Formal security analysis of Australian e-passport implementation

This paper provides a detailed description of the current Australian e-passport implementation and makes a formal verification using model checking tools CASPER/CSP/FDR. We highlight security issues present in the current e-passport implementation and identify new threats when an e-passport system is integrated with an automated processing systems like SmartGate. Because the current e-passport specification does not provide adequate security goals, to perform a rational security analysis we identify and describe a set of security goals for evaluation of e-passport protocols. Our analysis confirms existing security issues that were previously informally identified and presents weaknesses that exists in the current e-passport implementation.

Non-formal techniques for early assessment of design ideas for services

Designing systems for multiple stakeholders requires frequent collaboration with multiple stakeholders from the start. In many cases at least some stakeholders lack a professional habit of formal modeling. We report observations from student design teams as well as two case studies, respectively of a prototype for supporting creative communication to design objects, and of stakeholder-involvement in early design. In all observations and case studies we found that non-formal techniques supported strong collaboration resulting in deep understanding of early design ideas, of their value and of the feasibility of solutions.

Histories of user-generated content : between formal and informal media economies

Debates about user-generated content (UGC) often depend on a contrast with its normative opposite, the professionally produced content that is supported and sustained by commercial media businesses or public organisations. UGC is seen to appear within or in opposition to professional media, often as a disruptive, creative, change-making force. Our suggestion is to position UGC not in opposition to professional or "producer media", or in hybridised forms of subjective combination with it (the so-called "pro-sumer" or "pro-am" system), but in relation to different criteria, namely the formal and informal elements in media industries. In this article, we set out a framework for the comparative and historical analysis of UGC systems and their relations with other formal and informal media activity, illustrated with examples ranging from games to talkback radio. We also consider the policy implications that emerge from a historicised reading of UGC as a recurring dynamic within media industries, rather than a manifestation of consumer agency specific to digital cultures.

Non-formal techniques for requirements elicitation, modeling, and early assessment for services

Designing systems for multiple stakeholders requires frequent collaboration with multiple stakeholders from the start. In many cases at least some stakeholders lack a professional habit of formal modeling. We report observations from two case studies of stakeholder-involvement in early design where non-formal techniques supported strong collaboration resulting in deep understanding of requirements and of the feasibility of solutions.

Formal home health care, informal care, and family decision making

We use the 1993 wave of the Assets and Health Dynamics Among the Oldest Old (AHEAD) data set to estimate a game-theoretic model of families' decisions concerning the provision of informal and formal care for elderly individuals. The outcome is the Nash equilibrium where each family member jointly determines her consumption, transfers for formal care, and allocation of time to informal care, market work, and leisure. We use the estimates to decompose the effects of adult children's opportunity costs, quality of care, and caregiving burden on their propensities to provide informal care. We also simulate the effects of a broad range of policies of current interest. © (2009) by the Economics Department of the University of Pennsylvania and the Osaka University Institute of Social and Economic Research Association.

Formal analysis of card-based payment systems in mobile devices

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.

Digital image watermarking: its formal model, fundamental properties and possible attacks

While formal definitions and security proofs are well established in some fields like cryptography and steganography, they are not as evident in digital watermarking research. A systematic development of watermarking schemes is desirable, but at present their development is usually informal, ad hoc, and omits the complete realization of application scenarios. This practice not only hinders the choice and use of a suitable scheme for a watermarking application, but also leads to debate about the state-of-the-art for different watermarking applications. With a view to the systematic development of watermarking schemes, we present a formal generic model for digital image watermarking. Considering possible inputs, outputs, and component functions, the initial construction of a basic watermarking model is developed further to incorporate the use of keys. On the basis of our proposed model, fundamental watermarking properties are defined and their importance exemplified for different image applications. We also define a set of possible attacks using our model showing different winning scenarios depending on the adversary capabilities. It is envisaged that with a proper consideration of watermarking properties and adversary actions in different image applications, use of the proposed model would allow a unified treatment of all practically meaningful variants of watermarking schemes.

What parents value from formal support services in the context of identified child abuse

Parents whose children are identified as having experienced or being at risk of experiencing significant harm potentially provide an invaluable dimension to our understanding of the circumstances that result in child abuse or neglect and how best to respond to these invariably complex situations. This paper reports findings from a study of the experiences of six parents. In-depth interviews were conducted with four mothers and two fathers who had been referred to an intensive family support services by the Queensland statutory child protection authority. Using a critical ecological perspective, the study focused on identifying and understanding the experiences of the parents in using formal family support services, including aspects of service delivery that were helpful or unhelpful. Parents also commented on their experiences of statutory child protection services. Service components and worker qualities that parents identified as being helpful included being accessible, targeted and integrated and being able to meet a continuum of needs, from a micro to a broader level. Their reports provide invaluable insight into how formal family support services, including child protection services, can better meet the needs of parents in addressing the recurring problem of child maltreatment.

Aboriginal and Torres Strait Islander university students conceptions of formal learning and experiences of informal learning

This paper describes an investigation of conceptions of learning held by 22 Aboriginal and Torres Strait Islander students from three universities in Queensland, Australia. Other areas investigated were students' experiences of informal learning, their reasons for studying and the strategies they used to learn. Research into conceptions of learning is gaining impetus and current beliefs include the premise that approaches to learning adopted by university students, and hence learning outcomes, are closely related to their conceptions of learning. There is substantial research focused on Aboriginal learning styles in early childhood and primary school which indicates that Aboriginal children prefer to learn in a practical way as well as through observation and imitation and trial and error. Very little research has focused specifically on Aboriginal university students' conceptions of learning. Results of this study found that these students view and approach formal university learning in much the same way as other university students and most hold quantitative conceptions of learning. The most interesting result was the difference between students' conceptions of formal learning and their experiences of informal learning. Many students' experiences of informal learning were grounded in practical activities or exhibited a cultural focus, however, most formal learning is not dependent upon practical or cultural knowledge. It is proposed that formal learning for Indigenous students recognise and include an Indigenous perspective such as integrating, where appropriate, practical strategies for learning. We also suggest that Indigenous students be helped to develop conceptions that will enable them to learn formal, theoretical material successfully.

Learning in formal and informal contexts : conceptions and strategies of Aboriginal and Torres Strait Islander university students

Research suggests that students' approaches to learning and hence learning outcomes are closely related to their conceptions of learning. This paper describes an investigation into conceptions of formal learning held by 22 Aboriginal and Torres Strait Islander students from three Australian universities in Queensland; categories of informal learning, reasons for studying and strategies used to learn were also investigated. The attrition rate for these students in tertiary education is higher than that of any other group of students. The main aim of this study was to determine their conceptions of learning in order to provide information that might facilitate instruction more suited to their needs in order to address the high attrition rate. Results showed that these students view and approach university learning in much the same way as other university students. It was also apparent that, for the most part, the strategies these students used did not match the conceptions of learning they held. An interesting result was the difference between the conceptions of formal learning and perceptions of informal learning.

Understanding Formal and Informal Governance on Infrastructure Projects - Literature Review [industry report]

In Australia, collaborative contracts have been increasingly used to govern infrastructure projects. These contracts combine formal and informal mechanisms to manage project delivery. Formal mechanisms (e.g. financial risk sharing) are specified in the contract, while informal mechanisms (e.g. integrated team) are not. The paper reports on a literature review to operationalise the concepts of formal and informal governance, as the literature contains a multiplicity of, often un-testable, definitions. This work is the first phase of a study that will examine the optimal balance of formal and informal governance structures. Desk-top review of leading journals in the areas of construction management and business management, as well as recent government documents and industry guidelines, was undertaken to to conceptualise and operatinalise formal and informal governance mechanisms. The study primarily draws on transaction-cost economics (e.g. Williamson 1979; 1991), relational contract theory (Feinman 2000; Macneil 2000) and social psychology theory (e.g. Gulati 1995). Content analysis of the literature was undertaken to identify key governance mechanisms. Content analysis is a commonly used methodology in the social sciences area. It provides rich data through the systematic and objective review of literature (Krippendorff 2004). NVivo 9, a qualitative data analysis software package, was used to assist in this process. Formal governance mechanisms were found to be usefully broken down into four measurable categories: (1) target cost arrangement (2) financial risk and reward sharing regime (3) transparent financials and (4) collaborative multi-party agreement Informal governance mechanisms were found to be usefully broken down into three measurable categories: (1) leadership structure (2) integrated team (3) joint management system We expect these categories to effectively capture the key governance drivers of outcomes on infrastructure projects. These categories will be further refined and broken down into individual governance mechanisms for assessment through a large-scale Australian survey planned for late 2012. These individual mechanisms will feature in the questionnaire that QUT will deliver to AAA in October 2012.

Normative requirements for regulatory compliance: An abstract formal framework

By definition, regulatory rules (in legal context called norms) intend to achieve specific behaviour from business processes, and might be relevant to the whole or part of a business process. They can impose conditions on different aspects of process models, e.g., control-flow, data and resources etc. Based on the rules sets, norms can be classified into various classes and sub-classes according to their effects. This paper presents an abstract framework consisting of a list of norms and a generic compliance checking approach on the idea of (possible) execution of processes. The proposed framework is independent of any existing formalism, and provides a conceptually rich and exhaustive ontology and semantics of norms needed for business process compliance checking. The possible uses of the proposed framework include to compare different compliance management frameworks (CMFs).

Legal mechanisms for maximising community engagement with formal evacuation messaging: How well are these understood?

Study/Objective This program of research examines the effectiveness of legal mechanisms as motivators to maximise engagement and compliance with evacuation messages. This study is based on the understanding that the presence of legislative requirements, as well as sanctions and incentives encapsulated in law, can have a positive impact in achieving compliance. Our objective is to examine whether the current Australian legal frameworks, which incorporate evacuation during disasters, are an effective structure that is properly understood by those who enforce and those who are required to comply. Background In Australia, most jurisdictions have enacted legislation that encapsulates the power to evacuate and the ability to enforce compliance, either by the use of force or imposition of penalty. However, citizens still choose to not evacuate. Methods This program of research incorporates theoretical and doctrinal methodologies for reviewing literature and legislation in the Australia context. The aim of the research is to determine whether further clarity is required to create an understanding of the powers to evacuate, as well as greater public awareness of these powers. Results & Conclusion Legislators suggest that powers of evacuation can be ineffective if they are impractical to enforce. In Australia, there may also be confusion about from which legislative instrument the power to evacuate derives, and therefore whether there is a corresponding ability to enforce compliance through the use of force or imposition of a penalty. Equally, communities may lack awareness and understanding of the powers of agencies to enforce compliance. We seek to investigate whether this is the case, and whether even if greater awareness existed, it would act as an incentive to comply.

Formal modelling and analysis of DNP3 secure authentication

Supervisory Control and Data Acquisition (SCADA) systems are one of the key foundations of smart grids. The Distributed Network Protocol version 3 (DNP3) is a standard SCADA protocol designed to facilitate communications in substations and smart grid nodes. The protocol is embedded with a security mechanism called Secure Authentication (DNP3-SA). This mechanism ensures that end-to-end communication security is provided in substations. This paper presents a formal model for the behavioural analysis of DNP3-SA using Coloured Petri Nets (CPN). Our DNP3-SA CPN model is capable of testing and verifying various attack scenarios: modification, replay and spoofing, combined complex attack and mitigation strategies. Using the model has revealed a previously unidentified flaw in the DNP3-SA protocol that can be exploited by an attacker that has access to the network interconnecting DNP3 devices. An attacker can launch a successful attack on an outstation without possessing the pre-shared keys by replaying a previously authenticated command with arbitrary parameters. We propose an update to the DNP3-SA protocol that removes the flaw and prevents such attacks. The update is validated and verified using our CPN model proving the effectiveness of the model and importance of the formal protocol analysis.