Skip to main content


Find us on

facebook youtube flickr twitter itunes u logo



Upcoming Events

GenCyber Logo 

GenCyber 2016 - ISTS - High School Summer Program at Dartmouth College
June 27 - July 1, 2016 - 9am to 3pm

 ISTS logo

Securing the e-Campus 2016 - Pre-conference Workshops July 11th; Conference July 12-13, 2016

Recent Talks

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA

Access Control
Thread 1

Thread 1 Team Members

Effective use of healthcare IT requires that the right parties (such as clinicians, patients, and insurance adjusters) be able to access the information and computational resources they need, in a timely manner. However, because the information involved is sensitive and personal, healthcare enterprises need to manage this access carefully. Permitting inappropriate disclosure or modification of this data is socially irresponsible and possibly life threatening to patients – and also exposes the enterprises to legal, regulatory and economic repercussions. Besides the obvious internal risk of users having too much access (and abusing it) or too little (threatening patient care), we see many broader system-level risks: users may find the official IT system so unusable as to move their access and processing outside it (creating security, management, and reliability nightmares), or engage in behavior that defaults to all personnel having maximal access (also creating such nightmares).


The Thread 1 team has collaborated with clinical liaisons and a number of industry partners to advance their research.  Several publications are available through the TISH publications database (see the TISH homepage) and below:

Education and Outreach

  • Seminar at the University of Pennsylvania on "The Role of Humans in Information Security Decisions", January 26, 2012.
  • Course at Dartmouth College on "Misperception and Security: CS169", Winter Term 2012.
  • Seminar on the "State of the Art Authentication in Healthcare", May 25, 2010.
  • Invited panel at SPIMACS 2010, "Talking Across the Disciplines of Technology and Health" (moderated by Graduate Student Sara Sinclair)




The Thread 1 team is led by Professor Sean Smith (Computer Science).  Other team members have included Graduate Students Gabe Weaver and Rebecca Shapiro and Undergraduates Jack Bowman and Amy Zhang.

Last Updated: 1/15/14