The Australian Business Assessment of Computer User Security (ABACUS): A national survey.

The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.

3D BPMN airport processes

Video presented as part of ACIS 2009 conference in Melbourne Australia. This movie is a demonstration of the use of 3D Virtual Environments to visualise 3D BPMN Process Models, and in particular, to highlight any issues with the process model that are spatial in nature. This work is part of a paper accepted for the Asia-Pacific Conference on Conceptual Modelling (APCCM 2010) to be held in Brisbane - http://2010.apccm.org/

Land use planning and the airport metropolis

Australian airports have emerged as important urban activity centres over the past decade as a result of privatisation. A range of reciprocal airport and regional impacts now pose considerable challenges for both airport operation and the surrounding urban and regional environment. The airport can no longer be managed solely as a specialised transport entity in isolation from the metropolis that it serves. In 2007 a multidisciplinary Australian Research Council Linkage Project (LP 0775225) was funded to investigate the changing role of airports in Australia. This thesis is but one component of this collaborative research effort. Here the issues surrounding the policy and practice of airport and regional land use planning are explored, analysed and detailed. This research, for the first time, assembles a distinct progression of the wider social, economic, technological and environmental roles of the airport within the Australian airport literature from 1914 – 2011. It recognises that while the list of airport and regional impacts has grown through time, treatment within practice and the literature has largely remained highly specialised and contained within disciplinary paradigms. The first publication of the thesis (Chapter 2) acknowledges that the changing role of airports demands the establishment of new models of airport planning and development. It argues that practice and research requires a better understanding of the reciprocal impacts of airports and their urban catchments. The second publication (Chapter 3) highlights that there is ad hoc examination and media attention of high profile airport and regional conflict, but little empirical analysis or understanding of the extent to which all privatised Australian airports are intending to develop. The conceptual and methodological significance of this research is the development of a national land use classification system for on-airport development. This paper establishes the extent of on-airport development in Australia, providing insight into the changing land use and economic roles of privatised airports. The third publication (Chapter 4) details new and significant interdependencies for airport and regional development in consideration of the progression of airports as activity centres. Here the model of an ‘airport metropolis’ is offered as an organising device and theoretical contribution for comprehending the complexity and planning of airport and regional development. It delivers a conceptual framework for both research and policy, which acknowledges the reciprocal impacts of economic development, land use, infrastructure and governance ‘interfaces’. In a timely and significant concurrence with this research the Australian Government announced and delivered a National Aviation Policy Review (2008 – 2009). As such the fourth publication (Chapter 5) focuses on the airport and urban planning aspects of the review. This paper also highlights the overall policy intention of facilitating broader airport and regional collaborative processes. This communicative turn in airport policy is significant in light of the communicative theoretical framework of the thesis. The fifth paper of the thesis (Chapter 6) examines three Australian case studies (Brisbane, Adelaide and Canberra) to detail the context of airport and regional land use planning and to apply the airport metropolis model as a framework for research. Through the use of Land Use Forums, over 120 airport and regional stakeholders are brought together to detail their perspectives and interactions with airport and regional land use planning. An inductive thematic analysis of the results identifies three significant themes which contribute to the fragmentation of airport and regional and land use planning: 1) inadequate coordination and disjointed decision-making; 2) current legislative and policy frameworks; and 3) competing stakeholder priorities and interests. Building on this new knowledge, Chapter 7 details the perceptions of airport and local, state and territory government stakeholders to land use relationships, processes and outcomes. A series of semi-structured interviews are undertaken in each of the case studies to inform this research. The potential implications for ongoing communicative practice are discussed in conclusion. The following thesis represents an incremental and cumulative research process which delivers new knowledge for the practical understanding and research interpretation of airport and regional land use planning practice and policy. It has developed and applied a robust conceptual framework which delivers significant direction for all stakeholders to better comprehend the relevance of airports in the urban character and design of our cities.

Background to the development of a curriculum for the history of “cyber” and “communications” security

For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.

Iris based identity verification robust to sample presentation security attacks

Iris based identity verification is highly reliable but it can also be subject to attacks. Pupil dilation or constriction stimulated by the application of drugs are examples of sample presentation security attacks which can lead to higher false rejection rates. Suspects on a watch list can potentially circumvent the iris based system using such methods. This paper investigates a new approach using multiple parts of the iris (instances) and multiple iris samples in a sequential decision fusion framework that can yield robust performance. Results are presented and compared with the standard full iris based approach for a number of iris degradations. An advantage of the proposed fusion scheme is that the trade-off between detection errors can be controlled by setting parameters such as the number of instances and the number of samples used in the system. The system can then be operated to match security threat levels. It is shown that for optimal values of these parameters, the fused system also has a lower total error rate.

Land use conflict across the airport fence : competing urban policy, planning and priority in Australia

Land use planning within and surrounding privatised Australian capital city airports is a fragmented process as a result of: current legislative and policy frameworks; competing stakeholder priorities and interests; and inadequate coordination and disjointed decision-making. Three Australian case studies are examined to detail the context of airport and regional land use planning. Stakeholder Land Use Forums within each case study have served to inform the procedural dynamics and relationships between airport and regional land use decision-making. This article identifies significant themes and stakeholder perspectives regarding on-airport development and broader urban land use policy and planning. First, it outlines the concept of the “airport city” and examines the model of airport and regional “interfaces.” Then, it details the policy context that differentiates on-airport land use planning from planning within the surrounding region. The article then analyses the results of the Land Use Forums identifying key themes within the shared and reciprocal interfaces of governance, environment, economic development and infrastructure. The article concludes by detailing the implications of this research to broader urban planning and highlights the core issues contributing to the fragmentation of airport and regional land use planning policy.

Network governance in US airport taxicab planning activities

This thesis examines the use of network governance in US airport transportation planning activities involving taxicab services for airport patrons. The research provides US airports with new insights whereby they can successfully engage with both transportation regulatory agencies and taxicab service providers in developing mutually agreeable policies that foster the development of supply-side taxicab service improvements. A mix of quantitative and qualitative research methods is used to unearth how US airports interact with these actors, and to identify attitudes held by airport staff in their engagements involving airport taxicab planning matters. The research may ultimately lead to the achievement of sustainable increases in the air passenger ground transportation modal share at US airports, resulting in both desirable long-term operational and environmental benefits for airport management, those involved with the provision of airport taxicab services, and the traveling public.

ASICS : authenticated key exchange security incorporating certification systems

Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

On the security of TLS renegotiation

The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.

Indigenous knowledge and IP food security : a review of concepts and cases

Dáwat, Pamahándí, Tawíd, Ságda, Lampísa, Ibabások, Lapát, Panedlák: for most of us gathered here, these are words that we don’t usually use in our daily lives. Others may consider them as exotic, alien, funny and even backward. However, for indigenous kindred among us, these words denote an intimate identity and deep understanding of the world around them. It constitutes a broader knowledge system, be written or otherwise, which guides them in the management of resources within their ancestral land. This paper will provide a brief theoretical framework of the concepts of indigenous knowledge systems—hereinafter called IKS, and indigenous peoples food security, and hopefully a deeper or continued appreciation in the study of both concepts in general.

Security and privacy in eHealth : is it possible? A sociotechnical analysis

Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients’ health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.

A framework for security analysis of key derivation functions

This paper presents a comprehensive formal security framework for key derivation functions (KDF). The major security goal for a KDF is to produce cryptographic keys from a private seed value where the derived cryptographic keys are indistinguishable from random binary strings. We form a framework of five security models for KDFs. This consists of four security models that we propose: Known Public Inputs Attack (KPM, KPS), Adaptive Chosen Context Information Attack (CCM) and Adaptive Chosen Public Inputs Attack(CPM); and another security model, previously defined by Krawczyk [6], which we refer to as Adaptive Chosen Context Information Attack(CCS). These security models are simulated using an indistinguisibility game. In addition we prove the relationships between these five security models and analyse KDFs using the framework (in the random oracle model).

Passenger familiarity and intuitive navigation within airport environments

Passengers navigating through airports can experience confusion or become lost, resulting in dissatisfaction, missed flights and flight delays. Passengers moving through airports are required to make many navigation decisions, for example to find the correct check-in desk or find the correct boarding gate. Prior experience of using the airports is likely to enable intuitive navigation, however limited research on this topic currently exists. In this paper we investigate passenger navigation by observing 30 participants at one international airport as they moved from check-in to a departure gate. The results indicate that passengers do spend time navigating intuitively through the airport, and that there is a positive correlation between intuitive navigation and airport familiarity. It was also found that participants with lower airport familiarity spend a greater percentage of overall navigation time searching and assessing/acquiring information than high familiarity participants. These findings provide evidence that passengers with higher airport familiarity have a greater understanding of the process, have a better understanding of what information to look for and use this familiarity to navigate intuitively. Findings from this research will have design implications for both current, and future airport terminals and other large spaces that people navigate through.