Security and legal issues in E-tendering

The Queensland Department of Public Works (QDPW) and the Queensland Department of Main Roads (QDMR) have identified a need for industry e-contracting guidelines in the short to medium term. Each of these organisations conducts tenders and contracts for over $600 million annually. This report considers the security and legal issues relating to the shift from a paper-based tendering system to an electronic tendering system. The research objectives derived from the industry partners include: • a review of current standards and e-tendering systems; • a summary of legal requirements impacting upon e-tendering; • an analysis of the threats and requirements for any e-tendering system; • the identification of outstanding issues; • an evaluation of possible e-tendering architectures; • recommendations for e-tendering systems.

Test architecture for prototyping automated dynamic airspace control

The automation of various aspects of air traffic management has many wide-reaching benefits including: reducing the workload for Air Traffic Controllers; increasing the flexibility of operations (both civil and military) within the airspace system through facilitating automated dynamic changes to en-route flight plans; ensuring safe aircraft separation for a complex mix of airspace users within a highly complex and dynamic airspace management system architecture. These benefits accumulate to increase the efficiency and flexibility of airspace use(1). Such functions are critical for the anticipated increase in volume of manned and unmanned aircraft traffic. One significant challenge facing the advancement of airspace automation lies in convincing air traffic regulatory authorities that the level of safety achievable through the use of automation concepts is comparable to, or exceeds, the accepted safety performance of the current system.

Security metrics for object-oriented class designs

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.

The YAWL Architecture

The YAWL system is structured as a service-oriented architecture. It is composed of an extensible set of YAWL Services [1], each of which is deployed at a certain endpoint and offers one or multiple interfaces. Some of these services are userfacing, meaning that they offer interfaces to end users, while others offer interfaces to applications or other services.

Building an ontology and process architecture for engineering asset management

Historically, asset management focused primarily on the reliability and maintainability of assets; organisations have since then accepted the notion that a much larger array of processes govern the life and use of an asset. With this, asset management’s new paradigm seeks a holistic, multi-disciplinary approach to the management of physical assets. A growing number of organisations now seek to develop integrated asset management frameworks and bodies of knowledge. This research seeks to complement existing outputs of the mentioned organisations through the development of an asset management ontology. Ontologies define a common vocabulary for both researchers and practitioners who need to share information in a chosen domain. A by-product of ontology development is the realisation of a process architecture, of which there is also no evidence in published literature. To develop the ontology and subsequent asset management process architecture, a standard knowledge-engineering methodology is followed. This involves text analysis, definition and classification of terms and visualisation through an appropriate tool (in this case, the Protégé application was used). The result of this research is the first attempt at developing an asset management ontology and process architecture.

Art for architecture's sake?

The Architecture, Disciplinarity and the Arts symposium was organised by the Architecture. Theory, Criticism and History (ATCH) research group at the University of Queensland, run by John Macarthur and Antony Moulis, together with Andrew Leach who joined them last year and organised much of the symposium. The symposium ran for three days in a small room at the Institute of Modern Art (IMA) in Fortitude Valley, Brisbane (generously donated by director Robert Leonard), with about 40 people in attendance. Together with a long question time of an hour after every three speakers, the size of the room and the small number of people made it very different from most architecture or design conferences. The intellectual level of the symposium was high, without the speed dating aspect that one often sees at the Society of Architectural Historians, Australia and New Zealand (SAHANZ) meetings, where endless parallel sessions of short papers create an occasionally disorientating cacophony of words. The symposium was deliberately, unapologetically academic and the intimate nature of the forum made the discussion rich and collaborative, with an active audience. The title of the symposium, 'Architecture, Disciplinarity and the Arts', reflects the connection that already exists between the art history and the architectural history community in Brisbane, with both groups regularly attending each other's functions.

Decision support system architecture for consultant selection

Decision Support System (DSS) has played a significant role in construction project management. This has been proven that a lot of DSS systems have been implemented throughout the whole construction project life cycle. However, most research only concentrated in model development and left few fundamental aspects in Information System development. As a result, the output of researches are complicated to be adopted by lay person particularly those whom come from a non-technical background. Hence, a DSS should hide the abstraction and complexity of DSS models by providing a more useful system which incorporated user oriented system. To demonstrate a desirable architecture of DSS particularly in public sector planning, we aim to propose a generic DSS framework for consultant selection. It will focus on the engagement of engineering consultant for irrigation and drainage infrastructure. The DSS framework comprise from operational decision to strategic decision level. The expected result of the research will provide a robust framework of DSS for consultant selection. In addition, the paper also discussed other issues that related to the existing DSS framework by integrating enabling technologies from computing. This paper is based on the preliminary case study conducted via literature review and archival documents at Department of Irrigation and Drainage (DID) Malaysia. The paper will directly affect to the enhancement of consultant pre-qualification assessment and selection tools. By the introduction of DSS in this area, the selection process will be more efficient in time, intuitively aided qualitative judgment, and transparent decision through aggregation of decision among stakeholders.

Open and trusted information systems/health informatics access control (OTHIS/HIAC)

Information and Communications Technologies globally are moving towards Service Oriented Architectures and Web Services. The healthcare environment is rapidly moving to the use of Service Oriented Architecture/Web Services systems interconnected via this global open Internet. Such moves present major challenges where these structures are not based on highly trusted operating systems. This paper argues the need of a radical re-think of access control in the contemporary healthcare environment in light of modern information system structures, legislative and regulatory requirements, and security operation demands in Health Information Systems. This paper proposes the Open and Trusted Health Information Systems (OTHIS), a viable solution including override capability to the provision of appropriate levels of secure access control for the protection of sensitive health data.

Enforcing P3P policies using a digital rights management system

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.

Location constraints in digital rights management

Digital rights management allows information owners to control the use and dissemination of electronic documents via a machine-readable licence. This paper describes the design and implementation of a system for creating and enforcing licences containing location constraints that can be used to restrict access to sensitive documents to a defined area. Documents can be loaded onto a portable device and used in the approved areas, but cannot be used if the device moves to another area. Our contribution includes a taxonomy for access control in the presence of requests to perform non-instantaneous controlled actions.

Using SITDRM for Privacy Rights Management

SITDRM 1 is a privacy protection system that protects private data through the enforcement of MPEG REL licenses provided by consumers. Direct issuing of licenses by consumers has several usability problems that will be mentioned in this paper. Further, we will describe how SITDRM incorporates P3P language to provide a consumer-centered privacy protection system.

Eco-retrofitting with building integrated living systems

Building integrated living systems (BILS), such as green roofs and living walls, could mitigate many of the challenges presented by climate change and biodiversity protection. However, few if any such systems have been constructed, and current tools for evaluating them are limited, especially under Australian subtropical conditions. BILS are difficult to assess, because living systems interact with complex, changing and site-specific social and environmental conditions. Our past research in design for eco-services has confirmed the need for better means of assessing the ecological values of BILS - let alone better models for assessing their thermal and hydrological performance. To address this problem, a research project is being developed jointly by researchers at the Central Queensland University (CQ University) and the Queensland University of Technology (QUT), along with industry collaborators. A mathematical model under development at CQ University will be applied and tested to determine its potential for predicting their complex, dynamic behaviour in different contexts. However, the paper focuses on the work at QUT. The QUT school of design is generating designs for living walls and roofs that provide a range of ecosystem goods and services, or ‘eco-services’, for a variety of micro-climates and functional contexts. The research at QUT aims to develop appropriate designs, virtual prototypes and quantitative methods for assessing the potential multiple benefits of BILS in subtropical climates. It is anticipated that the CQ University model for predicting thermal behaviour of living systems will provide a platform for the integration of ecological criteria and indicators. QUT will also explore means to predict and measure the value of eco-services provided by the systems, which is still largely uncharted territory. This research is ultimately intended to facilitate the eco-retrofitting of cities to increase natural capital and urban resource security - an essential component of sustainability. The talk will present the latest range of multifunctional, eco-productive living walls, roofs and urban space frames and their eco-services.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

Information security culture : a behaviour compliance conceptual framework

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

Molecular architecture of the human sinus node: insights into the function of the cardiac pacemaker.

BACKGROUND: Although we know much about the molecular makeup of the sinus node (SN) in small mammals, little is known about it in humans. The aims of the present study were to investigate the expression of ion channels in the human SN and to use the data to predict electrical activity. METHODS AND RESULTS: Quantitative polymerase chain reaction, in situ hybridization, and immunofluorescence were used to analyze 6 human tissue samples. Messenger RNA (mRNA) for 120 ion channels (and some related proteins) was measured in the SN, a novel paranodal area, and the right atrium (RA). The results showed, for example, that in the SN compared with the RA, there was a lower expression of Na(v)1.5, K(v)4.3, K(v)1.5, ERG, K(ir)2.1, K(ir)6.2, RyR2, SERCA2a, Cx40, and Cx43 mRNAs but a higher expression of Ca(v)1.3, Ca(v)3.1, HCN1, and HCN4 mRNAs. The expression pattern of many ion channels in the paranodal area was intermediate between that of the SN and RA; however, compared with the SN and RA, the paranodal area showed greater expression of K(v)4.2, K(ir)6.1, TASK1, SK2, and MiRP2. Expression of ion channel proteins was in agreement with expression of the corresponding mRNAs. The levels of mRNA in the SN, as a percentage of those in the RA, were used to estimate conductances of key ionic currents as a percentage of those in a mathematical model of human atrial action potential. The resulting SN model successfully produced pacemaking. CONCLUSIONS: Ion channels show a complex and heterogeneous pattern of expression in the SN, paranodal area, and RA in humans, and the expression pattern is appropriate to explain pacemaking.