CS/CIS Event: Protecting Vehicular Over-the-air Software Updates From Nation-state Actors


The presentation is sponsored by:

    IEEE Rochester Section: Computer and Computational Intelligence Societies Joint Chapter

    (CS/CIS) and RIT's Computer Science Colloquium & Global Cybersecurity Institute Colloquium.



This talk describes Uptane, the first compromise-resilient security system for over-the-air updates for the computerized units of automobiles. Uptane can thwart attacks from malicious actors who can compromise servers and networks at the manufacturing level. Hence, it is designed to be resilient even to the best efforts of nation state attackers. Uptane is integrated into Automotive Grade Linux, an open source system currently used by many large OEMs, and has also been adopted by a number of U.S. and international manufacturers. Within the next few years, more than one-third of new cars on U.S. roads will include Uptane. Uptane is also an IEEE/ISTO standard and is currently hosted by the Joint Development Foundation of the Linux Foundation. The Uptane Standards document is freely available and can be accessed free of charge. Other materials, including technical papers, security audits, and a public reference implementation are also freely available for all to use.

  Date and Time




  • RIT
  • 152 Lomb Memorial Dr.
  • Rochester, New York
  • United States 14623
  • Building: Golisano Hall -- Bldg 70 (GOL)
  • Room Number: 2455
  • Click here for Map
  • Co-sponsored by RIT's Computer Science Colloquium & Global Cybersecurity Institute Colloquium


Justin Cappos
Justin Cappos of New York University


Protecting Vehicular Over-the-air Software Updates From Nation-state Actors


Justin Cappos is an associate professor in the Computer Science and Engineering department at New York University. Justin's research focuses on practical systems security research advances that can be used in production.

His research advances are adopted into production use by Docker, git, Google, Python, VMware, automobiles, Cloudflare, Microsoft, Digital Ocean, and most Linux distributions. Due to the practical impact of his work, Justin was named to Popular Science's Brilliant 10 list in 2013.


11:00 a.m. to 12:00 p.m. -- Presentation

12:00 p.m. to 12:15 p.m. -- Pizza

Note: no advance registration required


RIT visitor parking suggestions:

    1) Stop at the welcome center and obtain visitor parking permit -- [Google map]

    2) Then park at Visitor Parking in the J-lot -- [Google map]

Additional Links:

  IEEE meeting entry : https://events.vtools.ieee.org/m/210522

  CS/CIS website / venue info:   http://ewh.ieee.org/r1/rochester/computer/

   flyer (printable): http://ewh.ieee.org/r1/rochester/computer/2019/20191125/Cappos.20191125.pdf