Repository for the poster and proposal by Kaixin Du, Dibyajyoti Nath, Ramit Saraswat, Zhicheng Sun (Johns Hopkins University), Michael Rushanan (Harbor Labs), and Tushar Jois (City College of New York).
This repo contains preliminary code and artifacts to reproduce topics discussed in the poster abstract and depicted in the poster.
- Whats in this Repo
- Quickstart
- Reproducing Results
- Artifacts
- Citation
- Contributions
- Responsible Use
- License
- Contact
Health and Medical Security (HMS) lab research projects organize tools and data with implications beyond the research poster in their own top-level directories. The artifacts directory includes code and data relevant to the poster and reproducibility of the research. The paper directory contains a LaTeX clone of the poster abstract, written in Overleaf. The poster directory contains the camera-ready poster clone, made in Microsoft PowerPoint.
├── artifacts/ # Reproduction steps, intermediate outputs, figures
│ ├── figures/ # Figures generated externally to Draw.io
├── paper/ # LaTeX source for the manuscript
└── poster/ # PowerPoint source for the poster
The poster and analysis in this repository represent preliminary work; therefore, we do not release in-progress research artifacts.
This work is related to the MeDUSA (Medical Device Universal Security Alignment) project, an open-source, secure medical device reference design.
Our analysis is considered preliminary; therefore, we do not share any in-progress results other than those in artifacts/figures.
We captured our artifacts in the ./artifacts directory.
@inproceedings{du-nath-saraswat-sun-rushanan-jois-sigcse-25-platform-medical-device-education,
author = {Kaixin Du and Dibyajyoti Nath and Ramit Saraswat and Zhicheng Sun and Michael Rushanan and Tushar Jois},
title = {A Hands-On Platform for Medical Device Security Education},
booktitle = {Proceedings of the 57th ACM Technical Symposium on Computer Science Education (SIGCSE TS 2026)},
note = {Poster},
location = {St. Louis, MO, USA},
date = {2026-02-19},
year = {2026},
publisher = {ACM},
url = {https://sigcse2026.sigcse.org/details/sigcse-ts-2026-posters/142/A-Hands-On-Platform-for-Medical-Device-Security-Education}
}Research posters facilitate academic networking and collaboration. While we do not directly support contributions to this poster, we welcome engagement and feedback. Please get in touch with the authors listed below to discuss potential contributions, including insights related to:
- Medical Device Cybersecurity Design Challenges: Designing secure medical devices requires balancing safety, real-time performance, usability, legacy hardware/software constraints, and long product lifecycles. We welcome input on common security design pain points (e.g., secure update mechanisms, authentication/authorization, availability and resilience, safety–security tradeoffs) and examples of effective security architectures in real-world devices.
- Regulatory Requirements and Compliance Challenges: Medical device security is shaped by evolving regulatory expectations (e.g., FDA cybersecurity guidance, premarket submissions, postmarket vulnerability management). We invite feedback on how regulatory requirements influence device development and maintenance, and what educational resources or tooling would best help students understand compliance-driven engineering constraints.
- Industry Best Practices and Responsible Vulnerability Handling: Manufacturers are expected to follow international standards and industry best practices (e.g., secure development lifecycle, threat modeling, SBOM processes, coordinated vulnerability disclosure, penetration testing, security documentation. We welcome insights into which practices are most impactful and how educational platforms like MeDUSA can better support teaching hands-on security aligned with real device environments.
- Stakeholder Impacts and Deployment Realities: Medical device cybersecurity directly affects a wide set of stakeholders, including manufacturers, healthcare delivery organizations (HDOs), clinicians, patients, regulators, and the security research community. We invite perspectives on how security decisions impact these groups in practice (e.g., clinical workflow disruptions, patching and update challenges in hospitals, patient safety considerations), and on how educational activities can better reflect these real-world dynamics.
- Research use only: This repository should be for research only.
See LICENSE.md.
Please contact Dr. Michael Rushanan, the principal investigator, for any reason not described above.