Diplomat: Using delegations to protect community repositories TK Kuppusamy, S Torres-Arias, V Diaz, J Cappos 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI …, 2016 | 63 | 2016 |
Sok: Analysis of software supply chain security by establishing secure design properties C Okafor, TR Schorlemmer, S Torres-Arias, JC Davis Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive …, 2022 | 45 | 2022 |
in-toto: Providing farm-to-table guarantees for bits and bytes S Torres-Arias, H Afzali, TK Kuppusamy, R Curtmola, J Cappos 28th USENIX Security Symposium (USENIX Security 19), 1393-1410, 2019 | 44 | 2019 |
Sigstore: Software signing for everybody Z Newman, JS Meyers, S Torres-Arias Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications …, 2022 | 41 | 2022 |
On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities S Torres-Arias, AK Ammula, R Curtmola, J Cappos 25th USENIX Security Symposium (USENIX Security 16), 379-395, 2016 | 36 | 2016 |
Commit signatures for centralized version control systems S Vaidya, S Torres-Arias, R Curtmola, J Cappos ICT Systems Security and Privacy Protection: 34th IFIP TC 11 International …, 2019 | 16 | 2019 |
Speranza: Usable, privacy-friendly software signing K Merrill, Z Newman, S Torres-Arias, KR Sollins Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications …, 2023 | 13 | 2023 |
Signing in four public software package registries: Quantity, quality, and influencing factors TR Schorlemmer, KG Kalu, L Chigges, KM Ko, EA Ishgair, S Bagchi, ... 2024 IEEE Symposium on Security and Privacy (SP), 1160-1178, 2024 | 12 | 2024 |
Rust for embedded systems: current state, challenges and open problems A Sharma, S Sharma, S Torres-Arias, A Machiry arXiv preprint arXiv:2311.05063, 2023 | 10 | 2023 |
le-git-imate: Towards verifiable web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Proceedings of the 2018 on Asia Conference on Computer and Communications …, 2018 | 9 | 2018 |
A Viewpoint on Knowing Software: Bill of Materials Quality When You See It S Torres-Arias, D Geer, JS Meyers IEEE Security & Privacy 21 (6), 50-54, 2023 | 6 | 2023 |
In-toto: Practical Software Supply Chain Security S Torres-Arias New York University Tandon School of Engineering, 2020 | 6 | 2020 |
What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake S Torres-Arias The Conversation 22, 2021 | 5 | 2021 |
Towards adding verifiability to web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Journal of Computer Security 28 (4), 405-436, 2020 | 4 | 2020 |
An Industry Interview Study of Software Signing for Supply Chain Security KG Kalu, T Singla, C Okafor, S Torres-Arias, JC Davis arXiv preprint arXiv:2406.08198, 2024 | 3 | 2024 |
Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager PC Amusuo, KA Robinson, S Torres-Arias, L Simon, JC Davis arXiv preprint arXiv:2310.14117, 2023 | 3 | 2023 |
Towards verifiable web-based code review systems H Afzali, S Torres-Arias, R Curtmola, J Cappos Journal of Computer Security 31 (2), 153-184, 2023 | 3 | 2023 |
Rust for Embedded Systems: Current State and Open Problems A Sharma, S Sharma, SR Tanksalkar, S Torres-Arias, A Machiry Proceedings of the 2024 on ACM SIGSAC Conference on Computer and …, 2024 | 2 | 2024 |
SoK: A Defense-Oriented Evaluation of Software Supply Chain Security EA Ishgair, MS Melara, S Torres-Arias arXiv preprint arXiv:2405.14993, 2024 | 2 | 2024 |
Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines R Chandramouli, F Kautz, S Torres Arias https://doi.org/10.6028/NIST.SP.800-204D, 2024 | 2 | 2024 |