SELinux policy management framework for HIS

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.

Negotiating social and moral order in internet relay chat

Although internet chat is a significant aspect of many internet users’ lives, the manner in which participants in quasi-synchronous chat situations orient to issues of social and moral order remains to be studied in depth. The research presented here is therefore at the forefront of a continually developing area of study. This work contributes new insights into how members construct and make accountable the social and moral orders of an adult-oriented Internet Relay Chat (IRC) channel by addressing three questions: (1) What conversational resources do participants use in addressing matters of social and moral order? (2) How are these conversational resources deployed within IRC interaction? and (3) What interactional work is locally accomplished through use of these resources? A survey of the literature reveals considerable research in the field of computer-mediated communication, exploring both asynchronous and quasi-synchronous discussion forums. The research discussed represents a range of communication interests including group and collaborative interaction, the linguistic construction of social identity, and the linguistic features of online interaction. It is suggested that the present research differs from previous studies in three ways: (1) it focuses on the interaction itself, rather than the ways in which the medium affects the interaction; (2) it offers turn-by-turn analysis of interaction in situ; and (3) it discusses membership categories only insofar as they are shown to be relevant by participants through their talk. Through consideration of the literature, the present study is firmly situated within the broader computer-mediated communication field. Ethnomethodology, conversation analysis and membership categorization analysis were adopted as appropriate methodological approaches to explore the research focus on interaction in situ, and in particular to investigate the ways in which participants negotiate and co-construct social and moral orders in the course of their interaction. IRC logs collected from one chat room were analysed using a two-pass method, based on a modification of the approaches proposed by Pomerantz and Fehr (1997) and ten Have (1999). From this detailed examination of the data corpus three interaction topics are identified by means of which participants clearly orient to issues of social and moral order: challenges to rule violations, ‘trolling’ for cybersex, and experiences regarding the 9/11 attacks. Instances of these interactional topics are subjected to fine-grained analysis, to demonstrate the ways in which participants draw upon various interactional resources in their negotiation and construction of channel social and moral orders. While these analytical topics stand alone in individual focus, together they illustrate different instances in which participants’ talk serves to negotiate social and moral orders or collaboratively construct new orders. Building on the work of Vallis (2001), Chapter 5 illustrates three ways that rule violation is initiated as a channel discussion topic: (1) through a visible violation in open channel, (2) through an official warning or sanction by a channel operator regarding the violation, and (3) through a complaint or announcement of a rule violation by a non-channel operator participant. Once the topic has been initiated, it is shown to become available as a topic for others, including the perceived violator. The fine-grained analysis of challenges to rule violations ultimately demonstrates that channel participants orient to the rules as a resource in developing categorizations of both the rule violation and violator. These categorizations are contextual in that they are locally based and understood within specific contexts and practices. Thus, it is shown that compliance with rules and an orientation to rule violations as inappropriate within the social and moral orders of the channel serves two purposes: (1) to orient the speaker as a group member, and (2) to reinforce the social and moral orders of the group. Chapter 6 explores a particular type of rule violation, solicitations for ‘cybersex’ known in IRC parlance as ‘trolling’. In responding to trolling violations participants are demonstrated to use affiliative and aggressive humour, in particular irony, sarcasm and insults. These conversational resources perform solidarity building within the group, positioning non-Troll respondents as compliant group members. This solidarity work is shown to have three outcomes: (1) consensus building, (2) collaborative construction of group membership, and (3) the continued construction and negotiation of existing social and moral orders. Chapter 7, the final data analysis chapter, offers insight into how participants, in discussing the events of 9/11 on the actual day, collaboratively constructed new social and moral orders, while orienting to issues of appropriate and reasonable emotional responses. This analysis demonstrates how participants go about ‘doing being ordinary’ (Sacks, 1992b) in formulating their ‘first thoughts’ (Jefferson, 2004). Through sharing their initial impressions of the event, participants perform support work within the interaction, in essence working to normalize both the event and their initial misinterpretation of it. Normalising as a support work mechanism is also shown in relation to participants constructing the ‘quiet’ following the event as unusual. Normalising is accomplished by reference to the indexical ‘it’ and location formulations, which participants use both to negotiate who can claim to experience the ‘unnatural quiet’ and to identify the extent of the quiet. Through their talk participants upgrade the quiet from something legitimately experienced by one person in a particular place to something that could be experienced ‘anywhere’, moving the phenomenon from local to global provenance. With its methodological design and detailed analysis and findings, this research contributes to existing knowledge in four ways. First, it shows how rules are used by participants as a resource in negotiating and constructing social and moral orders. Second, it demonstrates that irony, sarcasm and insults are three devices of humour which can be used to perform solidarity work and reinforce existing social and moral orders. Third, it demonstrates how new social and moral orders are collaboratively constructed in relation to extraordinary events, which serve to frame the event and evoke reasonable responses for participants. And last, the detailed analysis and findings further support the use of conversation analysis and membership categorization as valuable methods for approaching quasi-synchronous computer-mediated communication.

E-business adoption in construction : international review on impediments

The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption impediments peculiar to the nature of construction. This chapter examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of impediments (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this chapter. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major impediments were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 impediments were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that impediments to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.

Teenagers' perceptions of advertising in the online social networking environment : an exploratory study

This study explores teenager perceptions towards advertising in the online social networking environment. The future of online social networking sites is dependant upon the continued support of advertisers in this new medium, which is linked to the acceptance of advertising on these sites by their targeted audience. This exploratory study used the qualitative research methods of focus groups and in-depth personal interviews to gain insights from the teenager participants. The literature review in Chapter Two examined the previous research into advertising theories, consumer attitudes and issues such as advertising avoidance, advertising as a service and trust and privacy in the online social networking environment. The teenage consumer was also examined as were the influences of social identity theory. From this literature review eleven propositions were formed which provided a structure to the analysis of the research. Chapter Three outlined the multi-method research approach of using focus groups and in-depth interviews. The key findings were outlined in Chapter Four and Chapter Five provides discussion regarding these findings and the implications for theory and advertising practice. The main findings from this study suggest that teenagers have very high levels of advertising avoidance and are sceptical towards advertising on their online social networking sites. They have an inherent distrust of commercial messages in the online social networking environment; however they are extremely trusting with the information that they disclose online. They believe that if their site is classified as private, then the information disclosed on this site is not accessible to anyone. The study explores the reasons behind these views. This research has resulted in the identification of seven motivations behind online social networking use. A new model of advertising avoidance in the online social networking environment is also presented and discussed. This model makes a contribution towards filling the gap in available research on online social networking sites and advertising perception. The findings of this study have also resulted in the identification of the characteristics of online social networking sites as an advertising medium. The newness of online social networking sites coupled with the enthusiastic adoption of online social networking by the teenage demographic means that this exploratory study will be of interest to both academics and practitioners alike.

Barriers to e-business adoption in construction: international literature review

The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption barriers peculiar to the nature of construction. This paper examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of barriers (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this paper. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major barriers were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 barriers were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that barriers to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.

Improved cryptanalysis of the Common Scrambling Algorithm Stream Cipher

This paper provides a fresh analysis of the widely-used Common Scrambling Algorithm Stream Cipher (CSA-SC). Firstly, a new representation of CSA-SC with a state size of only 89 bits is given, a significant reduction from the 103 bit state of a previous CSA-SC representation. Analysis of this 89-bit representation demonstrates that the basis of a previous guess-and-determine attack is flawed. Correcting this flaw increases the complexity of that attack so that it is worse than exhaustive key search. Although that attack is not feasible, the reduced state size of our representation makes it obvious that CSA-SC is vulnerable to several generic attacks, for which feasible parameters are given.

A medical data reliability assessment model

There is currently a strong focus worldwide on the potential of large-scale Electronic Health Record (EHR) systems to cut costs and improve patient outcomes through increased efficiency. This is accomplished by aggregating medical data from isolated Electronic Medical Record databases maintained by different healthcare providers. Concerns about the privacy and reliability of Electronic Health Records are crucial to healthcare service consumers. Traditional security mechanisms are designed to satisfy confidentiality, integrity, and availability requirements, but they fail to provide a measurement tool for data reliability from a data entry perspective. In this paper, we introduce a Medical Data Reliability Assessment (MDRA) service model to assess the reliability of medical data by evaluating the trustworthiness of its sources, usually the healthcare provider which created the data and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record. The result is then expressed by manipulating health record metadata to alert medical practitioners relying on the information to possible reliability problems.

A time-variant medical data trustworthiness assessment model

Electronic Health Record (EHR) systems are being introduced to overcome the limitations associated with paper-based and isolated Electronic Medical Record (EMR) systems. This is accomplished by aggregating medical data and consolidating them in one digital repository. Though an EHR system provides obvious functional benefits, there is a growing concern about the privacy and reliability (trustworthiness) of Electronic Health Records. Security requirements such as confidentiality, integrity, and availability can be satisfied by traditional hard security mechanisms. However, measuring data trustworthiness from the perspective of data entry is an issue that cannot be solved with traditional mechanisms, especially since degrees of trust change over time. In this paper, we introduce a Time-variant Medical Data Trustworthiness (TMDT) assessment model to evaluate the trustworthiness of medical data by evaluating the trustworthiness of its sources, namely the healthcare organisation where the data was created and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record, with respect to a certain period of time. The result can then be used by the EHR system to manipulate health record metadata to alert medical practitioners relying on the information to possible reliability problems.