Carmichael, L., Taylor, S., Senior, S., Surridge, M., Erdogan, G., & Tverdal, S. (2025). Systematisation of security risk knowledge across different domains: A case study of security implications of medical devices. In Proceedings of the 11th International Conference on Information Systems Security and Privacy (ICISSP 2025) (Vol. 1, pp. 337–348). SCITEPRESS. https://doi.org/10.5220/0013306100003899
Tverdal, S., Erdogan, G., Skytterholm, A. N., Senior, S. M., Taylor, S., & Carmichael, L. (2025). Cyber-risk indicators for connected medical devices. In I. Praça, S. Bernardi, & P. R. Inácio (Eds.), Cybersecurity (Communications in Computer and Information Science, Vol. 2500). Springer. https://doi.org/10.1007/978-3-031-94855-8_19
Erdogan, G., Omerovic, A., Solvang, E., Killingberg, A., Kvinnesland, A., & Abrahamsen, I. (2025). Lessons learned from a cybersecurity risk assessment of OpenADR in smart grid planning. In Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 652–659). IEEE. https://doi.org/10.1109/CSR64739.2025.11130051
Senior, S., Carmichael, L., Taylor, S., Surridge, M., & Vilalta, X. (2025). Knowledge modelling for automated risk assessment of cybersecurity and indirect patient harms in medical contexts. In Proceedings of the 11th International Conference on Information Systems Security and Privacy (ICISSP 2025) (Vol. 1, pp. 263–274). SCITEPRESS. https://doi.org/10.5220/0013166900003899
Moukafih, N., Zhang, H., Epiphaniou, G., Maple, C., Taylor, S., & Carmichael, L. (2024). Semi-automated threat vulnerability & risk assessment (TVRA) for medical devices. In Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments (PETRA ’24) (pp. 687–693). Association for Computing Machinery. https://doi.org/10.1145/3652037.3663896
Erdogan, G., Gillette, M., Tverdal, S., & Halvorsrud, R. (2026). From manual to automated cyber risk assessment: LLM- and RAG-driven multi-agent threat modeling with CORAS in healthcare case studies. In Proceedings of the International Conference on Dependable Systems and Their Applications (DSA 2025). https://doi.org/10.5281/zenodo.17579818
Skytterholm, A. N., Ntanis, A., Bernsmed, K., Mathisen, B. M., Wille, E., Androutsos, C., & Jaatun, M. G. (2026). Navigating cybersecurity compliance: The cyber compass for medical device manufacturers. In Proceedings of SUNRISE 2025: Secure and Resilient Digital Transformation of Healthcare. Springer. https://doi.org/10.5281/zenodo.18608957
Holmdin, N., Borgaonkar, R., Wille, E., & Jaatun, M. G. (2026). Aurora-fuzzware: Bridging the gap to enable practical fuzzing of microcontroller-based IoT devices. In Proceedings of SUNRISE 2025: Secure and Resilient Digital Transformation of Healthcare. Springer.https://doi.org/10.5281/zenodo.17579818
Borgaonkar, R., Skytterholm, A. N., & Bour, G. (2026). Aurora-fuzzware: Bridging the gap to enable practical fuzzing of microcontroller-based IoT devices. In Proceedings of SUNRISE 2025: Secure and Resilient Digital Transformation of Healthcare. Springer Nature. https://doi.org/10.5281/zenodo.18609073
Amit, G., Goldsteen, A., & Farkash, A. (2024). SoK: Reducing the vulnerability of fine-tuned language models to membership inference attacks [Preprint]. arXiv.https://doi.org/10.48550/arXiv.2403.08481
Steve Taylor, et.al., A Way Forward for the MDCG 2019-16 Medical Device Security Guidance, PETRA '24: Proceedings of the 17th International Conference on PErvasive Technologies Related to Assistive Environments
Gencer Erdogan, Laura Carmichael, Steve Taylor, Simeon Tverdal and Andrea Neverdal Skytterholm, Dynamic Cyber Risk Assessment for Connected Medical Devices: the NEMECYS Approach, Joint Proceedings of RCIS 2024 Workshops and Research Projects Track
Silje Marie Sørlien, Åse Marie Solnør, Karin Bernsmed and Martin Gilje Jaatun, Fuzzing the ARM Cortex-M: A Survey, Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media
Martin Gilje Jaatun, Steve Taylor, Colin Upstill, Ariel Farkash, Salvador Garcia and Christos Androutsos, NEMECYS: Addressing Challenges to Building Security Into Connected Medical Devices, HCist - International Conference on Health and Social Care Information Systems and Technologies 2023
Karin Bernsmed and Martin Gilje Jaatun, Security-by-design challenges for medical device manufacturers, EICC '24: Proceedings of the 2024 European Interdisciplinary Cybersecurity Conference
Andrea Skytterholm, Lars Halvdan Flå and Martin Gilje Jaatun, Workshop Insights: Navigating Cybersecurity Regulations for Device Manufacturers and Healthcare Operators, Cyber Science 2024 - Proceedings of the International Conference on Cybersecurity, Situational Awareness & Social Media
Androutsos, C. et al. (2025). MDCG 2019-16 Guidelines: Case Study-Based Assessment and Path Forward. In: Praça, I., Bernardi, S., Inácio, P.R. (eds) Cybersecurity. EICC 2025. Communications in Computer and Information Science, vol 2500. Springer, Cham. https://doi.org/10.1007/978-3-031-94855-8_22
Andrea Neverdal Skytterholm, Christos Androutsos, Adamantios Ntanis, and Martin Gilje Jaatun: Cybersecurity Guidances for Medical Devices: An MDCG and FDA Regulatory Comparison, in proceedings of IEEE SmartComp 2025, Cork, Ireland Preprint: https://jaatun.no/papers/2025/FDAvsMDCG-author.pdf
Koren, N., Goldsteen, A., Amit, G., & Farkash, A. (2025). Membership Inference Attacks Against Time-Series Models. In V. Nguyen & H.-T. Lin (Eds.), Proceedings of the 16th Asian Conference on Machine Learning (Vol. 260, pp. 319-334). Proceedings of Machine Learning Research. Available from https://proceedings.mlr.press/v260/koren25a.html
Anderson, M., Amit, G., & Goldsteen, A. (2025). Is my data in your retrieval database? Membership inference attacks against retrieval-augmented generation. In Proceedings of the 11th International Conference on Information Systems Security and Privacy (ICISSP 2025) – Volume 2 (pp. 474-485). SciTePress. https://doi.org/10.5220/0013108300003899
