Misunderstanding or Misdirection?: Whistleblower Protection in Queensland

In his report into corruption in Queensland, Fitzgerald listed whistleblower protection as a necessary part of a strong governance regime. "What is required is an accessible, independent body to which disclosures can be made, confidentially (at least in the first instance) and in any event free from fear of reprisals." It was one of the reforms studied by the Electoral and Administrative Review Committee, the report of which resulted in the Whistleblowers Protection Act 1994 (WPA). The need for whistleblower protection was supported by all sides of Parliament. The Premier, Wayne Goss, in his Second Reading Speech on the Public Sector Ethics Bill , said that that Act and the WPA would form a package with the former outlining required behaviour and the WPA encouraging staff to report wrongdoing. The WPA was subsequently passed and has remained virtually unamended for over a decade. Such consistency is either an indication of skilled drafting and effectiveness or the fact that the Act has been neglected. It is the hypothesis of this paper that the latter is the case. This hypothesis will be tested by examining the sincerity and diligence with which the Act has been treated during, and following, its passage.

Likelihood-maximising frameworks for enhanced in-car speech recognition

Speech recognition in car environments has been identified as a valuable means for reducing driver distraction when operating non-critical in-car systems. Likelihood-maximising (LIMA) frameworks optimise speech enhancement algorithms based on recognised state sequences rather than traditional signal-level criteria such as maximising signal-to-noise ratio. Previously presented LIMA frameworks require calibration utterances to generate optimised enhancement parameters which are used for all subsequent utterances. Sub-optimal recognition performance occurs in noise conditions which are significantly different from that present during the calibration session - a serious problem in rapidly changing noise environments. We propose a dialog-based design which allows regular optimisation iterations in order to track the changing noise conditions. Experiments using Mel-filterbank spectral subtraction are performed to determine the optimisation requirements for vehicular environments and show that minimal optimisation assists real-time operation with improved speech recognition accuracy. It is also shown that the proposed design is able to provide improved recognition performance over frameworks incorporating a calibration session.

Protocol engineering for protection against denial-of-service attacks

Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.

SELinux policy management framework for HIS

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.

Consumer protection in the banking sector : reviewing the Code of Banking Practice

This article explains the relevance of the Code and its place in the regulatory framework, discusses some of the key issues arising in the recent review (as identified by consumer advocates1), and explains the relationship between the Code and the Financial Ombudsman Service.

Electronic workplace surveillance and employee privacy : a comparative analysis of privacy protection in Australia and the United States

More than a century ago in their definitive work “The Right to Privacy” Samuel D. Warren and Louis D. Brandeis highlighted the challenges posed to individual privacy by advancing technology. Today’s workplace is characterised by its reliance on computer technology, particularly the use of email and the Internet to perform critical business functions. Increasingly these and other workplace activities are the focus of monitoring by employers. There is little formal regulation of electronic monitoring in Australian or United States workplaces. Without reasonable limits or controls, this has the potential to adversely affect employees’ privacy rights. Australia has a history of legislating to protect privacy rights, whereas the United States has relied on a combination of constitutional guarantees, federal and state statutes, and the common law. This thesis examines a number of existing and proposed statutory and other workplace privacy laws in Australia and the United States. The analysis demonstrates that existing measures fail to adequately regulate monitoring or provide employees with suitable remedies where unjustifiable intrusions occur. The thesis ultimately supports the view that enacting uniform legislation at the national level provides a more effective and comprehensive solution for both employers and employees. Chapter One provides a general introduction and briefly discusses issues relevant to electronic monitoring in the workplace. Chapter Two contains an overview of privacy law as it relates to electronic monitoring in Australian and United States workplaces. In Chapter Three there is an examination of the complaint process and remedies available to a hypothetical employee (Mary) who is concerned about protecting her privacy rights at work. Chapter Four provides an analysis of the major themes emerging from the research, and also discusses the draft national uniform legislation. Chapter Five details the proposed legislation in the form of the Workplace Surveillance and Monitoring Act, and Chapter Six contains the conclusion.

Power quality enhanced operation and control of a microgrid based custom power park

This paper describes the operation of a microgrid that contains a custom power park (CPP). The park may contain an unbalanced and/or nonlinear load and the microgrid may contain many dis-tributed generators (DGs). One of the DGs in the microgrid is used as a compensator to achieve load compensation. A new method is proposed for current reference generation for load compensation, which takes into account the real and reactive power to be supplied by the DG connected to the compensator. The real and reactive power from the DGs and the utility source is tightly regulated assuming that dedicated communication channels are available. Therefore this scheme is most suitable in cases where the loads in CPP and DGs are physically located close to each other. The proposal is validated through extensive simulation studies using EMTDC/PSCAD software package (version 4.2).

Contemporary consumer law : the role and effectiveness of regulation in consumer protection

This issue of the Griffith Law Review focuses on consumer law, and the pervasive nature of this area of law. We are all consumers, but do not necessarily identify as such, nor are we a homogeneous group. The boundaries of

Adaptive load shedding and regional protection

The requirement for improved efficiency whilst maintaining system security necessitates the development of improved system analysis approaches and the development of advanced emergency control technologies. Load shedding is a type of emergency control that is designed to ensure system stability by curtailing system load to match generation supply. This paper presents a new adaptive load shedding scheme that provides emergency protection against excess frequency decline, whilst minimizing the risk of line overloading. The proposed load shedding scheme uses the local frequency rate information to adapt the load shedding behaviour to suit the size and location of the experienced disturbance. The proposed scheme is tested in simulation on a 3-region, 10-generator sample system and shows good performance.

Enhanced human bone marrow stromal cell affinity for modified poly(L-lactide) surfaces by the upregulation of adhesion molecular genes

To enhance and regulate cell affinity for poly (l-lactic acid) (PLLA) based materials, two hydrophilic ligands, poly (ethylene glycol) (PEG) and poly (l-lysine) (PLL), were used to develop triblock copolymers: methoxy-terminated poly (ethylene glycol)-block-poly (l-lactide)-block-poly (l-lysine) (MPEG-b-PLLA-b-PLL) in order to regulate protein absorption and cell adhesion. Bone marrow stromal cells (BMSCs) were cultured on different composition of MPEG-b-PLLA-b-PLL copolymer films to determine the effect of modified polymer surfaces on BMSC attachment. To understand the molecular mechanism governing the initial cell adhesion on difference polymer surfaces, the mRNA expression of 84 human extracellular matrix (ECM) and adhesion molecules was analysed using quantitative reverse transcriptase polymerase chain reaction (qRT-PCR). It was found that down regulation of adhesion molecules was responsible for the impaired BMSC attachment on PLLA surface. MPEG-b-PLLA-b-PLL copolymer films improved significantly the cell adhesion and cytoskeleton expression by upregulation of relevant molecule genes significantly. Six adhesion genes (CDH1, ITGL, NCAM1, SGCE, COL16A1, and LAMA3) were most significantly influenced by the modified PLLA surfaces. In summary, polymer surfaces altered adhesion molecule gene expression of BMSCs, which consequently regulated cell initial attachment on modified PLLA surfaces.