EECS 598-008 Winter 2013 Medical Device Security

Some of the copyrighted links below may require access from a University of Michigan IP address to download PDFs.

0. Course reader table of contents (just the non-electronic papers)
1. Signup sheet
2. Syllabus
3. Computer Viruses are Rampant on Medical Devices in Hospitals
4. An Investigation of the Therac-25 Accidents by Leveson and Turner, IEEE Computer, 26(7), July 1993.
5. "Computers and Risk" in Safeware by Leveson, 1995. [see course reader]
6. ISPAB panel discussion on medical device security [see CTools]
7. Unpublished manuscript on non-intrusive malware detection [paper copy]
8. Investigation of an accidental exposure of radiotherapy patients in Panama (optional readings)
   • We Did Nothng Wrong: Why Software Quality Matters by Deborah Gage, John McCormick, Tom Steinert-Threlkeld, Berta Ramona Thayer, 2004.
   • Panama Technicians Found Guilty by John McCormick, 2004.
   • FDA Statement on Radiation Overexposures in Panama
9. Attack Trees by Bruce Schneier, Dr. Dobbs Journal, 1999.
10. Generic Safety Requirements for Developing Safe Insulin Pump Software by Zhang et al., Journal of Diabetes Science and Technology, 2011.
    • Generic Infusion Pump (GIP) model (optional)
    • A Hazard Analysis of a Generic Insulin Infusion Pump by Zhang et al., Journal of Diabetes Science and Technology, 2010. (optional)
11. Problems with a syringe pump (Harold Thimbleby's video, rest below optional)
    • Ignorance of Interaction Programming Is Killing People by Thimbleby, ACM Interactions, Sept/Oct 2008.
    • On the use of transition diagrams in the design of a user interface for an interactive computer system by Parnas. In Proceedings of the 24th ACM National Conference, 1964.
    • User-centered methods are insufficient for safety critical systems by Thimbleby. In USAB’07—Usability & HCI for Medicine and Health Care, edited by A. Holzinger, Springer Lecture Notes in Computer Science, 4799, pp1–20, 2007.
    • don't use 7-segment displays by Thimbleby.
    • Just go read everything Thimbleby, dammit.
12. Security and Privacy for Implantable Medical Devices by Halperin et al. IEEE Pervasive Computing, Special Issue on Implantable Electronics 7(1), January 2008.
13. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses by Halperin et al. In Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, May 2008.
14. Optimal Policy for Software Vulnerability Disclosure by Arora et al. In Journal of Management Science, 54(4), April 2008, pp. 642-656.
15. Healthcare Technology in a Wireless World, AAMI, 2012.
16. Economics of Information Security by Ross Anderson and Bruce Schneier. In IEEE S&P magazine, 2005.