You have arrived at my Internet Backyard

I ask that you stick around if you're
interested in research, programming, and tinkering.

About Me

I am a fourth year Ph.D. student at the Johns Hopkins University (JHU) in the Health and Medical Security Lab (HMS). My primary research interests are in systems security, health information technology security, privacy, and applied cryptography. My additional interests are in hobbyist-level embedded system design and implementation (e.g., Arduino and Raspberry Pi), mobile application development (i.e., iOS and Android), and programming languages.

I contribute to non-profit development (e.g., So They Can Know), and opensource software development (e.g., GitHub and BitBucket) in my spare time. I also enjoy gaming. If you're interested in a more formal representation of my doings, please see the important links below.

importantLinks = {'resume': PDF, 'curriculum_vitae': PDF, 'PGP': PK}

Professional Activities

I will be co-instructing, with my colleague Paul Martin, Introduction to Hardware Hacking this 2015 Winter Intersession. Course materials are on GitHub! The course description is as follows:

Our favorite electronic devices, such as gaming consoles and smartphones, have a common root --- hardware. These deceptively simple interconnections of electronic components perform arithmetic and logic operations that enable our devices to interact with us and extend current methods for software security, communication, and marketing. In this course, we first survey hacks (e.g., rooting) that furnish a practical understanding of the hardware/software relationship. We continue this relationship by examining the use of hardware emulation and security extensions. Lastly, we explore other niche hardware uses such as asset tracking, advertising, and authentication.

I was a visiting scholar at the University of Michigan, the SPQR Lab specifically, from Winter of 2013 through Summer of 2014, and Summer of 2013. I am back at Hopkins, third floor of Malone Hall! I served as the president of Upsilon Pi Epsilon, the computer science honors soceity, from Spring 2011 to Spring 2013 (i.e, two consecutive terms).

"The computing and information disciplines are relatively young. Yet despite their comparative youth, the computing and information disciplines have had an unparalleled effect on almost every aspect of contemporary life. Indeed it is difficult to predict the ultimate place of the computer in our world. It is the express purpose of Upsilon Pi Epsilon (UPE) to promote the computing and information disciplines and to encourage their contribution to the enhancement of knowledge."

I have been invited to talk at the following events: JHU Information Security Institute Seminar [April 2014], Special Topics Day for Engineering Innovation Lecture on Cybersecurity [Spring 2012], Computer Science Open House [Fall 2012, 2011]. I have facilitated graduate and ungraduate-level courses at Johns Hopkins University through numerous course and teaching assistantships (scores reflect student feedback from course evaluation forms):

Teaching Assistant, EN.600.442 "User Interface and Mobile Applications", Dr. Froehlich, Johns Hopkins University. Spring 2013. Score: 4.5/5

This course will provide students with a rich development experience, focussed on the design and implementation of user interfaces and mobile applications. A brief overview of human computer interaction will provide context for designing, prototyping and evaluating user interfaces. Students will invent their own mobile applications and implement them using the Android SDK, which is JAVA based. An overview of the Android platform and available technologies will be provided, as well as XML for layouts, and general concepts for effective mobile development. Students will be expected to explore and experiment with outside resources in order to learn technical details independently. There will also be an emphasis on building teamwork skills, and on using modern development techniques and tools.

Teaching Assistant, EN.600.442 "Modern Cryptography", Dr. Pappacena, Johns Hopkins University. Fall 2012. Score: 4.18/5

This course focuses on cryptographic algorithms, formal definitions, hardness assumptions, and proofs of security. Topics include number-theoretic problems, pseudo-randomness, block and stream ciphers, public-key cryptography, message authentication codes, and digital signatures.

Teaching Assistant, EN.600.316/416 "Database Systems", Dr. Ahmad, Johns Hopkins University. Spring 2012. Score: 3/5, 3.47/5

This course serves as an introduction to the architecture and design of modern database management systems. Database management systems (DBMS) are widely used to manage, store and query diverse datasets and have become an invaluable tool in today's enterprises and large web companies with applications in transaction processing, business intelligence and analytics. Topics include query processing algorithms and data structures, data organization and storage, query optimization and cost modeling, transaction management and concurrency control, high-availability mechanisms, parallel and distributed databases, and a survey of modern architectures including NoSQL, column-oriented and streaming databases. In addition to technical material, we will devote a portion of weekly lectures to looking at the use of database technology in today's enterprises, including document indexing at Google, parallel data warehousing with systems such as Hadoop and HIVE, and transactional web applications. Coursework includes programming assignments and experimentation in a simple database framework written in Java.

Course Assistant, EN.600.424 "Network Security", Dr. Mishra, Johns Hopkins University, Spring 2011.

This course focuses on communication security in computer systems and networks. The course is intended to provide students with an introduction to the field of network security. The course covers network security services such as authentication and access control, integrity and confidentiality of data, firewalls and related technologies, Web security and privacy. Course work involves implementing various security techniques. A course project is required.

Network Security Project #1:
I constructed a fictious scenario in which the student was to provide network admin support to some company. The project required that the student evaluate and discern multiple web security vulnerabilities, configure the companies firewall for a set of specific requirements, and write a web proxy to prove that the firewall exercise had failed to realize this specific concern in the requirements To the best of my knowledge, this assignment is still used. When it is decommissioned, I will provide it as a link here.

Course Assistant, EN.600.443 "Security and Privacy", Dr. Small, Johns Hopkins University, Fall 2010.

Lecture topics will include computer security, network security, basic cryptography, system design methodology, and privacy. There will be a heavy work load, including written homework, programming assignments, exams and a comprehensive final. The class will also include a semester-long project that will be done in teams and will include a presentation by each group to the class.


"As new generations [of computers] come out, usually there are increased complexity and features, [that lead to] increased security problems. Plus, other industries have shown that every new generation has its own set of security problems."
-Avi Rubin

Peer-Reviewed Conference and Workshop Papers

Charm: A Framework for Rapidly Prototyping Cryptosystems
Joseph Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, Aviel D. Rubin. In the proceedings of the Journal of Cryptographic Engineering (JCEN) 2013.

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks
Michael Rushanan, Denis Foo Kune, Colleen Swanson, Aviel D. Rubin.To appear IEEE Symposium on Security and Privacy (Oakland), 2014.

Technical Reports

Classifying Network Protocol Implementation Versions: An OpenSSL Case Study [PDF]
Paul D. Martin, Michael Rushanan, Stephen Checkoway, Matthew Green, Aviel D. Rubin. Technical Report 13-01, Johns Hopkins University. Dec 2013.

Peer-Reviewed Short Papers and Posters

Initial Uptake of STI Partner Notification Website So They Can Know
Jessica Ladd, Jenny McManus, Stephan Adelson, Charlotte Gaydos, and Michael Rushanan. Poster presented at: International Society for Sexually Transmitted Diseases Research (ISSTDR) 2014.

The Moo and Cement Shoes: Future Directions of A Practical Sense-Control-Actuate Application
Miran Alhaideri, Michael Rushanan, Denis Foo Kune, Kevin Fu. Poster session presented at: 2013 TerraSwarm Annual Meeting.

aheM: Additively Homomorphic Encryption for the Moo
Michael Rushanan, Denis Foo Kune, Kevin Fu. Poster session presented at: 2013 TerraSwarm Annual Meeting.

The Moo and Cement Shoes: Future Directions of A Practical Sense-Control-Actuate Application
Miran Alhaideri, Michael Rushanan, Denis Foo Kune, Kevin Fu. In the proceedings of the First International Workshop on the Swarm at the Edge of the Cloud (SEC) 2013.

Towards a Threat Model for Actors in the Swarm
Michael Rushanan, Miran Alhaideri, Denis Foo Kune, Kevin Fu. Poster session presented at: First International Workshop on the Swarm at the Edge of the Cloud (SEC) 2013.

aheM: Additively Homomorphic Encryption for the Moo
Michael Rushanan, Denis Foo Kune, Kevin Fu. Poster session presented at: Cryptographic Hardware and Embedded Systems (CHES) 2013.

An Efficient Encryption Framework for Medical Images
James F. Philbin, PhD, Johns Hopkins Medical Institutions; Matthew Green, PhD; Yu Ning, MS; Mohmoud Ismail, MS; Michael Rushanan, MS. Poster session presented at: Society for Imaging Informatics in Medicine (SIIM) 2013.

Conference Reports

HealthTech '13: 2013 USENIX Workshop on Health Information Technologies
Michael Rushanan. Conference Report.

HotSec '13: 2013 USENIX Summit on Hot Topics in Security
Michael Rushanan. Conference Report.


"If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs."
-Richard M. Stallman




Arbitrary Blog Execution


Coming Soon!


Coming Soon.


I would love to hear from you! Thanks for visiting. Cheers, Mike.