Publications

Below are publications by members of the SHARPS team.

Decision Support for Data Segmentation (DS2): Application to Pull Architectures for HIE
Carl A. Gunter, Mike Berry, and Martin French.
Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech ’14), San Diego, August 2014.

Temporal Mode-Checking of Runtime Monitoring of Privacy Policies
Omar Chowdhury, Limin Jia, Deepak Garg, and Anupam Datta.
Proceedings of 26th CAV, July 2014.

Diagnosis Based Specialist Identification in the Hospital
Xun Lu
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Decision Support for Data Segmentation (DS2): Contextual Integrity Considerations
Martin French, Helen Nissenbaum, Mike Berry, Noam Arzt, and Carl A. Gunter.

Decision Support for Data Segmentation (DS2): Technical and Architectural Considerations
Mike Berry, Noam Arzt, Carl Gunter, and Daryl Chertcoff.

A Wearable System That Knows Who Wears It
Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz
In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 55-67, June, 2014. DOI 10.1145/2594368.2594369.

Diagnosis Based Specialist Identification in the Hospital
Xun Lu
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks
Michael Rushanan, Colleen Swanson, Denis Foo Kune, and Aviel D. Rubin
Proceedings of the 35th Annual IEEE Symposium on Security and Privacy, May 2014.

ZEBRA: Zero-Effort Bilateral Recurring Authentication
Shrirang Mare, Andres Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz
In IEEE Symposium on Security & Privacy, pages 705-720, May, 2014. DOI 10.1109/SP.2014.51.

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware
Michael LeMay and Carl A. Gunter
arXiv:1404.3465 [cs.CR], April 2014.

Privacy Risk in Anonymized Heterogeneous Information Networks
Aston Zhang, Xing Xie, Kevin Chen-Chuan Chang, Carl A. Gunter, Jiawei Han, and XiaoFeng Wang
International Conference on Extending Database Technology (EDBT′14), March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android
Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A Gunter.
ISOC Network and Distributed Computing Security (NDSS 14), San Diego, CA, February 2014.

Machine-Generated Algorithms, Proofs and Software for the Batch Verification of Digital Signature Schemes
Joseph Ayo Akinyele, Matthew D. Green, Susan Hohenberger, and Matthew W. Pagano
Proceedings of the 19th ACM conference on Computer and Communications Security (CCS), 2012.
Pending publication in Journal of Computer Security (JCS), February 2014.

Vocal Resonance as a Passive Biometric
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, and David Kotz
Dartmouth Computer Science Technical Report TR2014-747, February 2014.

Design Challenges for Secure Implantable Medical Devices
Benjamin Ransford, Shane S. Clark, Denis Foo Kune, Kevin Fu, and Wayne P. Burleson
Security and Privacy for Implantable Medical Devices, 157-173, 2014

Charm: A Framework for Rapidly Prototyping Cryptosystems
Joseph Ayo Akinyele, Christina Garman, Ian M. Miers, Matthew W. Pagano, M. Rushanan, Matthew D. Green, and Aviel D. Rubin
Journal of Cryptographic Engineering (JCEN), 3(2); 111-128, 2013.

Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
He Zhang, Sanjay Mehrotra, David Liebovitz, Carl A. Gunter, and Bradley Malin
ACM Transactions on Management Information Systems (TMIS), volume 4, number 4, article 17, December 2013.

Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources
Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, Xiaofeng Wang, Carl A. Gunter, and Klara Nahrstedt.
ACM Computer and Communication Security (CCS ’13), Berlin Germany, November 2013.

Adaptive Regret Minimization in Bounded-Memory Games
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
Proceedings of 4th Conference on Decision and Game Theory for Security, November 2013.

Do Health Care Users Think Electronic Health Records Are Important for Themselves and Their Providers?
Denise L. Anthony and Celeste Campos-Castillo
AMIA Annual Symposium Proceedings, 42-49, November 2013.

Using SMT Solvers to Automate Design Tasks for Encryption and Signature Schemes
Joseph Ayo Akinyele, Matthew D. Green, and Susan Hohenberger
20th ACM conference on Computer and Communications Security (CCS), November 2013.

Building a Smarter Health and Wellness Future: Privacy and Security Challenges
Carl A. Gunter
Chapter 9 in: ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Using Soft Constraints in Joint Inference for Clinical Concept Recognition
Prateek Jindal and Dan Roth
International Conference on Empirical Methods in Natural Language Processing (EMNLP), October 2013.

Purpose Restrictions on Information Use
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
18th European Symposium on Research in Computer Security, September 2013.

Extraction of Events and Temporal Expressions from Clinical Narratives
Prateek Jindal and Dan Roth
Journal of Biomedical Informatics (JBI) – September 2013.

Detecting Privacy-Sensitive Events in Medical Text
Prateek Jindal, Dan Roth and Carl A. Gunter
UIUC CS Technical Report, September 2013.

Usable Security for Wireless Body-Area Networks
Cory Cornelius; PhD dissertation
Dartmouth Computer Science Technical Report TR2013-741, September 2013.

Litho-Aware and Low Power Design of a Secure Current-Based Physically Unclonable Function
Raghavan Kumar and Wayne Burleson
IEEE Symposium on Low Power Electronics Design, September 2013.

Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs
Eric Duffy, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin
USENIX Workshop on Health Information Technologies, August 2013.

Understanding the Challenges with Medical Data Segmentation for Privacy
Ellick M. Chan, Peifung E. Lam, and John C. Mitchell
USENIX Workshop on Health Information Technologies, August 2013.

PUF Modeling Attacks on Simulated and Silicon Data
Ulrich Ruhrmair, Jan Solter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jurgen Schmidhuber, Wayne Burleson, and Srinivas Devadas
International Association for Cryptologic Research, August 2013.

End-to-End Coreference Resolution for Clinical Narratives
Prateek Jindal and Dan Roth
International Joint Conference on Artificial Intelligence, August 2013.

Audit Games
Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia and Arunesh Sinha
International Joint Conference on Artificial Intelligence, August 2013.

Stealthy Dopant-Level Hardware Trojans
Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson
Workshop on Cryptographic Hardware and Embedded Systems, August 2013.

Facilitating Patient and Administrator Analyses of Electronic Health Record Accesses
Eric Duffy
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2013.

WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices
Shane S. Clark, Benjamin Ransford, Amir Rahmati,  Shane Guineau, Jacob Sorber, Wenyuan Xu, and Kevin Fu
USENIX Workshop on Health Information Technologies, August 2013.

Making the Invisible Visible: Analyzing the 510(k) Device Dependencies
Tingyi Wei, Denis Foo Kune, and Kevin Fu
USENIX Workshop on Health Information Technologies, August 2013.

Using Bowel Sounds to Create a Forensically-aware Insulin Pump System
Nathan Henry, Nathanael Paul, and Nicole McFarlane
USENIX Workshop on Health Information Technologies, August 2013.

Efficient E-cash in Practice: NFC-based Payments for Public Transportation Systems
Gesine Hinterwälder, Christian T. Zenger, Foteini Baldimtsi, Anna Lysyanskaya, Christof Paar and Wayne P. Burleson
13th Privacy Enhancing Technologies Symposium, July 2013.

Modeling and Detecting Anomalous Topic Access
Siddharth Gupta, Casey Hanson, Carl A. Gunter, Mario Frank, David Liebovitz, and Bradley Malin
IEEE Intelligence and Security Informatics, June 2013.

Evolving Role Definitions Through Permission Invocation Patterns
Wen Zhang, You Chen, Carl A. Gunter, David Liebovitz, and Bradley Malin
ACM Symposium on Access Control Models and Technologies, June 2013.

Balancing Security and Utility in Medical Devices?
Masoud Rostami, Wayne Burleson and Ari Juels
Design Automation Conference (DAC), June 2013.

Half-Wits: Software Techniques for Low-Voltage Probabilistic Storage on Microcontrollers with NOR Flash Memory
Mastooreh Salajegheh, Yue Wang and Anxio (Andrew) Jiang, Erik Learned-Miller and Kevin Fu
ACM Transactions on Embedded Computing Systems, June 2013.

Hide-n-Sense: Preserving Privacy Efficiently in Wireless mHealth
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius and David Kotz
Mobile Networks and Applications (MONET), 19(3):331-344, June 2014. Special issue on Wireless Technology for Pervasive Healthcare. DOI 10.1007/s11036-013-0447-x.

Information Flow Investigations: Extended Abstract
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
IEEE Computer Security Foundations Symposium, June 2013.

On-chip Lightweight Implementation of Reduced NIST Randomness Test Suite
Vikram Suresh, Daniele Antonioli, and Wayne Burleson
IEEE Symposium on Hardware-Oriented Security and Trust, 2013.

Modeling and Detecting Anomalous Topic Access in EMR Audit Logs
Siddharth Gupta
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
Denis Foo Kune, John Backesy, Shane S. Clarkz, Daniel Kramer, MD, Matthew Reynolds, MD, Kevin Fu, Yongdae Kimk, and Wenyuan Xu
34th Annual IEEE Symposium on Security and Privacy, May 2013.

A model-integrated authoring environment for privacy policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari and Janos Sztipanovits
Science of Computer Programming, May 2013.

A model-integrated authoring environment for privacy policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari and Janos Sztipanovits
Science of Computer Programming, May 2013.

PolicyForge: A Collaborative Environment for Formalizing Privacy Policies in Health Care
Andras Nadas, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, and Ann J. Olsen
Software Engineering in Health Care (SEHC), 5th International Workshop, May 2013.

Contextual Expectations of Privacy in Self-Generated Health Information Flows
Heather Patterson
Telecommunications Policy Research Conference, March 30, 2013.

Purpose Restrictions on Information Use
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
Carnegie Mellon University, Tech. Rep., CMU-CS-13-116, 2013.

Information Flow Investigations
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
Carnegie Mellon University, Tech. Rep. CMU-CS-13-118, March 2013.

Institutionalizing HIPAA Compliance: Organizations and Competing Logics in U.S. Healthcare Anthony
Denise, Ajit Appari, and M. Eric Johnson
Journal of Health & Social Behavior, 55(1):108 – 124, 2014.
[Policy Brief]

Privacy in Mobile Technology for Personal Healthcare
Sasikanth Avancha, Amit Baxi, and David Kotz
ACM Computing Surveys, volume 45, issue 1, March 2013.

A Provenance Framework for mHealth
Aarathi Prasad, Ronald Peterson, Shrirang Mare, Jacob Sorber, Kolin Paul, and David Kotz
Workshop on Networked Healthcare Systems, January 2013.

A Provenance Framework for mHealth
Aarathi Prasad, Ronald Peterson, Shrirang Mare, Jacob Sorber, Kolin Paul, and David Kotz
Workshop on Networked Healthcare Systems, pages 1-6. IEEE Computer Society Press, January 2013.

Mining Permission Request Patterns from Android and Facebook Applications
Mario Frank, Ben Dong, Adrienne Porter-Felt, and Dawn Song
IEEE International Conference on Data Mining, December 2012.
[full version]

Using Knowledge and Constraints to Find the Best Antecedent
Prateek Jindal and Dan Roth
International Conference on Computational Linguistics (COLING), December 2012.

Recognizing Whether Sensors are on the Same Body
Cory Cornelius and David Kotz
Journal of Pervasive and Mobile Computing (PMC), 8(6); 822-836, December 2012.

Audit Mechanisms for Provable Risk Management and Accountable Data Governance
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
Conference on Decision and Game Theory for Security (GameSec), November 2012.

A Provenance Framework for mHealth
Aarathi Prasad, Ronald Peterson, Jacob Sorber, and David Kotz
Workshop for Mobile Systems, Applications, and Services for Healthcare (mHealthSys) Poster Track, ACM Press, November 2012.

On the Expectations of Smart Cards to Reduce Medicare Fraud
Kevin Fu
Testimony to the Subcommittee on Health, Committee on Energy and Commerce, United States House of Representatives, Hearing on Examining Options to Combat Health Care Waste, Fraud and Abuses, Wednesday, November 28, 2012.

Modeling Privacy Aware Health Information Exchange Systems
Andras Nadas, Mark E. Frisse, and Janos Sztipanovits
International Workshop on Engineering EHR Solutions (WEES), October 2012.

Understanding Sharing Preferences and Behavior for mHealth Devices
Aarathi Prasad, Jacob Sorber, Timothy Stablein, Denise Anthony, and David Kotz
Workshop on Privacy in the Electronic Society (WPES), October 2012.

Report of Preliminary Findings and Recommendations
State of Illinois Health Information Exchange Authority Data Security and Privacy Committee
September 2012.

Accountings of Relationships
Joseph Lorenzo Hall, Benedicte Callan, and Helen Nissenbaum
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Security Risks, Low-tech User Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems
Nathanael Paul and Tadayoshi Kohno
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Tragedy of Anticommons in Digital Right Management of Medical Records
Quanyan Zhu, Carl Gunter, and Tamar Basar
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Vis-à-vis Cryptography: Private and Trustworthy In-Person Certifications
Ian M. Miers, Matthew Green, Christoph U. Lehmann, and Aviel D. Rubin
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Who Wears Me? Bioimpedance As A Passive Biometric
Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Potentia est Scientia: Security and Privacy Implications of Energy-Proportional Computing
Shane S. Clark, Benjamin Ransford, and Kevin Fu
USENIX Workshop on Hot Topics in Security (HotSec12), August 2012.

Fully Integrated Biochip Platforms for Advance Healthcare
Sandro Carrara, Sara Ghoreishzadeh, Jacopo Olivo, Irene Taurino, Camilla Baj-Rossi, Andrea Cavallini, Maaike Op de Beeck, Catherine Dehollain, Wayne Burleson, Francis Gabriel Moussy, Anthony Guiseppi-Elie, and Giovanni De Micheli
Sensors, volume 12, issue 8, pages 11013-11060, August 2012.

Current Events: Identifying Webpages by Tapping the Electrical Outlet
Shane S. Clark, Benjamin Ransford, Jacob Sorber, Wenyuan Xu, Erik Learned-Miller, and Kevin Fu
Technical Report UM-CS-2011-030, Department of Computer Science, University of Massachusetts Amherst, July 2012.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance
Daniel B. Kramer, Matthew Baker, Benjamin Ransford, Andres Molina-Markham, Quinn Stewart, Kevin Fu, and Matthew R. Reynolds
PLOS ONE, volume 7, issue 7, July 2012.

Using Domain Knowledge and Domain-Inspired Discourse Model for Coreference Resolution for Clinical Narratives
Prateek Jindal and Dan Roth
Journal of the American Medical Informatics Association, July 2012.

Design Challenges in Secure Implantable Medical Devices
Wayne Burleson, Shane S. Clark, Benjamin Ransford, and Kevin Fu
Design Automation Conference (DAC), June 2012.

Plug-n-Trust: Practical Trusted Sensing for mHealth
Jacob Sorber, Minho Shin, Ron Peterson, and David Kotz
International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2012.

Electronic Health Record-Based Monitoring of Primary Care Patients at Risk of Medication-Related Toxicity
David G. Bundy, Jill A. Marsteller, Albert W. Wu, Lilly D. Engineer, Sean M. Berenholtz, A. Harrison Caughey, David Silver, Jing Tian, Richard E. Thompson, Marlene R. Miller, and Christoph U. Lehmann
Joint Commision Journal on Quality and Patient Safety, volume 38, issue 5, pages 216-223, May 2012.

Formalizing and Enforcing Purpose Restrictions in Privacy Policies
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
IEEE Symposium on Security and Privacy, May 2012.
[full version] [software]

New Definitions and Separations for Circular Security
David Cash, Matthew Green, and Susan Hohenberger
IACR International Conference on Practice and Theory of Public-Key Cryptography, May 2012.

High Stakes: Designing a Privacy Preserving Registry
Alexei Czeskis and Jacob Appelbaum
Workshop on Usable Security (USEC12), March 2012.

Formalizing and Enforcing Purpose Restrictions
Michael Carl Tschantz
Ph.D. Dissertation, Carnegie Mellon University, Tech. Rep. CMU-CS-12-117, 2012.

Active Monitoring Using Real-Time Metric Linear Temporal Logic Specifications
Gabor Simko and Janos Sztipanovits
International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC12), February 2012.

An Amulet for Trustworthy Wearable mHealth
Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, and David Kotz
Workshop on Mobile Computing Systems and Applications (HotMobile12), February 2012.

Charm: A Framework for Rapidly Protyping Cryptosystems
Joseph A. Akinyele, Matthew D. Green, and Aviel D. Rubin
Annual Network & Distributed System Security Symposium, February 2012.

Exposing Privacy Concerns in mHealth Data Sharing
Aarathi Prasad
Master’s Thesis, Technical Report TR2012-711, Dartmouth College, Computer Science, February 2012.

Gay Males and Electronic Health Records: Privacy Perceptions, Age, and Negotiating Stigma (Abstract)
Timothy Stablein, Joseph Lorenzo Hall, Helen Nissenbaum, and Denise Anthony
Eastern Sociological Society Annual Meeting, February 2012.

Passive Biometrics for Pervasive Wearable Devices (Poster paper)
Cory Cornelius, Zachary Marois, Jacob Sorber, Ronald Peterson, Shrirang Mare, and David Kotz
Workshop on Mobile Computing Systems and Applications (HotMobile), February 2012.

Real-Time Human Pose Detection and Tracking for Tele-Rehabilitation in Virtual Reality
Štepán Obdrzálek, Gregorij Kurilo, Jay Han, Ted Abresch, and Ruzena Bajcsy
Studies in Health Technology and Informatics: Medicine Meets Virtual Reality 19, February 2012.

Regulation of Medical Devices in the United States and European Union
Daniel B. Kramer, Shuai Xu, and Aaron Kesselheim
The New England Journal of Medicine, February 2012.

Declarative Privacy Policy: Finite Models and Attribute-Based Encryption
Peifung E. Lam, John C. Mitchell, Andre Scedrov, Sharada Sundaram, and Frank Wang
ACM SIGHIT International Health Informatics Symposium (IHI12), January 2012.
[video] [source code] [virtual machine]

Analysis and Recommendations Concerning HHS Notice of Proposed Rulemaking Covering Changes to Accountings of Disclosure
Helen Nissenbaum and Joseph Lorenzo Hall
Letter to the Office of the National Coordinator for Health Information Technology, December 2011.

Learning from Negative Examples in Set-Expansion
Prateek Jindal and Dan Roth
IEEE International Conference on Data Mining (ICDM11), December 2011.

The Financial Impact of Health Information Exchange on Emergency Department Care
Mark E. Frisse, Kevin B. Johnson, Hui Nian, Coda L. Davison, Cynthia S. Gadd, Kim M. Unertl, Pat A. Turri, and Qingxia Chen
Journal of the American Medical Informatics Association (JAMIA), November 2011.

A Review of the Security of Insulin Pump Infusion Systems
Nathanael Paul, Tadayoshi Kohno, and David C. Klonoff
Journal of Diabetes Science and Technology, volume 5, issue 6, pages 1557-1562, November 2011.

Recent Results in Computer Security for Medical Devices
Shane S. Clark and Kevin Fu
ICST Conference on Wireless Mobile Communication and Healthcare (MobiHealth), October 2011.

Medication Administration Quality and Health Information Technology: A National Study of Hospitals
Ajit Appari, Emily K. Carian, M. Eric Johnson, and Denise L. Anthony
Journal of the American Medical Informatics Association (JAMIA), October 2011.

Reasoning about Metamodeling with Formal Specifications and Automatic Proofs
Ethan K. Jackson, Tihamer Levendovszky, and Daniel Balasubramanian
Model Driven Engineering Languages and Systems (MoDELS11), October 2011.

Role Prediction using Electronic Medical Record System Audits
Wen Zhang, Carl A. Gunter, David Liebovitz, Jian Tian, and Bradley Malin
AMIA 2011 Annual Symposium, October 2011.

Adapt-lite: Privacy-aware, Secure, and Efficient mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
Workshop on Privacy in the Electronic Society (WPES11), October 2011.

Securing Electronic Medical Records Using Attribute-Based Encryption On Mobile Devices
Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson, and Aviel D. Rubin
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM11), October 2011.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications
Deepak Garg, Limin Jia, and Anupam Datta
ACM Conference on Computer and Communications Security (CCS11), October 2011.

Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, September/October 2011.

Hide-n-Sense: Privacy-aware Secure mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
Technical Report TR2011-702, Department of Computer Science, Dartmouth College, September 2011.

A Contextual Approach to Privacy Online
Helen Nissenbaum
Dædalus, the Journal of the American Academy of Arts & Sciences, volume 140, issue 4, September 2011.

Outsourcing the Decryption of ABE Ciphertexts
Matthew Green, Susan Hohenberger, and Brent Waters
USENIX Security Symposium, August 2011.

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices (Awarded Best Paper)
Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu
ACM Special Interest Group on Data Communication (SIGCOMM11), August 2011.

Adaptive Security and Privacy for mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Audit Mechanisms for Privacy Protection in Healthcare Environments
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Exposing Privacy Concerns in mHealth
Aarathi Prasad, Jacob Sorber, Timothy Stablein, Denise Anthony, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

A Research Roadmap for Healthcare IT Security Inspired by the PCAST Health Information Technology Report
Matthew D. Green and Aviel D. Rubin
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices
Steven Hanna, Rolf Rolles, Andres Molina-Markham, Pongsin Poosankam, Kevin Fu, and Dawn Song
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Computerized Provider Order Entry in Pediatric Oncology: Design, Implementation, and Outcomes
Allen R. Chen and Christoph U. Lehmann
Journal of Oncology Practice, volume 7, issue 4, July 2011.

Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
IEEE Computer Security Foundations Symposium, June 2011.

Metadata Analysis Power Team Letter to the National Coordinator
Jonathan Perlin (Chair), John Halamka (Vice Chair) and the Metadata Analysis Power Team Committee Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, June 2011.

Recognizing Whether Sensors are on the Same Body
Cory Cornelius and David Kotz
International Conference on Pervasive Computing, Lecture Notes in Computer Science, June 2011.

Recognizing Whether Sensors are on the Same Body
Cory Cornelius and David Kotz
Proceedings of the International Conference on Pervasive Computing, volume 6696 of Lecture Notes in Computer Science, pages 332–349. Springer-Verlag, June 2011.

PCAST Workgroup Letter to the National Coordinator
Paul Egerman (Chair), Bill Stead (Vice Chair) and the PCAST Workgroup Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, April 2011.

Software Issues for the Medical Device Approval Process
Kevin Fu
Testimony submitted to the Special Committee on Aging US Senate Hearing
A Delicate Balance: FDA and the Reform of the Medical Device Approval Process, April 2011.

On the Semantics of Purpose Requirements in Privacy Policies
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
Carnegie Mellon University, Tech. Rep. CMU-CS-11-102, 2011

A Threat Taxonomy for mHealth Privacy
David Kotz
International Conference on Communication Systems and Networks (COMSNETS11), pages 1-6, January 2011.

Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws
Henry DeYoung, Deepak Garg, Limin Jia, Dilsun Kaynar, and Anupam Datta
Workshop on Privacy in the Electronic Society (WPES10), October 2010.

SHARPS 2010 Update of State Health Information Statutes
Denise Anthony, Dartmouth and Helen Nissenbaum, NYU
Update of 2002 Pritts Report:Part 1Part 2 to identify any changes in statutes in each state through October 2010.

Is Bluetooth the Right Technology for mHealth?
Shrirang Mare and David Kotz
USENIX Workshop on Health Security (HealthSec), August 2010.

Can I access your Data? Privacy Management in mHealth
Aarathi Prasad and David Kotz
USENIX Workshop on Health Security (HealthSec), August 2010.

Logical Specification of the GLBA and HIPAA Privacy Laws
Henry DeYoung, Deepak Garg, Dilsun Kaynar, and Anupam Datta
Carnegie Mellon University, CyLab Technical Report 10-007, April 2010.

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices
Tamara Denning, Alan Borning, Batya Friedman, Brian T. Gill, Tadayoshi Kohno, and William H. Maisel
ACM Conference on Human Factors in Computing Systems (CHI10), April 2010.

A Formalization of HIPAA for a Medical Messaging System
Peifung E. Lam, John C. Mitchell, and Sharada Sundaram
6th International Conference on Trust, Privacy & Security in Digital Business (TrustBus), 2009.

Privacy and Utility in Business Processes
Adam Barth, Anupam Datta, John C. Mitchell, and Sharada Sundaram
Proc. of the 20th IEEE Computer Security Foundations Symposium (CSF), 2007.

Privacy and Contextual Integrity: Framework and Applications
Adam Barth, Anupam Datta, John C. Mitchell, and Helen Nissenbaum
IEEE Symposium on Security and Privacy, 2006.