Wednesday, December 01, 2010

Exit Strategy

Something seems a bit wrong with this exit sign in the hallway at IBM.

Wednesday, September 15, 2010

USENIX Health Security & Privacy Videos Made Public

Earlier today USENIX made several of the HealthSec Workshop webcast videos publicly available. In particular, anyone may now watch the:

  • Opening Remarks on USENIX HealthSec

  • Policy for Health Records (Position papers from both universities and industrial research.)

  • Invited Panel on Medical Device Security & Privacy

    Panelists: John F. Murray Jr., Software Compliance Expert, United States Food and Drug Administration, CDRH/Office of Compliance; Nathanael Paul, Research Scientist, Oak Ridge National Laboratory; Karen Sandler, General Counsel of the Software Freedom Law Center

    All the panelists work in the medical device software space, and all personally use computer-controlled medical devices (mostly implanted).

Wednesday, July 21, 2010

Software update risks in avionics: pre-flight briefings

Browsing the ASRS database can be educational. Search for ACN #875270 and you'll see these snippets of an anonymous comment about the risks of software updates and avionics for providing pilots with pre-flight briefings.

"I am a Flight Service specialist. I am reporting an ongoing and routinely occurring safety concern. About 2-3 times/month, the company takes down its primary briefing system, for various reasons - software updates/patches, security patches, information updates, etc. The entire system is taken down all at once, nationwide."
"Coupling this lack of knowledge with unreliable/incomplete data is a recipe that guarantees, in time, a tragedy for an unknowing pilot and passengers who placed their trust in our company."

Aviation Safety Reporting System
Pre-flight briefing

Saturday, July 17, 2010

Software risks and medical ventilators

Did a software glitch cause an oxygen delivery system to fail, leading to a patient's death?

Earlier this year, a person tragically died during ambulance transport. The article explains that it's believed a software glitch caused an oxygen system to fail, leading to the patient's death. A TV news team made a video of the the medical system and interviewed a paramedic (who was not the paramedic involved with the event). There is very little technical information publicly available about the event, except that there are multiple manufacturers involved. Road Rescue reportedly built the ambulance. And Spartan Chassis is reportedly involved with the components in the ambulance itself.

No one has reported technical information on the alleged software glitch itself. However, this rather brief adverse event report at FDA cites a date coincidentally close to April 22 (the date of the incident). Is the underlying technology an Evita 4 Ventilator? What role did software play in the incident? What other factors contributed?

Saturday, July 10, 2010

Do I really have that much mail?

Apple Mail. Oh no you don't. Interesting that ln(18446744073707454940)/ln(2)=64.

Tuesday, February 23, 2010

USENIX Workshop on Health Security & Privacy (HealthSec 2010)

If you conduct research on security and privacy of health information technology, then you should consider submitting a 2-page position paper to the USENIX Workshop on Health Security & Privacy (HealthSec 2010). Submissions are due April 9, 2010. I am co-organizing the workshop with my colleagues Prof. Yoshi Kohno (UW) and Prof. Avi Rubin (JHU) and a healthy dose of security/privacy expertise from the program committee. What I think is notable about our venue is the degree of interdisciplinary research represented by the program committee. We have members from several research disciplines including computer science, medicine, and social science. Moreover, we have members from multiple sectors in health information technology (academia, government, industry). We intend for the event to bring together researchers with bold positions on how to improve security and privacy for emerging health information technologies. There are many security and privacy problems waiting to be solved in areas such as electronic medical records, wireless medical devices, and regulatory and policy issues.

The workshop itself is co-located with USENIX Security in Washington, DC on August 10, 2010. See you there!

From the CFP:

HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. A fundamental goal of the workshop is to promote cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. Position papers will be selected for their potential to stimulate or catalyze further research and explorations of new directions, as well as for their potential to spark productive discussions at the workshop.

Tuesday, February 02, 2010

UMass Amherst CS Alumni Event in Boston Area March 4

A number of faculty from the UMass Amherst Computer Science department will be kicking back with alums and friends on March 4 in Cambridge (Massachusetts, that is). We were searching for space in the Boston area, so we Googled it. The event takes place at Google's Cafe in Kendall Square. For fairness, next time we will consider Binging it.

Event details appear on

p.s., Alums may order the awesome binary tree-shirt from the student ACM chapter at UMass Amherst.