Contact Information

Email: jonmccune@cmu.edu
Curriculum Vitae: pdf
Biography: html
Personal: jonmccune.net

Research Areas and Projects

• Trusted Computing technology
• Operating system and virtualization security
• Authentication in ad hoc networks
• Open-source: eXtensible, Modular Hypervisor Framework (includes TrustVisor!)
• Open-source: Flicker: Minimal TCB Code Execution
• Open-source: SafeSlinger: Easy-to-Use and Secure Public-Key Exchange

Publications in Conferences and Workshops

• MiniBox: A Two-Way Sandbox for x86 Native Code.
  Yanlin Li, Jonathan M. McCune, James Newsome, Adrian Perrig, Brandon Baker, and Will Drewry. USENIX Annual Technical Conference, June, 2014. ( PDF, BIB ) An early version appears as CMU Cylab Technical Report CMU-CyLab-14-001, February 2014.
• Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework. Amit Vasudevan, Sagar Chaki, Limin Jia, Jonathan McCune, James Newsome, and Anupam Datta. IEEE Symposium on Security and Privacy, May, 2013. ( PDF, BIB )
• OASIS: On Achieving a Sanctuary for Integrity and Secrecy on Untrusted Platforms.
  Emmanuel Owusu, Jorge Guajardo, Jonathan McCune, Jim Newsome, Adrian Perrig, and Amit Vasudevan. ACM Conference on Computer and Communications Security (CCS), November, 2013. ( PDF, BIB )
• SafeSlinger: Easy-to-Use and Secure Public-Key Exchange.
  Michael Farb, Yue-Hsun Lin, Tiffany Hyun-Jin Kim, Jonathan M. McCune, and Adrian Perrig. ACM Conference on Mobile Computing and Networking (MobiCom), September 2013. ( PDF, BIB )
• Trustworthy Execution on Mobile Devices: What security properties can my mobile platform give me?
  Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. Trust and Trustworthy Computing (Trust 2012) ( PDF, BIB )
• Building Verifiable Trusted Path on Commodity x86 Computers.
  Zongwei Zhou, Virgil D. Gligor, James Newsome, and Jonathan M. McCune. IEEE Symposium on Security and Privacy, May 2012. ( PDF, BIB )
• CARMA: A Hardware Tamper-Resistant Isolated Execution Environment on Commodity x86 Platforms.
  Amit Vasudevan, Jonathan M. McCune, James Newsome, Adrian Perrig, and Leendert van Doorn. ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2012. ( PDF, BIB )
• Parametric Verification of Address Space Separation.
  Jason Franklin, Sagar Chaki, Anupam Datta, Jonathan M. McCune, and Amit Vasudevan. Conference on Principles of Security and Trust (POST), March 2012. ( PDF, BIB )
• VIPER: Verifying the Integrity of PERipherals' Firmware.
  Yanlin Li, Jonathan M. McCune, and Adrian Perrig. ACM Conference on Computer and Communications Security (CCS), October 2011. ( PDF, BIB )
• Uni-directional Trusted Path: Transaction Confirmation on Just One Device.
  Atanas Filyanov, Jonathan M. McCune, Ahmad-Reza Sadeghi, and Marcel Winandy. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), June 2011. ( PDF, BIB )
• Memoir: Practical State Continuity for Protected Modules.
  Bryan Parno, Jacob R. Lorch, John R. Douceur, James Mickens, and Jonathan M. McCune. IEEE Symposium on Security and Privacy, May 2011. ( PDF, BIB )
• Usability Testing a Malware-Resistant Input Mechanism.
  Alana Libonati, Jonathan M. McCune, and Michael K. Reiter Network and Distributed System Security Symposium (NDSS 2011), February 2011. ( PDF, BIB )
• Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture.
  Amit Vasudevan, Jonathan M. McCune, Ning Qu, Leendert van Doorn and Adrian Perrig Trust and Trustworthy Computing (Trust 2010), June 2010. ( PDF, BIB )
• SBAP: Software-Based Attestation for Peripherals.
  Yanlin Li, Jonathan M. McCune and Adrian Perrig Trust and Trustworthy Computing (Trust 2010), June 2010. ( PDF, BIB )
• TrustVisor: Efficient TCB Reduction and Attestation.
  Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, and Adrian Perrig. IEEE Symposium on Security and Privacy, May 2010. ( PDF, BIB, src )
• Bootstrapping Trust in Commodity Computers.
  Bryan Parno, Jonathan M. McCune, and Adrian Perrig. IEEE Symposium on Security and Privacy, May 2010. ( PDF, BIB )
• A Contractual Anonymity System.
  Edward J. Schwartz, David Brumley, and Jonathan M. McCune. Network and Distributed System Security Symposium (NDSS), February 2010. ( PDF, BIB )
• SPATE: Small-group PKI-less Authenticated Trust Establishment.
  Yue-Hsun Lin, Ahren Studer, Hsu-Chin Hsiao, Jonathan M. McCune, King-Hang Wang, Maxwell Krohn, Phen-Lan Lin, Adrian Perrig, Hung-Min Sun, and Bo-Yin Yang. Conference on Mobile Systems, Applications and Services (MobiSys), June 2009. ( PDF, BIB ) Best Paper Award.
• CLAMP: Practical Prevention of Large-Scale Data Leaks.
  Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, and Adrian Perrig. IEEE Symposium on Security and Privacy, May 2009. ( PDF, BIB )
• Safe Passage for Passwords and Other Sensitive Data.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Network and Distributed System Security Symposium (NDSS), February 2009. ( PDF, BIB )
• GAnGS: Gather, Authenticate, and Group Securely.
  Chia-Hsin Owen Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai, Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, and Tzong-Chen Wu. The International Conference on Mobile Computing and Networking (Mobicom), September 2008. ( PDF, BIB )
• Flicker: An Execution Infrastructure for TCB Minimization.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. The European Conference on Computer Systems (EuroSys), April 2008. ( PDF, BIB, src )
• How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter and Arvind Seshadri. Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2008. ( PDF, BIB )
• Turtles All the Way Down: Research Challenges in User-Based Attestation.
  Jonathan M. McCune, Adrian Perrig, Arvind Seshadri, and Leendert van Doorn. USENIX Workshop on Hot Topics in Security (HotSec '07) , August 2007. ( PDF, BIB)
• Minimal TCB Code Execution (Extended Abstract).
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. IEEE Symposium on Security and Privacy, May 2007. ( PDF, BIB)
• Shamon: A System for Distributed Mandatory Access Control.
  Jonathan M. McCune, Stefan Berger, Ramón Cáceres, Trent Jaeger, Reiner Sailer. Annual Computer Security Applications Conference, December, 2006. ( PDF, BIB )
• Bump in the Ether: A Framework for Securing Sensitive User Input.
  Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. USENIX Annual Technical Conference, May 2006. ( PDF, BIB) An early version appears as CMU Cylab Technical Report CMU-Cylab-05-007, December 2005.
• Device-Enabled Authorization in the Grey System.
  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. 8th Information Security Conference, July 2005. (PDF, BIB) Full version appears as Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005.
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. ( PDF, BIB) An early version appears as Computer Science Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004.
• Detection of Denial-of-Message Attacks on Sensor Network Broadcasts.
  Jonathan M. McCune, Elaine Shi, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy, May 2005. (PDF, BIB)
• A Study of Mass-mailing Worms.
  Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang. ACM Workshop on Rapid Malcode (WORM), 2004. (PDF, BIB)
• Power-Efficient Adaptable Wireless Sensor Networks.
  John Lach, David Evans, Jon McCune, Jason Brandon. Military and Aerospace Programmable Logic Devices (MAPLD) International Conference, 2003. ( web )
• Behavior Combination and Swarm Programming.
  Keen Browne, Jon McCune, Adam Trost, et al. Lecture Notes in Computer Science, Springer-Verlag Heidelberg. February 2002. ( web )

Journal Articles

• SPATE: Small-Group PKI-Less Authenticated Trust Establishment.
  Yue-Hsun Lin, Ahren Studer, Yao-Hsin Chen, Hsu-Chun Hsiao, Li-Hsiang Kuo, Jason Lee, Jonathan M. McCune, King-Hang Wang, Maxwell Krohn, Phen-Lan Lin, Adrian Perrig, Hung-Min Sun, and Bo-Yin Yang. IEEE Transactions on Mobile Computing. Volume 9, Issue 12, December 2010. ( PDF, BIB )
• Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
  Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert Van Doorn. ACM SIGOPS Operating System Review Special Edition on Computer Forensics. Volume 42, Issue 3, April 2008. ( PDF, BIB )
  An early version appeared as CMU Cylab Technical Report CMU-CyLab-07-001, January 2007, having grown out of a course project described in Technical Report CMU-CS-05-201.
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. International Journal of Security and Networks Special Issue on Secure Spontaneous Interaction. 4(1-2):43-56, 2009. ( PDF, BIB )
  This work extends our 2005 IEEE S&P paper and Technical Report CMU-CS-04-174.

Technical Reports

• MiniBox: A Two-Way Sandbox for x86 Native Code.
  Yanlin Li, Adrian Perrig, Jonathan M. McCune, James Newsome, Brandon Baker, and Will Drewry. CMU CyLab Technical Report CMU-CyLab-14-001, February, 2014.
• Design, Development and Automated Verification of an Integrity-Protected Hypervisor.
  Sagar Chaki, Amit Vasudevan, Limin Jia, Jonathan M. McCune, and Anupam Datta. CMU CyLab Technical Report CMU-CyLab-12-017, July, 2012.
• Design and Implementation of an eXtensible and Modular Hypervisor Framework.
  Amit Vasudevan, Jonathan M. McCune, and James Newsome. CMU CyLab Technical Report CMU-CyLab-12-014, June, 2012.
• Trustworthy Execution on Mobile Devices: What security properties can my mobile platform give me?
  Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan McCune. CMU CyLab Technical Report CMU-CyLab-11-023, November, 2011.
• Memoir---Formal Specs and Correctness Proofs.
  John R. Douceur, Jacob R. Lorch, Bryan Parno, James Mickens, and Jonathan M. McCune. MSR-TR-2011-19, February 2011.
• Trust and Trusted Computing Platforms.
  David Fisher, Jonathan M. McCune, Archie D. Andrews. Technical Report CMU/SEI-2011-TN-005, Software Engineering Institute, Carnegie Mellon University, January 2011.
• Contractual Anonymity.
  Edward J. Schwartz, David Brumley, Jonathan M. McCune. Technical Report CMU-CS-09-144, School of Computer Science, Carnegie Mellon University, September 2009.
• Efficient TCB Reduction and Attestation.
  Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil D. Gligor, Adrian Perrig. CMU CyLab Technical Report CMU-CyLab-09-003, March, 2009.
• An Execution Infrastructure for TCB Minimization.
  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. CMU Cylab Technical Report CMU-CyLab-07-018, December 2007
• Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking.
  Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, and Leendert van Doorn. CMU Cylab Technical Report CMU-CyLab-07-001, January 2007
• Bump in the Ether: A Framework for Securing Sensitive User Input.
  Jonathan M. McCune, Adrian Perrig, Michael K. Reiter. CMU Cylab Technical Report CMU-Cylab-05-007, December 2005.
• Device-Enabled Authorization in the Grey System.
  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar. Technical Report CMU-CS-05-111 (PDF) School of Computer Science, Carnegie Mellon University, February 2005.
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication.
  Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. Technical Report CMU-CS-04-174, School of Computer Science, Carnegie Mellon University, November 2004.

Talks

• TrustVisor: Efficient TCB Reduction and Attestation. (IEEE S&P, Oakland, CA, May, 2010)
• Safe Passage for Passwords and Other Sensitive Data. NDSS, February 2009. ( PPT )
• How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution. ASPLOS, March 2008. ( PPT )
• Shamon: A System for Distributed Mandatory Access Control (ACSAC, Miami Beach, FL, December, 2006) ( pdf )
• Bump in the Ether: A Framework for Securing Sensitive User Input (Usenix ATC, Boston, MA, June, 2006) ( pdf )
• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication (IEEE S&P, Oakland, CA, May, 2005) ( pdf )
• Power Efficient Adaptable Sensor Networks (MAPLD, Washington, DC, September, 2003)

Program Committee Service

• 2013 International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)
• 2013 Network and Distributed System Security Symposium (NDSS)
• 2012 Workshop on Scalable Trusted Computing (STC)
• 2012 ACM Cloud Computing Security Workshop (CCSW)
• 2012 USENIX Workshop on Hot Topics in Security (HotSec)
• 2012 USENIX Security Symposium
• TRUST 2012: International Conference on Trust and Trustworthy Computing
• 2012 IEEE Symposium on Security and Privacy (Oakland)
• 2011 Workshop on Scalable Trusted Computing (STC)
• TRUST 2011: International Conference on Trust and Trustworthy Computing, General Co-Chair
• 2011 IEEE Symposium on Security and Privacy (Oakland)
• 2011 International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use
• 2010 Workshop on Scalable Trusted Computing (STC)
• 2010 IEEE Symposium on Security and Privacy (Oakland)
• 2010 International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use
• TRUST 2010: International Conference on Trust and Trustworthy Computing
• 2009 Workshop on Scalable Trusted Computing (STC)

PhD Thesis

• Reducing the Trusted Computing Base for Applications on Commodity Systems
• Received the CMU A. G. Jordan thesis award.

Co-Advisor: Mike Reiter ( web )
Co-Advisor: Adrian Perrig ( web )
Committee Member: Greg Ganger ( web )
Committee Member: Leendert van Doorn ( web )

Past Projects' Web Pages

• Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication
• Grey: Access Control System for Mobile Devices

Links

• Cylab Student Seminar
• Seminal Papers in Security
• Early Computer Security Papers
• Guofei Gu's Security Conference Rankings and Statistics
• Access control via WebISO


• Tartan Crew!


• David Evans' Home Page
• Wahoo Wunderkind
• The University of Virginia
• UVAMBC