WPI Research is the research magazine of Worcester Polytechnic Institute. It contains news and features about graduate research in the arts and sciences, business, and engineering, along with notes about new grants, books, and faculty achievements.
Issue link: http://wpiresearch.epubxp.com/i/229254
Krishna Venkatasubramanian develops solutions to security, privacy, and safety concerns raised by interoperable medical devices — pacemakers, sensors, and other medical technology that can communicate over networks. Cyberattacks get personal implications — or the unintended consequences that can ensue when they are altered. Margrave, however, can run through all of the various roles in an organization and determine precisely who has access to what. It can also compare different access control policies, or different versions of the same policy, to show how changes to the rules can affect privacy and security. That would be a boon to people who must confgure their own privacy settings on platforms like Facebook, but have trouble understanding what those settings actually mean. (The "leakage" of private information from Facebook and other websites is one focus of cybersecurity research by Craig Wills, head of WPI's Computer Science Department.) Fisler has also been developing methods for mathematically analyzing applications to verify that they conform to the principles of usable security — principles that are meant to ensure that users actually have the ability to maintain their security on a practical basis. The principle of revocability, for example, might require that a user who has decided to share information can also choose to "unshare" it. Krishna Venkatasubramanian, assistant professor of computer science, is also trying to develop security solutions that are both effective and user-friendly. In particular, Venkatasubramanian is looking for methods for securely coordinating medical devices, like x-ray scanners and heart monitors. Such devices have traditionally operated in standalone fashion, but are now beginning to communicate with one another across networks. These interoperable medical devices (IMDs) can provide useful information to doctors and nurses, but they also raise a whole host of new security concerns. A sophisticated attacker could eavesdrop on an IMD network to glean sensitive patient information or interfere with specifc devices; researchers have already hacked a pacemaker, for example, and fed it faulty instructions. IMDs, therefore, present a case in which cyberattacks could potentially lead to physical harm, or even death. Consequently, IMDs need to generate alarms not only when a patient's health is at risk, but also when security has been breached — alarms that won't just add to the noise Worcester Polytechnic Institute > 39