Publications

Below are details on selected background publications by members of the SHARPS team.

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android,
Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A Gunter.
ISOC Network and Distributed Computing Security (NDSS 14), San Diego, CA, February 2014.

Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources,
Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, Xiaofeng Wang Carl A. Gunter, Klara Nahrstedt.
ACM Computer and Communication Security (CCS ’13), Berlin Germany, November 2013.

Building a Smarter Health and Wellness Future: Privacy and Security Challenges
Carl A. Gunter
Chapter 9 in: ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Using Soft Constraints in Joint Inference for Clinical Concept Recognition
Prateek Jindal and Dan Roth
International Conference on Empirical Methods in Natural Language Processing (EMNLP), October 2013.

Purpose Restrictions on Information Use
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
18th European Symposium on Research in Computer Security, September 2013.

Extraction of Events and Temporal Expressions from Clinical Narratives
Prateek Jindal and Dan Roth
Journal of Biomedical Informatics (JBI) – September 2013.

Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs
Eric Duff y, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin
USENIX Workshop on Health Information Technologies, August 2013.

Understanding the Challenges with Medical Data Segmentation for Privacy
Ellick M. Chan, Peifung E. Lam, and John C. Mitchell
USENIX Workshop on Health Information Technologies, August 2013.

PUF Modeling Attacks on Simulated and Silicon Data
Ulrich Ruhrmair, Jan Solter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jurgen Schmidhuber, Wayne Burleson, and Srinivas Devadas
International Association for Cryptologic Research, August 2013.

End-to-End Coreference Resolution for Clinical Narratives
Prateek Jindal and Dan Roth
International Joint Conference on Artificial Intelligence, August 2013.

Audit Games
Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia and Arunesh Sinha
International Joint Conference on Artificial Intelligence, August 2013.

Stealthy Dopant-Level Hardware Trojans
Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson
Workshop on Cryptographic Hardware and Embedded Systems, August 2013.

Efficient E-cash in Practice: NFC-based Payments for Public Transportation Systems
Gesine Hinterwälder, Christian T. Zenger, Foteini Baldimtsi, Anna Lysyanskaya, Christof Paar and Wayne P. Burleson
13th Privacy Enhancing Technologies Symposium, July 2013.

Modeling and Detecting Anomalous Topic Access
Siddharth Gupta, Casey Hanson, Carl A. Gunter, Mario Frank, David Liebovitz, and Bradley Malin
IEEE Intelligence and Security Informatics, June 2013.

Evolving Role Definitions Through Permission Invocation Patterns
Wen Zhang, You Chen, Carl A. Gunter, David Liebovitz, and Bradley Malin
ACM Symposium on Access Control Models and Technologies, June 2013.

Balancing Security and Utility in Medical Devices?
Masoud Rostami, Wayne Burleson and Ari Juels
DAC, June 2013.

Half-Wits: Software Techniques for Low-Voltage Probabilistic Storage on Microcontrollers with NOR Flash Memory
Mastooreh Salajegheh, Yue Wang and Anxio (Andrew) Jiang, Erik Learned-Miller and Kevin Fu
ACM Transactions on Embedded Computing Systems, June 2013.

Hide-n-Sense: Preserving Privacy Efficiently inWireless mHealth
Shrirang Mare , Jacob Sorber , Minho Shin, Cory Cornelius and David Kotz
Mobile Networks and Applications, June 2013.

Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
Denis Foo Kune, John Backesy, Shane S. Clarkz, Daniel Kramer, MD, Matthew Reynolds, MD,Kevin Fu, Yongdae Kimk, and Wenyuan Xu
34th Annual IEEE Symposium on Security and Privacy, May 2013.

A model-integrated authoring environment for privacy policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari and Janos Sztipanovits
Science of Computer Programming, May 2013.

Privacy in Mobile Technology for Personal Healthcare
Sasikanth Avancha, Amit Baxi, and David Kotz
ACM Computing Surveys, volume 45, issue 1, March 2013.

Provenance Framework for mHealth
Aarathi Prasad, Ronald Peterson, Shrirang Mare, Jacob Sorber, Kolin Paul, and David Kotz
Workshop on Networked Healthcare Systems, January 2013.

Mining Permission Request Patterns from Android and Facebook Applications
Mario Frank, Ben Dong, Adrienne Porter-Felt, and Dawn Song
IEEE International Conference on Data Mining, December 2012.
[full version]

Using Knowledge and Constraints to Find the Best Antecedent
Prateek Jindal and Dan Roth
International Conference on Computational Linguistics (COLING), December 2012.

Audit Mechanisms for Provable Risk Management and Accountable Data Governance
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
Conference on Decision and Game Theory for Security (GameSec), November 2012. 

Modeling Privacy Aware Health Information Exchange Systems
Andras Nadas, Mark E. Frisse, and Janos Sztipanovits
International Workshop on Engineering EHR Solutions (WEES), October 2012.

Understanding Sharing Preferences and Behavior for mHealth Devices
Aarathi Prasad, Jacob Sorber, Timothy Stablein, Denise Anthony, and David Kotz
Workshop on Privacy in the Electronic Society (WPES), October 2012.

Report of Preliminary Findings and Recommendations
State of Illinois Health Information Exchange Authority Data Security and Privacy Committee
September 2012.

Accountings of Relationships
Joseph Lorenzo Hall, Benedicte Callan, and Helen Nissenbaum
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Security Risks, Low-tech Interfaces, and Implantable Medical Devices: A Case Study with Insulin Pump Infusion Systems
Nathanael Paul and Tadayoshi Kohno
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Tragedy of Anticommons in Digital Right Management of Medical Records
Quanyan Zhu, Carl Gunter, and Tamar Basar
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Vis-à-vis Cryptography: Private and Trustworthy In-Person Certifications
Ian M. Miers, Matthew Green, Christoph U. Lehmann, and Aviel D. Rubin
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Who Wears Me? Bioimpedance As A Passive Biometric
Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012.

Potentia est Scientia: Security and Privacy Implications of Energy-Proportional Computing
Shane S. Clark, Benjamin Ransford, and Kevin Fu
USENIX Workshop on Hot Topics in Security (HotSec12), August 2012.

Fully Integrated Biochip Platforms for Advance Healthcare
Sandro Carrara, Sara Ghoreishzadeh, Jacopo Olivo, Irene Taurino, Camilla Baj-Rossi, Andrea Cavallini, Maaike Op de Beeck, Catherine Dehollain, Wayne Burleson, Francis Gabriel Moussy, Anthony Guiseppi-Elie, and Giovanni De Micheli
Sensors, volume 12, issue 8, pages 11013-11060, August 2012.

Current Events: Identifying Webpages by Tapping the Electrical Outlet
Shane S. Clark, Benjamin Ransford, Jacob Sorber, Wenyuan Xu, Erik Learned-Miller, and Kevin Fu
Technical Report UM-CS-2011-030, Department of Computer Science, University of Massachusetts Amherst, July 2012.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance
Daniel B. Kramer, Matthew Baker, Benjamin Ransford, Andres Molina-Markham, Quinn Stewart, Kevin Fu, and Matthew R. Reynolds
PLOS ONE, volume 7, issue 7, July 2012.

Using Domain Knowledge and Domain-Inspired Discourse Model for Coreference Resolution for Clinical Narratives
Prateek Jindal and Dan Roth
Journal of the American Medical Informatics Association, July 2012.

Design Challenges in Secure Implantable Medical Devices
Wayne Burleson, Shane S. Clark, Benjamin Ransford, and Kevin Fu
Design Automation Conference (DAC), June 2012.

Plug-n-Trust: Practical Trusted Sensing for mHealth
Jacob Sorber, Minho Shin, Ron Peterson, and David Kotz
International Conference on Mobile Systems, Applications, and Services (MobiSys), June 2012.

Electronic Health Record-Based Monitoring of Primary Care Patients at Risk of Medication-Related Toxicity
David G. Bundy, Jill A. Marsteller, Albert W. Wu, Lilly D. Engineer, Sean M. Berenholtz, A. Harrison Caughey, David Silver, Jing Tian, Richard E. Thompson, Marlene R. Miller, and Christoph U. Lehmann
Joint Commision Journal on Quality and Patient Safety, volume 38, issue 5, pages 216-223, May 2012.

Formalizing and Enforcing Purpose Restrictions in Privacy Policies
Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
IEEE Symposium on Security and Privacy, May 2012.
[full version] [software]

New Definitions and Separations for Circular Security
David Cash, Matthew Green, and Susan Hohenberger
IACR International Conference on Practice and Theory of Public-Key Cryptography, May 2012.

High Stakes: Designing a Privacy Preserving Registry
Alexei Czeskis and Jacob Appelbaum
Workshop on Usable Security (USEC12), March 2012.

Active Monitoring Using Real-Time Metric Linear Temporal Logic Specifications
Gabor Simko and Janos Sztipanovits
International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC12), February 2012.

An Amulet for Trustworthy Wearable mHealth
Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, and David Kotz
Workshop on Mobile Computing Systems and Applications (HotMobile12), February 2012.

Charm: A Framework for Rapidly Protyping Cryptosystems
Joseph A. Akinyele, Matthew D. Green, and Aviel D. Rubin
Annual Network & Distributed System Security Symposium, February 2012.

Exposing Privacy Concerns in mHealth Data Sharing
Aarathi Prasad
Master’s Thesis, Technical Report TR2012-711, Dartmouth College, Computer Science, February 2012.

Gay Males and Electronic Health Records: Privacy Perceptions, Age, and Negotiating Stigma (Abstract)
Timothy Stablein, Joseph Lorenzo Hall, Helen Nissenbaum, and Denise Anthony
Eastern Sociological Society Annual Meeting, February 2012.

Passive Biometrics for Pervasive Wearable Devices (Poster paper)
Cory Cornelius, Zachary Marois, Jacob Sorber, Ronald Peterson, Shrirang Mare, and David Kotz
Workshop on Mobile Computing Systems and Applications (HotMobile), February 2012.

Real-Time Human Pose Detection and Tracking for Tele-Rehabilitation in Virtual Reality
Štepán Obdrzálek, Gregorij Kurilo, Jay Han, Ted Abresch, and Ruzena Bajcsy
Studies in Health Technology and Informatics: Medicine Meets Virtual Reality 19, February 2012.

Regulation of Medical Devices in the United States and European Union
Daniel B. Kramer, Shuai Xu, and Aaron Kesselheim
The New England Journal of Medicine, February 2012.

Declarative Privacy Policy: Finite Models and Attribute-Based Encryption
Peifung E. Lam, John C. Mitchell, Andre Scedrov, Sharada Sundaram, and Frank Wang
ACM SIGHIT International Health Informatics Symposium (IHI12), January 2012.
[video] [source code] [virtual machine]  

Analysis and Recommendations Concerning HHS Notice of Proposed Rulemaking Covering Changes to Accountings of Disclosure
Helen Nissenbaum and Joseph Lorenzo Hall
Letter to the Office of the National Coordinator for Health Information Technology, December 2011.

Learning from Negative Examples in Set-Expansion
Prateek Jindal and Dan Roth
IEEE International Conference on Data Mining (ICDM11), December 2011.

The Financial Impact of Health Information Exchange on Emergency Department Care
Mark E. Frisse, Kevin B. Johnson, Hui Nian, Coda L. Davison, Cynthia S. Gadd, Kim M. Unertl, Pat A. Turri, and Qingxia Chen
Journal of the American Medical Informatics Association (JAMIA), November 2011.

A Review of the Security of Insulin Pump Infusion Systems
Nathanael Paul, Tadayoshi Kohno, and David C. Klonoff
Journal of Diabetes Science and Technology, volume 5, issue 6, pages 1557-1562, November 2011.

Recent Results in Computer Security for Medical Devices
Shane S. Clark and Kevin Fu
ICST Conference on Wireless Mobile Communication and Healthcare (MobiHealth), October 2011.

Medication Administration Quality and Health Information Technology: A National Study of Hospitals
Ajit Appari, Emily K. Carian, M. Eric Johnson, and Denise L. Anthony
Journal of the American Medical Informatics Association (JAMIA), October 2011.

Reasoning about Metamodeling with Formal Specifications and Automatic Proofs
Ethan K. Jackson, Tihamer Levendovszky, and Daniel Balasubramanian
Model Driven Engineering Languages and Systems (MoDELS11), October 2011.

Role Prediction using Electronic Medical Record System Audits
Wen Zhang, Carl A. Gunter, David Liebovitz, Jian Tian, and Bradley Malin
AMIA 2011 Annual Symposium, October 2011.

Adapt-lite: Privacy-aware, Secure, and Efficient mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
Workshop on Privacy in the Electronic Society (WPES11), October 2011.

Securing Electronic Medical Records Using Attribute-Based Encryption On Mobile Devices
Joseph A. Akinyele, Matthew W. Pagano, Matthew D. Green, Christoph U. Lehmann, Zachary N. J. Peterson, and Aviel D. Rubin
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM11), October 2011.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications
Deepak Garg, Limin Jia, and Anupam Datta
ACM Conference on Computer and Communications Security (CCS11), October 2011.

Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, September/October 2011.

Hide-n-Sense: Privacy-aware Secure mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
Technical Report TR2011-702, Department of Computer Science, Dartmouth College, September 2011.

A Contextual Approach to Privacy Online
Helen Nissenbaum
Dædalus, the Journal of the American Academy of Arts & Sciences, volume 140, issue 4, September 2011.

Outsourcing the Decryption of ABE Ciphertexts
Matthew Green, Susan Hohenberger, and Brent Waters
USENIX Security Symposium, August 2011. 

They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices (Awarded Best Paper)
Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu
ACM Special Interest Group on Data Communication (SIGCOMM11), August 2011.

Adaptive Security and Privacy for mHealth Sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Audit Mechanisms for Privacy Protection in Healthcare Environments
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Exposing Privacy Concerns in mHealth
Aarathi Prasad, Jacob Sorber, Timothy Stablein, Denise Anthony, and David Kotz
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

A Research Roadmap for Healthcare IT Security Inspired by the PCAST Health Information Technology Report
Matthew D. Green and Aviel D. Rubin
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices
Steven Hanna, Rolf Rolles, Andres Molina-Markham, Pongsin Poosankam, Kevin Fu, and Dawn Song
USENIX Workshop on Health Security and Privacy (HealthSec11), August 2011.

Computerized Provider Order Entry in Pediatric Oncology: Design, Implementation, and Outcomes
Allen R. Chen and Christoph U. Lehmann
Journal of Oncology Practice, volume 7, issue 4, July 2011.

Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection
Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
IEEE Computer Security Foundations Symposium, June 2011.

Metadata Analysis Power Team Letter to the National Coordinator
Jonathan Perlin (Chair), John Halamka (Vice Chair) and the Metadata Analysis Power Team Committee Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, June 2011.

Recognizing Whether Sensors are on the Same Body
Cory Cornelius and David Kotz
International Conference on Pervasive Computing, Lecture Notes in Computer Science, June 2011.

PCAST Workgroup Letter to the National Coordinator
Paul Egerman (Chair), Bill Stead (Vice Chair) and the PCAST Workgroup Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, April 2011.

Software Issues for the Medical Device Approval Process
Kevin Fu
Testimony submitted to the Special Committee on Aging US Senate Hearing
A Delicate Balance: FDA and the Reform of the Medical Device Approval Process, April 2011.

A Threat Taxonomy for mHealth Privacy
David Kotz
International Conference on Communication Systems and Networks (COMSNETS11), pages 1-6, January 2011.

Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws
Henry DeYoung, Deepak Garg, Limin Jia, Dilsun Kaynar, and Anupam Datta
Workshop on Privacy in the Electronic Society (WPES10), October 2010.

Logical Specification of the GLBA and HIPAA Privacy Laws
Henry DeYoung, Deepak Garg, Dilsun Kaynar, and Anupam Datta
Carnegie Mellon University, CyLab Technical Report 10-007, April 2010.

Patients, Pacemakers, and Implantable Defibrillators: Human Values and Security for Wireless Implantable Medical Devices
Tamara Denning, Alan Borning, Batya Friedman, Brian T. Gill, Tadayoshi Kohno, and William H. Maisel
ACM Conference on Human Factors in Computing Systems (CHI10), April 2010.