A secure architecture for Australia’s index based e-health environment

This paper proposes a security architecture for the basic cross indexing systems emerging as foundational structures in current health information systems. In these systems unique identifiers are issued to healthcare providers and consumers. In most cases, such numbering schemes are national in scope and must therefore necessarily be used via an indexing system to identify records contained in pre-existing local, regional or national health information systems. Most large scale electronic health record systems envisage that such correlation between national healthcare identifiers and pre-existing identifiers will be performed by some centrally administered cross referencing, or index system. This paper is concerned with the security architecture for such indexing servers and the manner in which they interface with pre-existing health systems (including both workstations and servers). The paper proposes two required structures to achieve the goal of a national scale, and secure exchange of electronic health information, including: (a) the employment of high trust computer systems to perform an indexing function, and (b) the development and deployment of an appropriate high trust interface module, a Healthcare Interface Processor (HIP), to be integrated into the connected workstations or servers of healthcare service providers. This proposed architecture is specifically oriented toward requirements identified in the Connectivity Architecture for Australia’s e-health scheme as outlined by NEHTA and the national e-health strategy released by the Australian Health Ministers.

Expanding ethical vistas of IT professionals

In this paper we argue for an experientially grounded view of IT professionals’ ethical formation and support. We propose that for such formation and support to be effectual, it should challenge professionals’ conceptualisations of their field and of ethics, and it should do so with the aim of changing their experience. To this end, we present a Model of Ethical IT, which is based on an examination of the nature of ethics and on empirical findings concerning IT professionals’ experience of ethics. We argue that for IT professionals to be enabled to become more ethical in their practice: the purpose of IT must be primarily understood to be user-oriented; the nature of professional ethics must be primarily understood to be other-centred; and the goal of ethics education must be understood as primarily promoting a change in awareness.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Investigation into travel of transit oriented development : school students’ travel survey of Kelvin Grove Urban Village

Travel surveys were conducted for collecting data related to school students’ travel at Kelvin Grove Urban Village (KGUV). Currently, KGUV has school students studying at grade 10 to 12. As a part of data collection process, travel surveys were undertaken for school students studying. This document contains the questionnaire form used to collect the demographic and travel data related to school students at KGUV. The surveys forms were hand delivered to the school and the responses were collected back via reply paid envelop provided with the questionnaire form.

Analyzing requirements and approaches for sourcing software based services

Increasingly, software is no longer developed as a single system, but rather as a smart combination of so-called software services. Each of these provides an independent, specific and relatively small piece of functionality, which is typically accessible through the Internet from internal or external service providers. To the best of our knowledge, there are no standards or models that describe the sourcing process of these software based services (SBS). We identify the sourcing requirements for SBS and associate the key characteristics of SBS (with the sourcing requirements introduced). Furthermore, we investigate the sourcing of SBS with the related works in the field of classical procurement, business process outsourcing, and information systems sourcing. Based on the analysis, we conclude that the direct adoption of these approaches for SBS is not feasible and new approaches are required for sourcing SBS.

Analyzing requirements and approaches for sourcing software based services

Increasingly, software is no longer developed as a single system, but rather as a smart combination of so-called software services. Each of these provides an independent, specific and relatively small piece of functionality, which is typically accessible through the Internet from internal or external service providers. There are no standards or models that describe the sourcing process of these software based services (SBS). The authors identify the sourcing requirements for SBS and associate the key characteristics of SBS (with the sourcing requirements introduced). Furthermore, this paper investigates the sourcing of SBS with the related works in the field of classical procurement, business process outsourcing, and information systems sourcing. Based on the analysis, the authors conclude that the direct adoption of these approaches for SBS is not feasible and new approaches are required for sourcing SBS.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Photo-crosslinking of functionalised lactide oligomers for the fabrication of osteochondral tissue engineering scaffolds

In the fabrication of osteochondral tissue engineering scaffolds, the two distinct tissues impose different requirements on the architecture. Stereo-lithography is a rapid prototyping method that can be utilised to make 3D constructs with high spatial control by radical photopolymerization. In this study, biodegradable resins are developed that can be applied in stereo-lithography. Photo-crosslinked poly(lactide) networks with varying physical properties were synthesised, and by photo polymerizing in the presence of leachable particles porous scaffolds could be prepared as well.

User characteristics of transit oriented developments : the case of Kelvin Grove Urban Village

Transit oriented developments are high density mixed use developments located within short and easily walkable distance of a major transit centre. These developments are often hypothesised as a means of enticing a mode shift from the private car to sustainable transport modes such as, walking, cycling and public transport. However, it is important to gather evidence to test this hypothesis by determining the travel characteristics of transit oriented developments users. For this purpose, travel surveys were conducted for an urban transit oriented development currently under development. This chapter presents the findings from the preliminary data analysis of the travel surveys. Kelvin Grove Urban Village, a mixed use development located in Brisbane, Australia, has been selected as the case for the transit oriented developments study. Travel data for all groups of transit oriented development users ranging from students to shoppers, and residents to employees were collected. Different survey instruments were used for different transit oriented development users to optimise their response rates, and the performance of these survey instruments are stated herein. The travel characteristics of transit oriented development users are reported in this chapter by explaining mode share, trip length distribution, and time of day of trip. The results of the travel survey reveal that Kelvin Grove Urban Village users use more sustainable modes of transport as compared to other Brisbane residents.

Designed tissue engineering scaffolds prepared by stereolithography

For the fabrication of tissue engineering scaffolds, the intended tissue formation process imposes requirements on the architecture. The chosen porosity often is a tradeoff between volume and surface area accessible to cells, and mechanical properties of the construct. Interconnectivity of the pores is essential for cell migration through the scaffold and for mass transport. Conventional techniques such as salt leaching often result in heterogeneous structures and do not allow for a precise control of the architecture. Stereolithography is a rapid prototyping method that can be utilised to make 3D constructs with high spatial control by radical photopolymerisation. In this study, a regular structure based on cyclic repetition of cell units were designed through CAD modelling.. One of these structures was built on a stereolithography apparatus (SLA). Furthermore, a polylactide-based resin was developed that can be applied in stereolithography. Polylactide has proven before to be a well-performing polymer in bone tissue engineering. The final objective in this study is to build newly designed PDLLA scaffolds with a precise SLA fabrication technique to study the effect of scaffold architecture on mechanical and biological properties.

Resorbable composite scaffolds for bone tissue engineering

Bone loss associated with trauma osteo-degenerative diseases and tumors has tremendous socioeconomic impact related to personal and occupation disability and health care costs. Bone grafting is often critical to surgical therapies. Autogenous bone is presently the preferred grafting material; however, this holds several disadvantages such as donor site morbidity. In the present climate of increasing life expectancy with an ensuing increase in bone-related injuries, orthopaedic surgery is undergoing a paradigm shift from bone-grafting to bone engineering, where a scaffold is implanted to provide adequate load bearing and enhance tissue regeneration. Our group at Queensland University of Technology (QUT) have developed, characterised and tested polycaprolactone/ tricalcium phosphate (PCL/TCP) composite scaffolds for low load-bearing bone defects. These scaffolds are being further developed for application in higher load bearing sites. Our approach emphasizes the importance of the biomaterials’ structural design, the scaffold architecture and structural and nutritional requirements for cell culture. These first-generation scaffolds made from medical grade PCL (mPCL) have been studied for more than 5 years within a clinical setting 1. This paper describes the application of second-generation scaffolds in small and large animal bone defect models and the ensuing bone regeneration as shown by histology and µCT.

Engaging operations management students by designing the unit with industry focus

Operations management is an area concerned with the production of goods and services ensuring that business operations are efficient in utilizing resource and effective to meet customer requirements. It deals with the design and management of products, processes, services and supply chains and considers the acquisition, development, and effective and efficient utilization of resources. Unlike other engineering subjects, content of these units could be very wide and vast. It is therefore necessary to cover the content that is most related to the contemporary industries. It is also necessary to understand what engineering management skills are critical for engineers working in the contemporary organisations. Most of the operations management books contain traditional Operations Management techniques. For example ‘inventory management’ is an important topic in operations management. All OM books deal with effective method of inventory management. However, new trend in OM is Just in time (JIT) delivery or minimization of inventory. It is therefore important to decide whether to emphasise on keeping inventory (as suggested by most books) or minimization of inventory. Similarly, for OM decisions like forecasting, optimization and linear programming most organisations now a day’s use software. Now it is important for us to determine whether some of these software need to be introduced in tutorial/ lab classes. If so, what software? It is established in the Teaching and Learning literature that there must be a strong alignment between unit objectives, assessment and learning activities to engage students in learning. Literature also established that engaging students is vital for learning. However, engineering units (more specifically Operations management) is quite different from other majors. Only alignment between objectives, assessment and learning activities cannot guarantee student engagement. Unit content must be practical oriented and skills to be developed should be those demanded by the industry. Present active learning research, using a multi-method research approach, redesigned the operations management content based on latest developments in Engineering Management area and the necessity of Australian industries. The redesigned unit has significantly helped better student engagement and better learning. It was found that students are engaged in the learning if they find the contents are helpful in developing skills that are necessary in their practical life.

A framework for reasoning about inherent parallelism in modern object-oriented languages

With the emergence of multi-core processors into the mainstream, parallel programming is no longer the specialized domain it once was. There is a growing need for systems to allow programmers to more easily reason about data dependencies and inherent parallelism in general purpose programs. Many of these programs are written in popular imperative programming languages like Java and C]. In this thesis I present a system for reasoning about side-effects of evaluation in an abstract and composable manner that is suitable for use by both programmers and automated tools such as compilers. The goal of developing such a system is to both facilitate the automatic exploitation of the inherent parallelism present in imperative programs and to allow programmers to reason about dependencies which may be limiting the parallelism available for exploitation in their applications. Previous work on languages and type systems for parallel computing has tended to focus on providing the programmer with tools to facilitate the manual parallelization of programs; programmers must decide when and where it is safe to employ parallelism without the assistance of the compiler or other automated tools. None of the existing systems combine abstraction and composition with parallelization and correctness checking to produce a framework which helps both programmers and automated tools to reason about inherent parallelism. In this work I present a system for abstractly reasoning about side-effects and data dependencies in modern, imperative, object-oriented languages using a type and effect system based on ideas from Ownership Types. I have developed sufficient conditions for the safe, automated detection and exploitation of a number task, data and loop parallelism patterns in terms of ownership relationships. To validate my work, I have applied my ideas to the C] version 3.0 language to produce a language extension called Zal. I have implemented a compiler for the Zal language as an extension of the GPC] research compiler as a proof of concept of my system. I have used it to parallelize a number of real-world applications to demonstrate the feasibility of my proposed approach. In addition to this empirical validation, I present an argument for the correctness of the type system and language semantics I have proposed as well as sketches of proofs for the correctness of the sufficient conditions for parallelization proposed.