Budget-aware role based access control

The suitability of Role Based Access Control (RBAC) is being challenged in dynamic environments like healthcare. In an RBAC system, a user's legitimate access may be denied if their need has not been anticipated by the security administrator at the time of policy specification. Alternatively, even when the policy is correctly specified an authorised user may accidentally or intentionally misuse the granted permission. The heart of the challenge is the intrinsic unpredictability of users' operational needs as well as their incentives to misuse permissions. In this paper we propose a novel Budget-aware Role Based Access Control (B-RBAC) model that extends RBAC with the explicit notion of budget and cost, where users are assigned a limited budget through which they pay for the cost of permissions they need. We propose a model where the value of resources are explicitly defined and an RBAC policy is used as a reference point to discriminate the price of access permissions, as opposed to representing hard and fast rules for making access decisions. This approach has several desirable properties. It enables users to acquire unassigned permissions if they deem them necessary. However, users misuse capability is always bounded by their allocated budget and is further adjustable through the discrimination of permission prices. Finally, it provides a uniform mechanism for the detection and prevention of misuses.

Uninav : a context-aware mobile application for university campus maps

The smart phones we carry with us are becoming ubiquitous with everyday life and the sensing capabilities of these devices allow us to provide context-aware services. In this paper, we discuss the development of UniNav, a context-aware mobile application that delivers personalised campus maps for universities. The application utilises university students’ details to provide information and services that are relevant and important to them. It helps students to navigate within the campus and become familiar with their university environment quickly. A study was undertaken to evaluate the acceptability and usefulness of the campus map, as well as the impact on a users’ navigation efficiency by utilising the personal and environmental contexts. The result indicates the integration of personal and environmental contexts on digital maps can improve its usefulness and navigation efficiency.

Thinking about Australia and its location in the modern world in the Australian Curriculum : history

The first national history curriculum is being implemented in Australia from 2013. As with the curriculums of other nations, this curriculum has evolved in response to a range of factors and its merits continue to be debated. In critiquing the sort of history education approach encapsulated in the new curriculum, I discuss some of the contextual factors and debates that have shaped the Australian Curriculum: History v0.3 (ACARA, 2012). In doing so, I also explore some of the recent international literature on how students think and learn about history in the classroom. In the third and final part of the paper, I raise some logistical issues and also question how students might engage with the notion of Australia as a nation in the modern world rapidly reshaped by the transformations occurring in Asia and share some concerns about the curriculum’s ‘world history approach’ for Year 10.

Howzat! The High Court, negligence and indoor cricket

This article examines the High Court case of Woods v Multi-Sport that considers the liability of an indoor cricket centre for an injury sustained by a player. It is a good example of how the issue of breach is dealt with in a sports law context and also shows how difficult it can be to determine when a sporting body will in breach of a duty of care owed to its participants.

Towards persistent indoor appearance-based localization, mapping and navigation using CAT-Graph

The challenge of persistent appearance-based navigation and mapping is to develop an autonomous robotic vision system that can simultaneously localize, map and navigate over the lifetime of the robot. However, the computation time and memory requirements of current appearance-based methods typically scale not only with the size of the environment but also with the operation time of the platform; also, repeated revisits to locations will develop multiple competing representations which reduce recall performance. In this paper we present a solution to the persistent localization, mapping and global path planning problem in the context of a delivery robot in an office environment over a one-week period. Using a graphical appearance-based SLAM algorithm, CAT-Graph, we demonstrate constant time and memory loop closure detection with minimal degradation during repeated revisits to locations, along with topological path planning that improves over time without using a global metric representation. We compare the localization performance of CAT-Graph to openFABMAP, an appearance-only SLAM algorithm, and the path planning performance to occupancy-grid based metric SLAM. We discuss the limitations of the algorithm with regard to environment change over time and illustrate how the topological graph representation can be coupled with local movement behaviors for persistent autonomous robot navigation.

Time-aware topic recommendation based on micro-blogs

Topic recommendation can help users deal with the information overload issue in micro-blogging communities. This paper proposes to use the implicit information network formed by the multiple relationships among users, topics and micro-blogs, and the temporal information of micro-blogs to find semantically and temporally relevant topics of each topic, and to profile users' time-drifting topic interests. The Content based, Nearest Neighborhood based and Matrix Factorization models are used to make personalized recommendations. The effectiveness of the proposed approaches is demonstrated in the experiments conducted on a real world dataset that collected from Twitter.com.

Privacy-aware workflow management

Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these policies are designed to enforce the organisation’s security requirements but do not consider those of other stakeholders. Privacy is an important security requirement that concerns the subject of data held by an organisation. WfMSs often process sensitive data about individuals and institutions who demand that their data is properly protected, but WfMSs fail to recognise and enforce privacy policies. In this paper, we illustrate existing WfMS privacy weaknesses and introduce WfMS extensions required to enforce data privacy. We have implemented these extensions in the YAWL system and present a case scenario to demonstrate how it can enforce a subject’s privacy policy.

A state-aware RFID privacy model with reader corruption

A number of security models have been proposed for RFID systems. Recent studies show that current models tend to be limited in the number of properties they capture. Consequently, models are commonly unable to distinguish between protocols with regard to finer privacy properties. This paper proposes a privacy model that introduces previously unavailable expressions of privacy. Based on the well-studied notion of indistinguishability, the model also strives to be simpler, easier to use, and more intuitive compared to previous models.

Context-aware device self-configuration using self-organizing maps

Modern mobile computing devices are versatile, but bring the burden of constant settings adjustment according to the current conditions of the environment. While until today, this task has to be accomplished by the human user, the variety of sensors usually deployed in such a handset provides enough data for autonomous self-configuration by a learning, adaptive system. However, this data is not fully available at certain points in time, or can contain false values. Handling potentially incomplete sensor data to detect context changes without a semantic layer represents a scientific challenge which we address with our approach. A novel machine learning technique is presented - the Missing-Values-SOM - which solves this problem by predicting setting adjustments based on context information. Our method is centered around a self-organizing map, extending it to provide a means of handling missing values. We demonstrate the performance of our approach on mobile context snapshots, as well as on classical machine learning datasets.

A state-aware RFID privacy model with reader corruption

A number of security models have been proposed for RFID systems. Recent studies show that current models tend to be limited in the number of properties they capture. Consequently, models are commonly unable to distinguish between protocols with regard to finer privacy properties. This paper proposes a privacy model that introduces previously unavailable expressions of privacy. Based on the well-studied notion of indistinguishability, the model also strives to be simpler, easier to use, and more intuitive compared to previous models.

A trusted ecosystem for Android applications based on context-aware access control

Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.

ACE research vignette 023 : Does firm location make a difference to the export performance of SME's?

This series of research vignettes is aimed at sharing current and interesting research findings from our team of international Entrepreneurship researchers. This vignette, written by Mr. Darren Kavenagh and Professor Per Davidsson, deals with export capacity of Australian SMEs.

Design approaches for promoting beneficial indoor environments in healthcare facilities : a review

As a result of growing evidence regarding the effects of environmental characteristics on the health and wellbeing of people in healthcare facilities (HCFs), more emphasis is being placed on, and more attention being paid to, the consequences of design choices in HCFs. Therefore, we have critically reviewed the implications of key indoor physical design parameters, in relation to their potential impact on human health and wellbeing. In addition, we discussed these findings within the context of the relevant guidelines and standards for the design of HCFs. A total of 810 abstracts, which met the inclusion criteria, were identified through a Pubmed search, and these covered journal articles, guidelines, books, reports and monographs in the studied area. Of these, 231 full publications were selected for this review. According to the literature, the most beneficial design elements were: single-bed patient rooms, safe and easily cleaned surface materials, sound-absorbing ceiling tiles, adequate and sufficient ventilation, thermal comfort, natural daylight, control over temperature and lighting, views, exposure and access to nature, and appropriate equipment, tools and furniture. The effects of some design elements, such as lighting (e.g. artificial lighting levels) and layout (e.g. decentralized versus centralized nurses’ stations), on staff and patients vary, and “the best design practice” for each HCF should always be formulated in co-operation with different user groups and a multi-professional design team. The relevant guidelines and standards should also be considered in future design, construction and renovations, in order to produce more favourable physical indoor environments in HCFs.

Physical characteristics of the indoor environment that affect health and wellbeing in healthcare facilities : a review

Understanding the physical characteristics of the indoor environment that affect human health and wellbeing is the key requirement underpinning the beneficial design of a healthcare facility (HCF). We reviewed and summarised physical factors of the indoor environment reported to affect human health and wellbeing in HCFs. Research materials included articles identified in a Pubmed search, guidelines, books, reports and monographs, as well as the bibliographies of review articles in the area studied. Of these, 209 publications were selected for this review. According to the literature, there is evidence that the following physical factors of the indoor environment affect the health and wellbeing of human beings in an HCF: safety, ventilation and HVAC systems, thermal environment, acoustic environment, interior layout and room type, windows (including daylight and views), nature and gardens, lighting, colour, floor covering, furniture and its placement, ergonomics, wayfinding, artworks and music. Some of these, in themselves, directly promote or hinder health and wellbeing, but the physical factors may also have numerous indirect impacts by influencing the behaviour, actions, and interactions of patients, their families and the staff members. The findings of this research enable a good understanding of the different physical factors of the indoor environment on health and wellbeing and provide a practical resource for those responsible for the design and operate the facilities as well as researchers investigating these factors. However, more studies are needed in order to inform the design of optimally beneficial indoor environments in HCFs for all user groups.

Slice, mine and dice : complexity-aware automated discovery of business process models

Automated process discovery techniques aim at extracting models from information system logs in order to shed light into the business processes supported by these systems. Existing techniques in this space are effective when applied to relatively small or regular logs, but otherwise generate large and spaghetti-like models. In previous work, trace clustering has been applied in an attempt to reduce the size and complexity of automatically discovered process models. The idea is to split the log into clusters and to discover one model per cluster. The result is a collection of process models -- each one representing a variant of the business process -- as opposed to an all-encompassing model. Still, models produced in this way may exhibit unacceptably high complexity. In this setting, this paper presents a two-way divide-and-conquer process discovery technique, wherein the discovered process models are split on the one hand by variants and on the other hand hierarchically by means of subprocess extraction. The proposed technique allows users to set a desired bound for the complexity of the produced models. Experiments on real-life logs show that the technique produces collections of models that are up to 64% smaller than those extracted under the same complexity bounds by applying existing trace clustering techniques.