Strategic Healthcare IT Advanced Research Projects on Security (SHARPS)

SHARPS is developing techniques to reduce security and privacy risks that pose barriers to the meaningful use of health information technology. Areas of focus include electronic health records, health information exchanges, and telemedicine. The project includes investigations into policy considerations, service models, and open validation benchmarks. It is a multi-disciplinary and multi-institutional effort that involves cyber-security experts and physicians at a dozen academic institutions advised by a panel of leaders from industry, government, and advocacy groups.

Publications

De Facto Diagnosis Specialties: Recognition and Discovery,
Aston Zhang, Xun Lu, Carl A. Gunter, Shuochao Yao, Fangbo Tao, Rongda Zhu, Huan Gui, Daniel Fabbri, David Liebovitz, and Bradley Malin.
Learning Health Systems, 2018:e10057, 2018.

Analyzing & Designing the Security of Shared Resources on Smartphone Operating Systems.
Soteris Demetriou,
Doctoral Dissertation, University of Illinois at Urbana-Champaign, May 2018.

Analyzing Intentions from Big Data Traces of Human Activities,
Aston Zhang.
Doctoral Thesis, University of Illinois at Urbana-Champaign, May 2017.

Secure and Practical Computation on Encrypted Data.
Muhammad Naveed,
Doctoral Thesis, University of Illinois at Urbana-Champaign, April 2016.

Free for All! Assessing User Data Exposure to Advertising Libraries on Android,
Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang and Carl A. Gunter.
ISOC Network and Distributed System Security (NDSS ’16), San Diego, February 2016.

Inferring Clinical Workflow Efficiency via Electronic Medical Record Utilization,
You Chen, Wei Xie, Carl A Gunter, David Liebovitz, Sanjay Mehrotra, He Zhang, and Bradley Malin.
AMIA Symposium, San Francisco, CA, November 2015.

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware,
Michael LeMay and Carl A. Gunter.
Logic, Rewriting, and Concurrency, Essays Dedicated to José Meseguer on the Occasion of his 65th Birthday, Urbana, IL, September 2015.

Discovering De Facto Diagnosis Specialities,
Xun Lu, Aston Zhang, Carl A. Gunter, Daniel Fabbri, David Liebovitz, and Bradley Malin.
ACM Conference on Bioinformatics, Computational Biology, and Health Informatics (BCB), Atlanta, GA, September 2015. [PPT]

Building Bridges Across Electronic Health Record Systems through Inferred Phenotypic Topics,
You Chen, Joydeep Ghosh, Cosmin Adrian Bejan, Carl A. Gunter, Siddharth Gupta, Abel Kho, David Liebovitz, Jimeng Sun, Joshua Denny, and Bradley Malin.
Journal of Biomedical Informatics, Volume 55 (2015), pages 82-93. Appendix.

What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources,
Soteris Demetriou , Xiaoyong Zhouz, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, and Carl A Gunter.
ISOC Network and Distributed System Security (NDSS ’15), San Diego, February 2015.

Toward a Science of Learning Systems: a Research Agenda for the High-Functioning Learning Health System,
Charles Friedman. Joshua Rubin, Jeffrey Brown, Melinda Buntin, Milton Corn, Lynn Etheredge, Carl Gunter, Mark Musen, Richard Platt, William Stead, Kevin Sullivan, Douglas Van Houweling.
Journal of the American Medical Informatics Association (JAMIA), 22(1), 2015.

Decide Now or Decide Later? Quantifying the Tradeoff between Prospective and Retrospective Access Decisions,
Wen Zhang, You Chen, Thaddeus R. Cybulski, Daniel Fabbri, Carl A. Gunter, Patrick Lawlor, David Liebovitz, Bradley Malin.
ACM Computer and Communication Security (CCS), Scottsdale AZ, November 2014.

Detecting Privacy-Sensitive Events in Medical Text,
Prateek Jindal, Carl A. Gunter, and Dan Roth.
ACM Bioinformatics, Computational Biology, and Health Informatics (BCB),  Newport Beach, CA, September 2014. (Technical Report.)

Decision Support for Data Segmentation (DS2): Application to Pull Architectures for HIE,
Carl A. Gunter, Mike Berry, and Martin French.
USENIX Safety, Security, Privacy, and Interoperability of Health Information Technologies (HealthTech ’14), San Diego, August 2014.

Security Concerns in Android mHealth Apps
Dongjing He, Muhammad Naveed, Carl A. Gunter, and Klara Nahrstedt
AMIA Symposium, Washington DC, November 2014

Android at Risk: Current Threats Stemming from Unprotected Local and External Resources
Soteris Demetriou
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2014.

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations,
Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, and XiaoFeng Wang.
IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Diagnosis Based Specialist Identification in the Hospital,
Xun Lu.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh.
Masters of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Security Threats to Android Apps,
Dongjing He.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2014.

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware,
Michael LeMay and Carl A. Gunter.
arXiv:1404.3465 [cs.CR], April 2014.

Dynamic Searchable Encryption via Blind Storage,
Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter.
IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

Privacy Risk in Anonymized Heterogeneous Information Networks,
Aston Zhang, Xing Xie, Kevin Chen-Chuan Chang, Carl A. Gunter, Jiawei Han, and XiaoFeng Wang.
Extending Database Technologies (EDBT’14), Athens, Greece, March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta.
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Privacy-Preserving Audit for Broker-Based Health Information Exchange,
Se Eun Oh, Ji Young Chun, Limin Jia, Deepak Garg, Carl A. Gunter, Anupam Datta.
ACM Conference on Data and Application Security and Privacy (CODASPY ’14), San Antonio, TX, March 2014.

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android,
Muhammad Naveed, Xiaoyong Zhou, Soteris Demetriou, XiaoFeng Wang, Carl A Gunter.
ISOC Network and Distributed Computing Security (NDSS 14), San Diego, CA, February 2014.

Securing Information Technology in Healthcare
Denise Anthony, Andrew T. Campbell, Thomas Candon, Andrew Gettinger, David Kotz, Lisa A. Marsch, Andres Molina-Markham, Karen Page, Sean Smith, Carl A. Gunter, and M. Eric Johnson
IEEE Security & Privacy, Vol.11, No.6, pp.25,33, Nov.-Dec. 2013.

Identity, Location, Disease and More: Inferring Your Secrets from Android Public Resources,
Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, Xiaofeng Wang Carl A. Gunter, Klara Nahrstedt.
ACM Computer and Communication Security (CCS ’13), Berlin Germany, November 2013.

Building a Smarter Health and Wellness Future: Privacy and Security Challenges,
Carl A. Gunter. 
Chapter 9 in ICTs and the Health Sector: Towards Smarter Health and Wellness Models, OECD, October 2013, pages 141-157.

Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs,
Eric Duffy, Steve Nyemba, Carl A. Gunter, David Liebovitz, and Bradley Malin.
USENIX Workshop on Health Information Technologies (HealthTech 13), August 2013.

Modeling and Detecting Anomalous Topic Access
Siddharth Gupta, Casey Hanson, Carl A. Gunter, Mario Frank, David Liebovitz, and Bradley Malin
IEEE Intelligence and Security Informatics (ISI 13), June 2013. [BIB][PPT]

Implementing Health Information Exchange with Searchable Encryption,
Igors Svecs.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Modeling and Detecting Anomalous Topic Access in EMR Audit Logs,
Siddharth Gupta.
Master of Science Thesis, University of Illinois at Urbana-Champaign, May 2013.

Facilitating Patient and Administrator Analyses of Electronic Health Record Accesses,
Eric Duffy.
Master of Science Thesis, University of Illinois at Urbana-Champaign, August 2013.

Evolving Role Definitions Through Permission Invocation Patterns
Wen Zhang, You Chen, Carl A. Gunter, David Liebovitz, and Bradley Malin
ACM Symposium on Access Control Models and Technologies (SACMAT ’13), June 2013. [BIB]

Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits,
He Zhang, Sanjay Mehotra, David Liebovitz, Carl A. Gunter, and Bradley Malin.
ACM Transactions on Management Information Systems, Vol. 4, No. 4, Article 17, December 2013.

Report of Preliminary Findings and Recommendations
State of Illinois Health Information Exchange Authority Data Security and Privacy Committee
September 2012.

Tragedy of Anticommons in Digital Right Management of Medical Records
Quanyan Zhu, Carl Gunter, and Tamar Basar
USENIX Workshop on Health Security and Privacy (HealthSec12), August 2012. [BIB]

Role Prediction using Electronic Medical Record System Audits
Wen Zhang, Carl A. Gunter, David Liebovitz, Jian Tian, and Bradley Malin
AMIA 2011 Annual Symposium, Washington, DC, October 2011. [PPT][BIB]

Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems
Carl A. Gunter, David M. Liebovitz, and Bradley Malin
IEEE Security & Privacy, volume 9, number 5, September/October 2011. [BIB]

PCAST Workgroup Letter to the National Coordinator
Paul Egerman (Chair), Bill Stead (Vice Chair) and the PCAST Workgroup Members
Office of the National Coordinator for Health and Human Services Health Information Policy Committee, April 2011.

Related Resources

Last updated on Monday, July 25, 2011, 4:06 pm