access Control (ACSAC, Miami Beach, FL, December, 2006) ( pdf ) Bump in the Ether: A Framework for Securing Sensitive User Input (Usenix ATC, Boston, MA, June, 2006) ( pdf ) Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication (IEEE S&P, Oakland, CA, May, 2005) ( pdf ) Power Efficient Adaptable Sensor Networks (MAPLD, Washington, DC, September, 2003) Security Reading Group M. Vrable et al. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. (srg, 2.14.2006) (slides by R. Morales) W. Aiello, et al. Origin Authentication in Interdomain Routing. (srg, 9.3.2004) ( ppt ) H. Feng, et al. Anomaly Detection Using Call Stack Information. (srg, 7.2.2004) ( ppt ) A. Adams and M. A. Sasse. Users Are Not The Enemy. (srg, 2.6.2004) ( ppt ) PhD Thesis Reducing the Trusted Computing Base for Applications on Commodity Systems Co-Advisor: Mike Reiter ( web ) Co-Advisor: Adrian Perrig ( web ) Committee Member: Greg Ganger ( web ) Committee Member: Leendert van Doorn ( web ) Projects Flicker: Minimal TCB Code Execution Using TCG and Camera Phones to Create Trusted Paths to Users Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication Grey: Access Control System for Mobile Devices A Peer-to-Peer Waypoint Architecture for End System Multicast Combating Malicious Code via DNS and SMTP Oddities Detection of Denial-of-Message Attacks on Sensor Network Broadcasts Automatic Mobility-Assisted Key Establishment TA and Coursework Fall 2008 Teaching Assistant: 18-732: Secure Software Systems Fall 2006 15-681: Machine Learning Spring 2006 18-733: Applied Cryptography Fall 2005 Teaching Assistant: 18-730: Introduction to Computer Security 15-712: Advanced Operating Systems and Distributed Systems Spring 2005 Teaching Assistant: 18-731: Network Security Fall 2004 18-751: Applied Stochastic Processes Spring 2004 15-744:Networks ( project ) 18-731: Network Security Fall 2003 18-730: Introduction to Computer Security 18-839: Special Topics in Networking Security & Software Security ( project ) Affiliation CyLab Links Cylab Student Seminar Seminal Papers in Security Early Computer Security Papers Guofei Gu's Security Conference Rankings and Statistics Electrical and Computer Engineering at CMU Carnegie Mellon University Tartan Crew! David Evans' Home Page Wahoo Wunderkind The University of Virginia UVAMBC

© 2003-2008, Jonathan M. McCune