689 resultados para Requirements engineering
Resumo:
Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.
Resumo:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
Resumo:
Providing support for reversible transformations as a basis for round-trip engineering is a significant challenge in model transformation research. While there are a number of current approaches, they require the underlying transformation to exhibit an injective behaviour when reversing changes. This however, does not serve all practical transformations well. In this paper, we present a novel approach to round-trip engineering that does not place restrictions on the nature of the underlying transformation. Based on abductive logic programming, it allows us to compute a set of legitimate source changes that equate to a given change to the target model. Encouraging results are derived from an initial prototype that supports most concepts of the Tefkat transformation language
Resumo:
With the advent of Service Oriented Architecture, Web Services have gained tremendous popularity. Due to the availability of a large number of Web services, finding an appropriate Web service according to the requirement of the user is a challenge. This warrants the need to establish an effective and reliable process of Web service discovery. A considerable body of research has emerged to develop methods to improve the accuracy of Web service discovery to match the best service. The process of Web service discovery results in suggesting many individual services that partially fulfil the user’s interest. By considering the semantic relationships of words used in describing the services as well as the use of input and output parameters can lead to accurate Web service discovery. Appropriate linking of individual matched services should fully satisfy the requirements which the user is looking for. This research proposes to integrate a semantic model and a data mining technique to enhance the accuracy of Web service discovery. A novel three-phase Web service discovery methodology has been proposed. The first phase performs match-making to find semantically similar Web services for a user query. In order to perform semantic analysis on the content present in the Web service description language document, the support-based latent semantic kernel is constructed using an innovative concept of binning and merging on the large quantity of text documents covering diverse areas of domain of knowledge. The use of a generic latent semantic kernel constructed with a large number of terms helps to find the hidden meaning of the query terms which otherwise could not be found. Sometimes a single Web service is unable to fully satisfy the requirement of the user. In such cases, a composition of multiple inter-related Web services is presented to the user. The task of checking the possibility of linking multiple Web services is done in the second phase. Once the feasibility of linking Web services is checked, the objective is to provide the user with the best composition of Web services. In the link analysis phase, the Web services are modelled as nodes of a graph and an allpair shortest-path algorithm is applied to find the optimum path at the minimum cost for traversal. The third phase which is the system integration, integrates the results from the preceding two phases by using an original fusion algorithm in the fusion engine. Finally, the recommendation engine which is an integral part of the system integration phase makes the final recommendations including individual and composite Web services to the user. In order to evaluate the performance of the proposed method, extensive experimentation has been performed. Results of the proposed support-based semantic kernel method of Web service discovery are compared with the results of the standard keyword-based information-retrieval method and a clustering-based machine-learning method of Web service discovery. The proposed method outperforms both information-retrieval and machine-learning based methods. Experimental results and statistical analysis also show that the best Web services compositions are obtained by considering 10 to 15 Web services that are found in phase-I for linking. Empirical results also ascertain that the fusion engine boosts the accuracy of Web service discovery by combining the inputs from both the semantic analysis (phase-I) and the link analysis (phase-II) in a systematic fashion. Overall, the accuracy of Web service discovery with the proposed method shows a significant improvement over traditional discovery methods.
Resumo:
The shortage of donor hearts for patients with end stage heart failure has accelerated the development of ventricular assist devices (VAD) that act as a replacement heart. Mechanical devices involving pulsatile, axial and centrifugal devices have been proposed. Recent clinical developments indicate that centrifugal devices are not only beneficial for bridge to transplantation applications, but may also aid myocardial recovery. The results of a recent study have shown that patients who received a VAD have extended lives and improved quality of life compared to recipients of drug therapy. Unfortunately 25% of these patients develop right heart failure syndrome, sepsis and multi-organ failure. It was reported that 17% of patients initially receiving an LVAD later required a right ventricular assist device (RVAD). Hence, current research focus is in the development of a bi-ventricular assist device (BVAD). Current BVAD technology is either too bulky or necessitates having to implant two pumps working independently. The latter requires two different controllers for each pump leading to the potential complication of uneven flow dynamics and the requirements for a large amount of body space. This paper illustrates the combination of the LVAD and RVAD as one complete device to augment the function of both the left and right cardiac chambers with double impellers. The proposed device has two impellers rotating in counter directions, hence eliminating the necessity of the body muscles and tubing/heart connection to restrain the pump. The device will also have two separate chambers with independent rotating impeller for the left and right chambers. A problem with centrifugal impellers is the fluid stagnation underneath the impeller. This leads to thrombosis and blood clots.This paper presents the design, construction and location of washout hole to prevent thrombus for a Bi-VAD centrifugal pump. Results using CFD will be used to illustrate the superiority of our design concept in terms of preventing thrombus formation and hemolysis.
Resumo:
Experience plays an important role in building management. “How often will this asset need repair?” or “How much time is this repair going to take?” are types of questions that project and facility managers face daily in planning activities. Failure or success in developing good schedules, budgets and other project management tasks depend on the project manager's ability to obtain reliable information to be able to answer these types of questions. Young practitioners tend to rely on information that is based on regional averages and provided by publishing companies. This is in contrast to experienced project managers who tend to rely heavily on personal experience. Another aspect of building management is that many practitioners are seeking to improve available scheduling algorithms, estimating spreadsheets and other project management tools. Such “micro-scale” levels of research are important in providing the required tools for the project manager's tasks. However, even with such tools, low quality input information will produce inaccurate schedules and budgets as output. Thus, it is also important to have a broad approach to research at a more “macro-scale.” Recent trends show that the Architectural, Engineering, Construction (AEC) industry is experiencing explosive growth in its capabilities to generate and collect data. There is a great deal of valuable knowledge that can be obtained from the appropriate use of this data and therefore the need has arisen to analyse this increasing amount of available data. Data Mining can be applied as a powerful tool to extract relevant and useful information from this sea of data. Knowledge Discovery in Databases (KDD) and Data Mining (DM) are tools that allow identification of valid, useful, and previously unknown patterns so large amounts of project data may be analysed. These technologies combine techniques from machine learning, artificial intelligence, pattern recognition, statistics, databases, and visualization to automatically extract concepts, interrelationships, and patterns of interest from large databases. The project involves the development of a prototype tool to support facility managers, building owners and designers. This final report presents the AIMMTM prototype system and documents how and what data mining techniques can be applied, the results of their application and the benefits gained from the system. The AIMMTM system is capable of searching for useful patterns of knowledge and correlations within the existing building maintenance data to support decision making about future maintenance operations. The application of the AIMMTM prototype system on building models and their maintenance data (supplied by industry partners) utilises various data mining algorithms and the maintenance data is analysed using interactive visual tools. The application of the AIMMTM prototype system to help in improving maintenance management and building life cycle includes: (i) data preparation and cleaning, (ii) integrating meaningful domain attributes, (iii) performing extensive data mining experiments in which visual analysis (using stacked histograms), classification and clustering techniques, associative rule mining algorithm such as “Apriori” and (iv) filtering and refining data mining results, including the potential implications of these results for improving maintenance management. Maintenance data of a variety of asset types were selected for demonstration with the aim of discovering meaningful patterns to assist facility managers in strategic planning and provide a knowledge base to help shape future requirements and design briefing. Utilising the prototype system developed here, positive and interesting results regarding patterns and structures of data have been obtained.
Resumo:
Vendors provide reference process models as consolidated, off-the-shelf solutions to capture best practices in a given industry domain. Customers can then adapt these models to suit their specific requirements. Traditional process flexibility approaches facilitate this operation, but do not fully address it as they do not sufficiently take controlled change guided by vendors' reference models into account. This tension between the customer's freedom of adapting reference models, and the ability to incorporate with relatively low effort vendor-initiated reference model changes, thus needs to be carefully balanced. This paper introduces process extensibility as a new paradigm for customizing reference processes and managing their evolution over time. Process extensibility mandates a clear recognition of the different responsibilities and interests of reference model vendors and consumers, and is concerned with keeping the effort of customer-side reference model adaptations low while allowing sufficient room for model change.
Resumo:
Ethnography has gained wide acceptance in the industrial design profession and curriculum as a means of understanding the user. However, there is considerable confusion about the particularities of its practice accompanied by the absence of an interoperable vocabulary. The consequent interdisciplinary effort is a power play between disciplines whereby the methodological view of ethnography marginalises its theoretical and analytical components. In doing so, it restricts the potential of ethnography suggesting the need for alternative methods of informing the design process. This article suggests that activity theory, with an emphasis on human activity as the fundamental unit of study, is an appropriate methodology for the generation of user requirements. The process is illustrated through the adaptation of an ethnographic case study, for the design of classroom furniture in India.
Resumo:
Experience plays an important role in building management. “How often will this asset need repair?” or “How much time is this repair going to take?” are types of questions that project and facility managers face daily in planning activities. Failure or success in developing good schedules, budgets and other project management tasks depend on the project manager's ability to obtain reliable information to be able to answer these types of questions. Young practitioners tend to rely on information that is based on regional averages and provided by publishing companies. This is in contrast to experienced project managers who tend to rely heavily on personal experience. Another aspect of building management is that many practitioners are seeking to improve available scheduling algorithms, estimating spreadsheets and other project management tools. Such “micro-scale” levels of research are important in providing the required tools for the project manager's tasks. However, even with such tools, low quality input information will produce inaccurate schedules and budgets as output. Thus, it is also important to have a broad approach to research at a more “macro-scale.” Recent trends show that the Architectural, Engineering, Construction (AEC) industry is experiencing explosive growth in its capabilities to generate and collect data. There is a great deal of valuable knowledge that can be obtained from the appropriate use of this data and therefore the need has arisen to analyse this increasing amount of available data. Data Mining can be applied as a powerful tool to extract relevant and useful information from this sea of data. Knowledge Discovery in Databases (KDD) and Data Mining (DM) are tools that allow identification of valid, useful, and previously unknown patterns so large amounts of project data may be analysed. These technologies combine techniques from machine learning, artificial intelligence, pattern recognition, statistics, databases, and visualization to automatically extract concepts, interrelationships, and patterns of interest from large databases. The project involves the development of a prototype tool to support facility managers, building owners and designers. This Industry focused report presents the AIMMTM prototype system and documents how and what data mining techniques can be applied, the results of their application and the benefits gained from the system. The AIMMTM system is capable of searching for useful patterns of knowledge and correlations within the existing building maintenance data to support decision making about future maintenance operations. The application of the AIMMTM prototype system on building models and their maintenance data (supplied by industry partners) utilises various data mining algorithms and the maintenance data is analysed using interactive visual tools. The application of the AIMMTM prototype system to help in improving maintenance management and building life cycle includes: (i) data preparation and cleaning, (ii) integrating meaningful domain attributes, (iii) performing extensive data mining experiments in which visual analysis (using stacked histograms), classification and clustering techniques, associative rule mining algorithm such as “Apriori” and (iv) filtering and refining data mining results, including the potential implications of these results for improving maintenance management. Maintenance data of a variety of asset types were selected for demonstration with the aim of discovering meaningful patterns to assist facility managers in strategic planning and provide a knowledge base to help shape future requirements and design briefing. Utilising the prototype system developed here, positive and interesting results regarding patterns and structures of data have been obtained.
Environmental assessment for commercial buildings: Stakeholder requirements and tool characteristics
Resumo:
The Cooperative Research Centre for Construction Innovation (CRC CI) is a national research, development and implementation centre focused on the needs of the property, design, construction and facility management sectors. Established in 2001 and headquartered at Queensland University of Technology as an unincorporated joint venture under the Australian Government's Cooperative Research Program, the CRC CI is developing key technologies, tools and management systems to improve the effectiveness of the construction industry. The CRC CI is a seven year project funded by a Commonwealth grant and industry, research and other government support. More than 150 researchers and an alliance of 19 leading partner organisations are involved in and support the activities of the CRC CI
Resumo:
This document provides the findings of an international review of investment decision-making practices in road asset management. Efforts were concentrated on identifying the strategic objectives of agencies in road asset management, establishing and understanding criteria different organisations adopted and ascertaining the exact methodologies used by different countries and international organisations. Road assets are powerful drivers of economic development and social equity. They also have significant impacts on the natural and man-made environment. The traditional definition of asset management is “A systematic process of maintaining, upgrading and operating physical assets cost effectively. It combines engineering principles with sound business practices and economic theory and it provides tools to facilitate a more organised, logical approach to decision-making” (US Dept. of Transportation, 1999). In recent years, the concept has been broadened to cover the complexity of decision making, based on a wider variety of policy considerations as well as social and environmental issues rather than is covered by Benefit-Cost analysis and pure technical considerations. Current international practices are summarised in table 2. It was evident that Engineering-economic analysis methods are well advanced to support decision-making. A range of tools available supports performance predicting of road assets and associated cost/benefit in technical context. The need for considering triple plus one bottom line of social, environmental and economic as well as political factors in decision-making is well understood by road agencies around the world. The techniques used to incorporate these however, are limited. Most countries adopt a scoring method, a goal achievement matrix or information collected from surveys. The greater uncertainty associated with these non-quantitative factors has generally not been taken into consideration. There is a gap between the capacities of the decision-making support systems and the requirements from decision-makers to make more rational and transparent decisions. The challenges faced in developing an integrated decision making framework are both procedural and conceptual. In operational terms, the framework should be easy to be understood and employed. In philosophical terms, the framework should be able to deal with challenging issues, such as uncertainty, time frame, network effects, model changes, while integrating cost and non-cost values into the evaluation. The choice of evaluation techniques depends on the feature of the problem at hand, on the aims of the analysis, and on the underlying information base At different management levels, the complexity in considering social, environmental, economic and political factor in decision-making is different. At higher the strategic planning level, more non-cost factors are involved. The complexity also varies based on the scope of the investment proposals. Road agencies traditionally place less emphasis on evaluation of maintenance works. In some cases, social equity, safety, environmental issues have been used in maintenance project selection. However, there is not a common base for the applications.
Resumo:
Objectives The objectives of this project were two-fold: • Assess the ease with which current architectural CAD systems supported the use ofparametric descriptions in defining building shape, engineering system performance and cost at the early stages of building design; • Assess the feasibility of implementing a software decision support system that allowed designers to trade-off the characteristics and configuration of various engineering systems to move towards a “global optimum” rather than considering each system in isolation and expecting humans to weigh up all of the costs and benefits. The first stage of the project consisted of using four different CAD systems to define building shells (envelopes) with different usages. These models were then exported into a shared database using the IFC information exchange specifications. The second stage involved the implementation of small computer programs that were able to estimate relevant system parameters based on performance requirements and the constraints imposed by the other systems. These are presented in a unified user interface that extracts the appropriate building shape parameters from the shared database Note that the term parametric in this context refers to the relationships among and between all elements of the building model - not just geometric associations - which will enable the desired coordination.
Resumo:
This is the third in a series of reports planned for this project. The aim of this research is to conduct a comparative study of current legislation or guidelines at the federal, state and local government levels to confirm if any natural ventilation criteria are required at the subdivision development stage of planning. It also seeks to discover if there are any other incentives, statutory planning or development principles that encourage developers to orient subdivision lots to maximize natural ventilation for the dwellings. Findings from the research in this report are intended to contribute to the discussion on the development of an enhanced lot rating methodology for sustainable subdivisions as documented in other reports in this series.
Resumo:
Wynne and Schaffer (2003) have highlighted both the strong growth of gambling activity in recent years, and the revenue streams this has generated for governments and communities. Gambling activities and the revenues derived from them have, unsurprisingly, therefore also been seen as a way in which to increase economic development in deprived areas (Jinkner-Lloyd, 1996). Consequently, according to Brown et al (2003), gambling is now a large taxation revenue earner for many western governments, at both federal and state levels, worldwide (for example UK, USA, Australia). In size and importance, the Australian gambling industry in particular has grown significantly over the last three decades, experiencing a fourfold increase in real gambling turnover. There are, however, also concerns expressed about gambling and Electronic Gaming in particular, as illustrated in economic, social and ethical terms in Oddo (1997). There are also spatial aspects to understanding these issues. Marshall’s (1998) study, for example, highlights that benefits from gambling are more likely to accrue at the macro as opposed to the local level, because of centralised tax gathering and spending of tax revenues, whilst localities may suffer from displacement of activities with higher multipliers than the institutions with EGMs that replace them. This also highlights a regional context of costs, where benefits accrue to the centre, but the costs accrue to the regions and localities, as simultaneously resources leave those communities through both the gambling activities themselves (in the form of revenue for the EGM owners), and the government (through taxes).
