welcomeholaनमस्तेγεια
You have arrived at my Internet Backyard

I ask that you stick around if you're
interested in research, programming, and tinkering.

About Me

I received my Ph.D. from Johns Hopkins University in May 2016 where I was a member of the Health and Medical Security Lab (HMS). My primary research interests are in systems security, health IT security, privacy, and applied cryptography. My hobbies include embedded system design and implementation (e.g., Arduino and Raspberry Pi), mobile application development (e.g., iOS and Android), and programming.

I contribute to non-profit development (e.g., So They Can Know) and open source software development (e.g., GitHub and BitBucket) in my spare time. I also enjoy gaming. If you're interested in a more formal representation of my doings, please see the important links below.

importantLinks = {'resume': PDF, 'curriculum_vitae': PDF, 'PGP': PK}

Professional Activities


I co-instructed Introduction to Hardware Hacking with my colleague Paul Martin over the 2015 Winter Intersession at JHU. Course materials are on GitHub! The course description is as follows:

Our favorite electronic devices, such as gaming consoles and smartphones, have a common root --- hardware. These deceptively simple interconnections of electronic components perform arithmetic and logic operations that enable our devices to interact with us and extend current methods for software security, communication, and marketing. In this course, we first survey hacks (e.g., rooting) that furnish a practical understanding of the hardware/software relationship. We continue this relationship by examining the use of hardware emulation and security extensions. Lastly, we explore other niche hardware uses such as asset tracking, advertising, and authentication.

I was a visiting scholar at the University of Michigan, the SPQR Lab specifically, from Winter of 2013 through Summer of 2014, and Summer of 2013. I served as the president of Upsilon Pi Epsilon, the computer science honors society, from Spring 2011 to Spring 2013 (two consecutive terms).

"The computing and information disciplines are relatively young. Yet despite their comparative youth, the computing and information disciplines have had an unparalleled effect on almost every aspect of contemporary life. Indeed it is difficult to predict the ultimate place of the computer in our world. It is the express purpose of Upsilon Pi Epsilon (UPE) to promote the computing and information disciplines and to encourage their contribution to the enhancement of knowledge."

I have been invited to talk at academic events such as:

I have facilitated graduate and undergraduate-level courses at Johns Hopkins University through numerous course and teaching assistantships (scores reflect student feedback from course evaluation forms):

Teaching Assistant, EN.600.442 "User Interface and Mobile Applications", Dr. Froehlich, Johns Hopkins University. Spring 2013. Score: 4.5/5

This course will provide students with a rich development experience, focussed on the design and implementation of user interfaces and mobile applications. A brief overview of human computer interaction will provide context for designing, prototyping and evaluating user interfaces. Students will invent their own mobile applications and implement them using the Android SDK, which is JAVA based. An overview of the Android platform and available technologies will be provided, as well as XML for layouts, and general concepts for effective mobile development. Students will be expected to explore and experiment with outside resources in order to learn technical details independently. There will also be an emphasis on building teamwork skills, and on using modern development techniques and tools.


Teaching Assistant, EN.600.442 "Modern Cryptography", Dr. Pappacena, Johns Hopkins University. Fall 2012. Score: 4.18/5

This course focuses on cryptographic algorithms, formal definitions, hardness assumptions, and proofs of security. Topics include number-theoretic problems, pseudo-randomness, block and stream ciphers, public-key cryptography, message authentication codes, and digital signatures.


Teaching Assistant, EN.600.316/416 "Database Systems", Dr. Ahmad, Johns Hopkins University. Spring 2012. Score: 3/5, 3.47/5

This course serves as an introduction to the architecture and design of modern database management systems. Database management systems (DBMS) are widely used to manage, store and query diverse datasets and have become an invaluable tool in today's enterprises and large web companies with applications in transaction processing, business intelligence and analytics. Topics include query processing algorithms and data structures, data organization and storage, query optimization and cost modeling, transaction management and concurrency control, high-availability mechanisms, parallel and distributed databases, and a survey of modern architectures including NoSQL, column-oriented and streaming databases. In addition to technical material, we will devote a portion of weekly lectures to looking at the use of database technology in today's enterprises, including document indexing at Google, parallel data warehousing with systems such as Hadoop and HIVE, and transactional web applications. Coursework includes programming assignments and experimentation in a simple database framework written in Java.


Course Assistant, EN.600.424 "Network Security", Dr. Mishra, Johns Hopkins University, Spring 2011.

This course focuses on communication security in computer systems and networks. The course is intended to provide students with an introduction to the field of network security. The course covers network security services such as authentication and access control, integrity and confidentiality of data, firewalls and related technologies, Web security and privacy. Course work involves implementing various security techniques. A course project is required.

Network Security Project #1:
I constructed a fictious scenario in which the student was to provide network admin support to some company. The project required that the student evaluate and discern multiple web security vulnerabilities, configure the companies firewall for a set of specific requirements, and write a web proxy to prove that the firewall exercise had failed to realize this specific concern in the requirements To the best of my knowledge, this assignment is still used. When it is decommissioned, I will provide it as a link here.


Course Assistant, EN.600.443 "Security and Privacy", Dr. Small, Johns Hopkins University, Fall 2010.

Lecture topics will include computer security, network security, basic cryptography, system design methodology, and privacy. There will be a heavy work load, including written homework, programming assignments, exams and a comprehensive final. The class will also include a semester-long project that will be done in teams and will include a presentation by each group to the class.

Research

"As new generations [of computers] come out, usually there are increased complexity and features, [that lead to] increased security problems. Plus, other industries have shown that every new generation has its own set of security problems."
-Avi Rubin

Peer-Reviewed Conference and Workshop Papers

Charm: A Framework for Rapidly Prototyping Cryptosystems [PDF | BIBTEX]
Joseph Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, Aviel D. Rubin. In the proceedings of the Journal of Cryptographic Engineering (JCEN) 2013.

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks [PDF | SLIDES | BIBTEX]
Michael Rushanan, Denis Foo Kune, Colleen Swanson, Aviel D. Rubin. In the proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2014.

Run-DMA [PDF | SLIDES | BIBTEX]
Michael Rushanan, Stephen Checkoway. In the proceedings of the Workshop on Offensive Technologies (WOOT), 2015.

KBID: Kerberos Bracelet Identification (Short Paper) [PDF | BIBTEX]
Joseph Carrigan, Paul Martin, Michael Rushanan. In the proceedings of Financial Cryptography and Data Security (FC), 2016.

Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage [PDF | BIBTEX]
Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, Michael Rushanan. In the proceedings of USENIX Security, 2016.

Applications of Secure Location Sensing in Healthcare [PDF | BIBTEX]
Paul Martin, Michael Rushanan, Thomas Tantillo, Christoph Lehmann and Aviel D. Rubin. In the proceedings of ACM Conference of Bioinformatics, Computational Biology, and Health Informatics (BCB), 2016.

MalloryWorker: Stealthy Computation and Covert Channels using Web Workers [PDF | BIBTEX]
Michael Rushanan, David Russell, Aviel D. Rubin. In the proceedings of International Workshop on Security and Trust Management (STM), 2016.

Technical Reports

Classifying Network Protocol Implementation Versions: An OpenSSL Case Study [PDF | BIBTEX]
Paul D. Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, Aviel D. Rubin. Technical Report 13-01, Johns Hopkins University. Dec 2013.

Peer-Reviewed Short Papers and Posters

An Evaluation of ECG use in Cryptography for Implantable Medical Devices and Body Area Networks [PDF | MP4]
Michael Rushanan, Johns Hopkins University; Denis Foo Kune, Daniel E Holcomb, and Colleen M Swanson, University of Michigan

Initial Uptake of STI Partner Notification Website So They Can Know [PDF | BIBTEX]
Jessica Ladd, Jenny McManus, Stephan Adelson, Charlotte Gaydos, and Michael Rushanan. Poster presented at: International Society for Sexually Transmitted Diseases Research (ISSTDR) 2014.

The Moo and Cement Shoes: Future Directions of A Practical Sense-Control-Actuate Application [PDF | BIBTEX]
Miran Alhaideri, Michael Rushanan, Denis Foo Kune, Kevin Fu. In the proceedings of the First International Workshop on the Swarm at the Edge of the Cloud. Poster session presented at: 2013 TerraSwarm Annual Meeting.

aheM: Additively Homomorphic Encryption for the Moo [PDF | POSTER1 | POSTER2 | BIBTEX]
Michael Rushanan, Denis Foo Kune, Kevin Fu. Poster session presented at: Cryptographic Hardware and Embedded Systems (CHES) 2013. Poster session presented at: 2013 TerraSwarm Annual Meeting.

Towards a Threat Model for Actors in the Swarm [PDF | POSTER | BIBTEX]
Michael Rushanan, Miran Alhaideri, Denis Foo Kune, Kevin Fu. Poster session presented at: First International Workshop on the Swarm at the Edge of the Cloud (SEC) 2013.

An Efficient Encryption Framework for Medical Images [PDF | BIBTEX]
James F. Philbin, PhD, Johns Hopkins Medical Institutions; Matthew Green, PhD; Yu Ning, MS; Mohmoud Ismail, MS; Michael Rushanan, MS. Poster session presented at: Society for Imaging Informatics in Medicine (SIIM) 2013.

Conference Reports

CSET '14: 2014 USENIX Workshop on Cyber Security Experimentation and Test [PDF]
Michael Rushanan. ;login: Conference Reports.

HealthTech '13: 2013 USENIX Workshop on Health Information Technologies [PDF]
Michael Rushanan. ;login: Conference Reports.

HotSec '13: 2013 USENIX Summit on Hot Topics in Security [PDF]
Michael Rushanan. ;login: Conference Reports.

Development

"If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs."
-Richard M. Stallman

libfenc

michaelrushanan.org

Charm

Arbitrary Blog Execution

FlyChecksum

Coming Soon!

Blog

Please visit Arbitrary Blog Execution to access the non-embedded version.

Contact

I would love to hear from you! Thanks for visiting. Cheers, Mike.