Software
Service
Program Committees (Affiliation Google)
Program Committees (Affiliation CMU)
Thesis Committees
- Jan-Erik Ekberg
- Kari Kostiainen
Other Service
- NSF Panelist
- 2014 STARSS Workshop
Publications in Conferences and Workshops
- MiniBox: A Two-Way Sandbox for x86 Native Code.
Yanlin Li, Jonathan M. McCune, James Newsome, Adrian Perrig, Brandon
Baker, and Will
Drewry. USENIX
Annual Technical Conference, June,
2014. ( PDF,
BIB ) An early version
appears as CMU Cylab Technical Report CMU-CyLab-14-001, February
2014.
- Design, Implementation and Verification of an eXtensible and
Modular Hypervisor Framework. Amit Vasudevan, Sagar Chaki,
Limin Jia, Jonathan McCune, James Newsome, and Anupam
Datta. IEEE
Symposium on Security and Privacy, May,
2013. (
PDF,
BIB )
- OASIS: On Achieving a Sanctuary for Integrity and Secrecy on
Untrusted Platforms.
Emmanuel Owusu, Jorge Guajardo,
Jonathan McCune, Jim Newsome, Adrian Perrig, and Amit
Vasudevan. ACM
Conference on Computer and Communications Security (CCS),
November,
2013. ( PDF,
BIB )
- SafeSlinger: Easy-to-Use and Secure Public-Key
Exchange.
Michael Farb, Yue-Hsun Lin, Tiffany Hyun-Jin
Kim, Jonathan M. McCune, and Adrian
Perrig. ACM
Conference on Mobile Computing and Networking (MobiCom),
September 2013.
( PDF,
BIB
)
- Trustworthy Execution on Mobile Devices: What security
properties can my mobile platform give me?
Amit Vasudevan,
Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune.
Trust and Trustworthy
Computing (Trust 2012) ( PDF, BIB )
- Building Verifiable Trusted Path on Commodity x86
Computers.
Zongwei Zhou, Virgil D. Gligor, James Newsome,
and Jonathan M. McCune. IEEE
Symposium on Security and Privacy, May 2012. ( PDF,
BIB )
- CARMA: A Hardware Tamper-Resistant Isolated Execution
Environment on Commodity x86 Platforms.
Amit Vasudevan,
Jonathan M. McCune, James Newsome, Adrian Perrig, and Leendert van
Doorn. ACM Symposium on
Information, Computer and Communications Security (ASIACCS), May
2012. ( PDF, BIB )
- Parametric Verification of Address Space
Separation.
Jason Franklin, Sagar Chaki, Anupam Datta,
Jonathan M. McCune, and Amit Vasudevan. Conference on
Principles of Security and Trust (POST), March 2012. ( PDF, BIB )
- VIPER: Verifying the Integrity of PERipherals'
Firmware.
Yanlin Li, Jonathan M. McCune, and Adrian Perrig.
ACM Conference on Computer and Communications Security (CCS),
October 2011.
( PDF, BIB )
- Uni-directional Trusted Path: Transaction Confirmation on
Just One Device.
Atanas Filyanov, Jonathan M. McCune,
Ahmad-Reza Sadeghi, and Marcel Winandy.
IEEE/IFIP International Conference on
Dependable Systems and Networks (DSN), June 2011.
( PDF, BIB )
- Memoir: Practical State Continuity for Protected
Modules.
Bryan Parno, Jacob R. Lorch, John R. Douceur, James
Mickens, and Jonathan M. McCune.
IEEE
Symposium on Security and Privacy, May
2011. ( PDF, BIB )
- Usability Testing a Malware-Resistant Input Mechanism.
Alana Libonati, Jonathan M. McCune, and Michael K. Reiter
Network and
Distributed System Security Symposium (NDSS 2011), February
2011. ( PDF,
BIB )
- Requirements for an Integrity-Protected Hypervisor on the
x86 Hardware Virtualized Architecture.
Amit Vasudevan, Jonathan M. McCune, Ning Qu, Leendert van Doorn and
Adrian Perrig
Trust and Trustworthy Computing
(Trust 2010), June
2010. ( PDF,
BIB )
- SBAP: Software-Based Attestation for Peripherals.
Yanlin Li, Jonathan M. McCune and Adrian Perrig
Trust and Trustworthy Computing
(Trust 2010), June
2010. ( PDF,
BIB )
- TrustVisor: Efficient TCB Reduction and
Attestation.
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta,
Virgil Gligor, and Adrian Perrig.
IEEE Symposium on
Security and Privacy, May
2010. ( PDF, BIB, src )
- Bootstrapping Trust in Commodity Computers.
Bryan Parno, Jonathan M. McCune, and Adrian Perrig.
IEEE Symposium on
Security and Privacy, May
2010. ( PDF, BIB )
- A Contractual Anonymity System.
Edward J. Schwartz, David Brumley, and Jonathan M. McCune.
Network and Distributed System Security Symposium
(NDSS), February
2010. ( PDF, BIB )
- SPATE: Small-group PKI-less Authenticated Trust Establishment.
Yue-Hsun Lin, Ahren Studer, Hsu-Chin Hsiao, Jonathan M. McCune,
King-Hang Wang, Maxwell Krohn, Phen-Lan Lin, Adrian Perrig, Hung-Min
Sun, and Bo-Yin Yang.
Conference on
Mobile Systems, Applications and Services (MobiSys),
June 2009. ( PDF,
BIB
) Best Paper Award.
- CLAMP: Practical Prevention of Large-Scale Data Leaks.
Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen,
and Adrian Perrig.
IEEE
Symposium on Security and Privacy, May 2009.
( PDF, BIB )
- Safe Passage for Passwords and Other Sensitive Data.
Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter.
Network and Distributed System Security Symposium
(NDSS), February 2009. ( PDF, BIB )
- GAnGS: Gather, Authenticate, and Group Securely.
Chia-Hsin Owen Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai,
Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, and
Tzong-Chen Wu.
The International
Conference on Mobile Computing and
Networking (Mobicom), September 2008. ( PDF, BIB )
- Flicker: An Execution Infrastructure for TCB Minimization.
Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and
Hiroshi Isozaki.
The European
Conference on Computer Systems (EuroSys), April 2008. ( PDF,
BIB, src
)
- How Low Can You Go?
Recommendations for Hardware-Supported Minimal TCB Code Execution.
Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter and Arvind Seshadri.
Architectural
Support for Programming Languages and Operating Systems
(ASPLOS), March 2008. ( PDF,
BIB )
- Turtles All the Way Down: Research Challenges in User-Based Attestation.
Jonathan M. McCune,
Adrian Perrig, Arvind Seshadri, and Leendert van Doorn. USENIX Workshop on Hot Topics in Security (HotSec '07)
, August 2007. ( PDF, BIB)
- Minimal TCB Code Execution (Extended Abstract).
Jonathan M. McCune, Bryan Parno,
Adrian Perrig, Michael K. Reiter, and Arvind
Seshadri. IEEE Symposium
on Security and Privacy, May 2007. ( PDF, BIB)
- Shamon: A System for Distributed Mandatory Access Control.
Jonathan M. McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer.
Annual Computer Security
Applications Conference, December,
2006. ( PDF, BIB )
- Bump in the Ether: A Framework for Securing Sensitive User
Input.
Jonathan M. McCune, Adrian Perrig, Michael K. Reiter.
USENIX Annual Technical Conference, May
2006. ( PDF, BIB) An early version appears
as CMU Cylab Technical Report CMU-Cylab-05-007,
December 2005.
- Device-Enabled Authorization in the Grey System.
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael
K. Reiter, Jason Rouse, and Peter Rutenbar. 8th Information
Security Conference, July 2005.
(PDF, BIB) Full version appears as
Technical Report CMU-CS-05-111 (PDF)
School of Computer Science, Carnegie Mellon University, February
2005.
- Seeing is Believing: Using Camera Phones for
Human-Verifiable Authentication.
Jonathan M. McCune,
Adrian Perrig, and Michael K. Reiter. IEEE Symposium on
Security and Privacy, May 2005. ( PDF, BIB) An early version
appears as Computer Science Technical Report CMU-CS-04-174,
School of Computer Science, Carnegie Mellon University, November
2004.
- Detection of Denial-of-Message Attacks on Sensor Network
Broadcasts.
Jonathan M. McCune, Elaine Shi, Adrian Perrig,
and Michael K. Reiter. IEEE Symposium on Security and
Privacy, May 2005. (PDF, BIB)
- A Study of Mass-mailing Worms.
Cynthia Wong, Stan
Bielski, Jonathan M. McCune, and Chenxi Wang.
ACM Workshop on Rapid Malcode (WORM),
2004. (PDF, BIB)
- Power-Efficient Adaptable Wireless Sensor Networks.
John Lach, David Evans, Jon McCune, Jason Brandon. Military
and Aerospace Programmable Logic Devices (MAPLD)
International Conference, 2003. ( web
)
- Behavior Combination and Swarm Programming.
Keen
Browne, Jon McCune, Adam Trost, et al. Lecture Notes in Computer
Science, Springer-Verlag Heidelberg. February 2002. ( web
)
Journal Articles
- SPATE: Small-Group PKI-Less Authenticated Trust
Establishment.
Yue-Hsun Lin, Ahren Studer, Yao-Hsin Chen,
Hsu-Chun Hsiao, Li-Hsiang Kuo, Jason Lee, Jonathan M. McCune,
King-Hang Wang, Maxwell Krohn, Phen-Lan Lin, Adrian Perrig, Hung-Min
Sun, and Bo-Yin Yang. IEEE Transactions on
Mobile Computing. Volume 9, Issue 12, December 2010. ( PDF, BIB )
- Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri,
Adrian Perrig, and Leendert Van Doorn.
ACM SIGOPS Operating System
Review Special Edition on Computer Forensics. Volume 42, Issue
3, April
2008. ( PDF,
BIB )
An early version appeared as CMU Cylab Technical Report
CMU-CyLab-07-001, January 2007, having grown out of a course project described in
Technical Report CMU-CS-05-201.
- Seeing is Believing: Using Camera Phones for
Human-Verifiable Authentication.
Jonathan M. McCune,
Adrian Perrig, and Michael K. Reiter.
International Journal of Security and Networks Special Issue on
Secure Spontaneous Interaction. 4(1-2):43-56,
2009. ( PDF, BIB
)
This work extends our 2005 IEEE S&P paper and
Technical Report CMU-CS-04-174.
Technical Reports
- MiniBox: A Two-Way Sandbox for x86 Native Code.
Yanlin Li, Adrian Perrig, Jonathan M. McCune, James Newsome, Brandon
Baker, and Will Drewry. CMU CyLab Technical Report
CMU-CyLab-14-001, February, 2014.
- Design, Development and Automated Verification of an
Integrity-Protected Hypervisor.
Sagar Chaki, Amit Vasudevan,
Limin Jia, Jonathan M. McCune, and Anupam Datta. CMU CyLab
Technical Report CMU-CyLab-12-017,
July, 2012.
- Design and Implementation of an eXtensible and Modular
Hypervisor Framework.
Amit Vasudevan, Jonathan M.
McCune, and James Newsome. CMU CyLab Technical Report CMU-CyLab-12-014,
June, 2012.
- Trustworthy Execution on Mobile Devices: What security
properties can my mobile platform give me?
Amit Vasudevan,
Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan McCune.
CMU CyLab Technical Report CMU-CyLab-11-023,
November, 2011.
- Memoir---Formal Specs and Correctness Proofs.
John
R. Douceur, Jacob R. Lorch, Bryan Parno, James Mickens, and Jonathan
M. McCune. MSR-TR-2011-19,
February 2011.
- Trust and Trusted Computing Platforms.
David Fisher, Jonathan M. McCune, Archie D. Andrews.
Technical Report CMU/SEI-2011-TN-005,
Software Engineering Institute, Carnegie Mellon University,
January 2011.
- Contractual Anonymity.
Edward J. Schwartz, David
Brumley, Jonathan M. McCune. Technical Report CMU-CS-09-144,
School of Computer Science, Carnegie Mellon University, September
2009.
- Efficient TCB Reduction and Attestation.
Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil
D. Gligor, Adrian Perrig. CMU CyLab Technical Report
CMU-CyLab-09-003, March, 2009.
- An Execution Infrastructure for TCB Minimization.
Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter,
and Hiroshi Isozaki. CMU Cylab Technical Report
CMU-CyLab-07-018, December 2007
- Remote Detection of Virtual Machine Monitors with Fuzzy
Benchmarking.
Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri,
Adrian Perrig, and Leendert van Doorn. CMU Cylab Technical Report
CMU-CyLab-07-001, January 2007
- Bump in the Ether: A Framework for Securing Sensitive User
Input.
Jonathan M. McCune, Adrian Perrig, Michael K. Reiter.
CMU Cylab Technical Report CMU-Cylab-05-007,
December 2005.
- Device-Enabled Authorization in the Grey System.
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael
K. Reiter, Jason Rouse, and Peter Rutenbar. Technical
Report CMU-CS-05-111 (PDF)
School of Computer Science, Carnegie Mellon University, February
2005.
- Seeing is Believing: Using Camera Phones for
Human-Verifiable Authentication.
Jonathan M. McCune,
Adrian Perrig, and Michael K. Reiter. Technical Report CMU-CS-04-174,
School of Computer Science, Carnegie Mellon University, November
2004.
Patents
- Methods and apparatuses for user-verifiable trusted path in the presence of malware.
Jonathan M. McCune, Adrian Perrig, Anupam Datta, Virgil D. Gligor, Ning Qu.
US Patent 8,832,778
(Google Patents link) September 2014.
- Methods and apparatuses for user-verifiable execution of security-sensitive code.
Jonathan McCune, Adrian Perrig, Anupam Datta, Virgil Gligor, Yanlin Li, Bryan Parno, Amit Vasudevan, Ning Qu.
US Patent 8,627,414 (Google Patents link |
WIPO link) January 2014.
- Other patents pending
Talks
Conference
- TrustVisor: Efficient TCB Reduction and Attestation.
(IEEE S&P, Oakland, CA, May, 2010)
- Safe Passage for Passwords and Other Sensitive Data. NDSS,
February 2009.
- How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution.
ASPLOS, March 2008. ( PPT )
- Shamon: A System for Distributed Mandatory Access Control (ACSAC, Miami Beach, FL, December, 2006) ( pdf )
- Bump in the Ether: A Framework for Securing Sensitive User Input (Usenix ATC, Boston, MA, June, 2006) ( pdf )
- Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication (IEEE S&P, Oakland, CA, May, 2005) ( pdf )
- Power Efficient Adaptable Sensor Networks (MAPLD, Washington, DC,
September, 2003)
PhD Thesis
Links
|