| Diplomat: Using delegations to protect community repositories TK Kuppusamy, S Torres-Arias, V Diaz, J Cappos 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI …, 2016 | 51 | 2016 |
| in-toto: Providing farm-to-table guarantees for bits and bytes S Torres-Arias, H Afzali, TK Kuppusamy, R Curtmola, J Cappos 28th USENIX Security Symposium (USENIX Security 19), 1393-1410, 2019 | 25 | 2019 |
| On omitting commits and committing omissions: Preventing git metadata tampering that (re) introduces software vulnerabilities S Torres-Arias, AK Ammula, R Curtmola, J Cappos 25th USENIX Security Symposium (USENIX Security 16), 379-395, 2016 | 24 | 2016 |
| Sok: Analysis of software supply chain security by establishing secure design properties C Okafor, TR Schorlemmer, S Torres-Arias, JC Davis Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive …, 2022 | 15 | 2022 |
| Sigstore: software signing for everybody Z Newman, JS Meyers, S Torres-Arias Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications …, 2022 | 14 | 2022 |
| Commit signatures for centralized version control systems S Vaidya, S Torres-Arias, R Curtmola, J Cappos ICT Systems Security and Privacy Protection: 34th IFIP TC 11 International …, 2019 | 10 | 2019 |
| What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake S Torres-Arias The Conversation 22, 2021 | 4 | 2021 |
| In-toto: Practical Software Supply Chain Security S Torres-Arias New York University Tandon School of Engineering, 2020 | 4 | 2020 |
| le-git-imate: Towards verifiable web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Proceedings of the 2018 on Asia Conference on Computer and Communications …, 2018 | 4 | 2018 |
| COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs K Gallagher, S Torres-Arias, N Memon, J Feldman New Security Paradigms Workshop, 13-27, 2021 | 2 | 2021 |
| Towards adding verifiability to web-based Git repositories H Afzali, S Torres-Arias, R Curtmola, J Cappos Journal of Computer Security 28 (4), 405-436, 2020 | 2 | 2020 |
| Speranza: Usable, privacy-friendly software signing K Merrill, Z Newman, S Torres-Arias, K Sollins arXiv preprint arXiv:2305.06463, 2023 | 1 | 2023 |
| PolyPasswordHasher: Improving Password Storage Security. S Torres-Arias, J Cappos login Usenix Mag. 39 (6), 2014 | 1* | 2014 |
| SCORED'23: Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses M Melara, S Torres-Arias, L Simon Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications …, 2023 | | 2023 |
| A Viewpoint on Software Supply Chain Security: Are We Getting Lost in Translation? MS Melara, S Torres-Arias IEEE Security & Privacy 21 (6), 55-58, 2023 | | 2023 |
| Rust for Embedded Systems: Current State, Challenges and Open Problems A Sharma, S Sharma, S Torres-Arias, A Machiry arXiv preprint arXiv:2311.05063, 2023 | | 2023 |
| A Viewpoint on Knowing Software: Bill of Materials Quality When You See It S Torres-Arias, D Geer, JS Meyers IEEE Security & Privacy 21 (06), 50-54, 2023 | | 2023 |
| Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild H Dong, H Shu, V Prakash, Y Zhang, MT Paracha, D Choffnes, ... Proceedings of the 2023 ACM on Internet Measurement Conference, 457-477, 2023 | | 2023 |
| Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager PC Amusuo, KA Robinson, S Torres-Arias, L Simon, JC Davis arXiv preprint arXiv:2310.14117, 2023 | | 2023 |
| Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines R Chandramouli, F Kautz, S Torres Arias National Institute of Standards and Technology, 2023 | | 2023 |
