Funding Source
National Science Foundation (NSF)
Project Period
9/1/13 – 8/31/19
Principal Investigator
David Kotz, PhD (Dartmouth College)
Other Project Staff
Dartmouth College (Lead Site): Lisa A. Marsch, PhD (Co-PI)
University of Michigan: Kevin Fu (Site PI); Michael Bailey
University of Illinois at Urbana Champaign: Carl Gunter (Site PI); Klara Nahrstedt
Johns Hopkins: Aviel Rubin, (Site PI); Darren Lacey; Jonathan Weiner; Steve Checkoway
Vanderbilt University: Eric Johnson
Project Summary
In this project, the investigators tackle many of the fundamental computer science research challenges necessary to provide trustworthy systems for health and wellness, in the context of technology trends that are increasing complexity, decentralizing information and authority, and pushing more sensitive information and health-related tasks into mobile devices and cloud-based services.
Research projects fall within three critical areas:
1. Usable authentication and privacy tools: new mechanisms to authenticate clinical staff without disrupting workflow, a usable means for individuals to control information collected about them, a method to segment health records for better control over emergency access, and privacy protections for genomic data in personal health records.
2. Trustworthy control of medical devices: new methods to secure small health networks in homes and clinics and to verify remote medical directives and configuration changes.
3. Trust through accountability: research to detect malware in medical devices, compute trust metrics from data provenance information, and to develop methods for auditing medical information systems and networks.
Public Health Relevance
The proposed research addresses fundamental security research challenges posed by the increasingly complex and decentralized world of mobile devices and cloud services, in the context of a nationally important application domain (health & wellness), but with implications far beyond the domain. Specifically, the research agenda will contribute to authenticating mobile users in a continuous and unobtrusive way, segmenting access to medical records from mobile devices to limit information exposure, allowing individuals a usable way to control the information collected about them, handling genomic data in the cloud while enabling patient control over information, managing security on remote health devices while reducing the burden on the user, verifying medical directives issued to remote devices, detecting malware through power analysis, providing provenance information to those who use health data, and auditing behavior of this complex ecosystem of devices and systems.
The proposed research will have long-term impact by enabling the creation of health & wellness systems that can be trusted by individual citizens to protect their privacy and can be trusted by health professionals to ensure data integrity and security. The team’s healthcare partners will aid them to evaluate and demonstrate the value of their security solutions. They will also impact the next generation of scientists by creating new course modules, sponsoring summer programs for underrepresented minorities and women to broaden undergraduate and K-12 participation in computing, and creating an exchange program for their postdocs and research students to rotate among sites to broaden perspectives and receive mentoring on trustworthy computing.