257 resultados para Generic Security Services Application Program Interface (GSS-API)
em Queensland University of Technology - ePrints Archive
Resumo:
This special issue of the Journal of Urban Technology brings together five articles that are based on presentations given at the Street Computing workshop held on 24 November 2009 in Melbourne in conjunction with the Australian Computer-Human Interaction conference (OZCHI 2009). Our own article introduces the Street Computing vision and explores the potential, challenges and foundations of this research vision. In order to do so, we first look at the currently available sources of information and discuss their link to existing research efforts. Section 2 then introduces the notion of Street Computing and our research approach in more detail. Section 3 looks beyond the core concept itself and summarises related work in this field of interest.
Resumo:
This special issue of the Journal of Urban Technology brings together five articles that are based on presentations given at the Street Computing Workshop held on 24 November 2009 in Melbourne in conjunction with the Australian Computer- Human Interaction conference (OZCHI 2009). Our own article introduces the Street Computing vision and explores the potential, challenges, and foundations of this research trajectory. In order to do so, we first look at the currently available sources of information and discuss their link to existing research efforts. Section 2 then introduces the notion of Street Computing and our research approach in more detail. Section 3 looks beyond the core concept itself and summarizes related work in this field of interest. We conclude by introducing the papers that have been contributed to this special issue.
Resumo:
This paper identifies a number of critical infrastructure applications that are reliant on location services from cooperative location technologies such as GPS and GSM. We show that these location technologies can be represented in a general location model, such that the model components can be used for vulnerability analysis. We perform a vulnerability analysis on these components of GSM and GPS location systems as well as a number of augmentations to these systems.
Resumo:
Cities accumulate and distribute vast sets of digital information. Many decision-making and planning processes in councils, local governments and organisations are based on both real-time and historical data. Until recently, only a small, carefully selected subset of this information has been released to the public – usually for specific purposes (e.g. train timetables, release of planning application through websites to name just a few). This situation is however changing rapidly. Regulatory frameworks, such as the Freedom of Information Legislation in the US, the UK, the European Union and many other countries guarantee public access to data held by the state. One of the results of this legislation and changing attitudes towards open data has been the widespread release of public information as part of recent Government 2.0 initiatives. This includes the creation of public data catalogues such as data.gov.au (U.S.), data.gov.uk (U.K.), data.gov.au (Australia) at federal government levels, and datasf.org (San Francisco) and data.london.gov.uk (London) at municipal levels. The release of this data has opened up the possibility of a wide range of future applications and services which are now the subject of intensified research efforts. Previous research endeavours have explored the creation of specialised tools to aid decision-making by urban citizens, councils and other stakeholders (Calabrese, Kloeckl & Ratti, 2008; Paulos, Honicky & Hooker, 2009). While these initiatives represent an important step towards open data, they too often result in mere collections of data repositories. Proprietary database formats and the lack of an open application programming interface (API) limit the full potential achievable by allowing these data sets to be cross-queried. Our research, presented in this paper, looks beyond the pure release of data. It is concerned with three essential questions: First, how can data from different sources be integrated into a consistent framework and made accessible? Second, how can ordinary citizens be supported in easily composing data from different sources in order to address their specific problems? Third, what are interfaces that make it easy for citizens to interact with data in an urban environment? How can data be accessed and collected?
Resumo:
Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.
Resumo:
Purpose: This two-part research project was undertaken as part of the planning process by Queensland Health (QH), Cancer Screening Services Unit (CSSU), Queensland Bowel Cancer Screening Program (QBCSP), in partnership with the National Bowel Cancer Screening Program (NBCSP), to prepare for the implementation of the NBCSP in public sector colonoscopy services in QLD in late 2006. There was no prior information available on the quality of colonoscopy services in Queensland (QLD) and no prior studies that assessed the quality of colonoscopy training in Australia. Furthermore, the NBCSP was introduced without extra funding for colonoscopy service improvement or provision for increases in colonoscopic capacity resulting from the introduction of the NBCSP. The main purpose of the research was to record baseline data on colonoscopy referral and practice in QLD and current training in colonoscopy Australia-wide. It was undertaken from a quality improvement perspective. Implementation of the NBCSP requires that all aspects of the screening pathway, in particular colonoscopy services for the assessment of positive Faecal Occult Blood Tests (FOBTs), will be effective, efficient, equitable and evidence-based. This study examined two important aspects of the continuous quality improvement framework for the NBCSP as they relate to colonoscopy services: (1) evidence-based practice, and (2) quality of colonoscopy training. The Principal Investigator was employed as Senior Project Officer (Training) in the QBCSP during the conduct of this research project. Recommendations from this research have been used to inform the development and implementation of quality improvement initiatives for provision of colonoscopy in the NBCSP, its QLD counterpart the QBCSP and colonoscopy services in QLD, in general. Methods – Part 1 Chart audit of evidence-based practice: The research was undertaken in two parts from 2005-2007. The first part of this research comprised a retrospective chart audit of 1484 colonoscopy records (some 13% of all colonoscopies conducted in public sector facilities in the year 2005) in three QLD colonoscopy services. Whilst some 70% of colonoscopies are currently conducted in the private sector, only public sector colonoscopy facilities provided colonoscopies under the NBCSP. The aim of this study was to compare colonoscopy referral and practice with explicit criteria derived from the National Health & Medical Research Council (NHMRC) (1999) Clinical Practice Guidelines for the Prevention, Early Detection and Management of Colorectal Cancer, and describe the nature of variance with the guidelines. Symptomatic presentations were the most common indication for colonoscopy (60.9%). These comprised per rectal bleeding (31.0%), change of bowel habit (22.1%), abdominal pain (19.6%), iron deficiency anaemia (16.2%), inflammatory bowel disease (8.9%) and other symptoms (11.4%). Surveillance and follow-up colonoscopies accounted for approximately one-third of the remaining colonoscopy workload across sites. Gastroenterologists (GEs) performed relatively more colonoscopies per annum (59.9%) compared to general surgeons (GS) (24.1%), colorectal surgeons (CRS) (9.4%) and general physicians (GPs) (6.5%). Guideline compliance varied with the designation of the colonoscopist. Compliance was lower for CRS (62.9%) compared to GPs (76.0%), GEs (75.0%), GSs (70.9%, p<0.05). Compliance with guideline recommendations for colonoscopic surveillance for family history of colorectal cancer (23.9%), polyps (37.0%) and a past history of bowel cancer (42.7%), was by comparison significantly lower than for symptomatic presentations (94.4%), (p<0.001). Variation with guideline recommendations occurred more frequently for polyp surveillance (earlier than guidelines recommend, 47.9%) and follow-up for past history of bowel cancer (later than recommended, 61.7%, p<0.001). Bowel cancer cases detected at colonoscopy comprised 3.6% of all audited colonoscopies. Incomplete colonoscopies occurred in 4.3% of audited colonoscopies and were more common among women (76.6%). For all colonoscopies audited, the rate of incomplete colonoscopies for GEs was 1.6% (CI 0.9-2.6), GPs 2.0% (CI 0.6-7.2), GS 7.0% (CI 4.8-10.1) and CRS 16.4% (CI 11.2-23.5). 18.6% (n=55) of patients with a documented family history of bowel cancer had colonoscopy performed against guidelines recommendations (for general (category 1) population risk, for reasons of patient request or family history of polyps, rather than for high risk status for colorectal cancer). In general, family history was inadequately documented and subsequently applied to colonoscopy referral and practice. Methods - Part 2 Surveys of quality of colonoscopy training: The second part of the research consisted of Australia-wide anonymous, self-completed surveys of colonoscopy trainers and their trainees to ascertain their opinions on the current apprenticeship model of colonoscopy in Australia and to identify any training needs. Overall, 127 surveys were received from colonoscopy trainers (estimated response rate 30.2%). Approximately 50% of trainers agreed and 27% disagreed that current numbers of training places were adequate to maintain a skilled colonoscopy workforce in preparation for the NBCSP. Approximately 70% of trainers also supported UK-style colonoscopy training within dedicated accredited training centres using a variety of training approaches including simulation. A collaborative approach with the private sector was seen as beneficial by 65% of trainers. Non-gastroenterologists (non-GEs) were more likely than GEs to be of the opinion that simulators are beneficial for colonoscopy training (χ2-test = 5.55, P = 0.026). Approximately 60% of trainers considered that the current requirements for recognition of training in colonoscopy could be insufficient for trainees to gain competence and 80% of those indicated that ≥ 200 colonoscopies were needed. GEs (73.4%) were more likely than non-GEs (36.2%) to be of the opinion that the Conjoint Committee standard is insufficient to gain competence in colonoscopy (χ2-test = 16.97, P = 0.0001). The majority of trainers did not support training either nurses (73%) or GPs in colonoscopy (71%). Only 81 (estimated response rate 17.9%) surveys were received from GS trainees (72.1%), GE trainees (26.3%) and GP trainees (1.2%). The majority were males (75.9%), with a median age 32 years and who had trained in New South Wales (41.0%) or Victoria (30%). Overall, two-thirds (60.8%) of trainees indicated that they deemed the Conjoint Committee standard sufficient to gain competency in colonoscopy. Between specialties, 75.4% of GS trainees indicated that the Conjoint Committee standard for recognition of colonoscopy was sufficient to gain competence in colonoscopy compared to only 38.5% of GE trainees. Measures of competency assessed and recorded by trainees in logbooks centred mainly on caecal intubation (94.7-100%), complications (78.9-100%) and withdrawal time (51-76.2%). Trainees described limited access to colonoscopy training lists due to the time inefficiency of the apprenticeship model and perceived monopolisation of these by GEs and their trainees. Improvements to the current training model suggested by trainees included: more use of simulation, training tools, a United Kingdom (UK)-style training course, concentration on quality indicators, increased access to training lists, accreditation of trainers and interdisciplinary colonoscopy training. Implications for the NBCSP/QBCSP: The introduction of the NBCSP/QBCSP necessitates higher quality colonoscopy services if it is to achieve its ultimate goal of decreasing the incidence of morbidity and mortality associated with bowel cancer in Australia. This will be achieved under a new paradigm for colonoscopy training and implementation of evidence-based practice across the screening pathway and specifically targeting areas highlighted in this thesis. Recommendations for improvement of NBCSP/QBCSP effectiveness and efficiency include the following: 1. Implementation of NBCSP and QBCSP health promotion activities that target men, in particular, to increase FOBT screening uptake. 2. Improved colonoscopy training for trainees and refresher courses or retraining for existing proceduralists to improve completion rates (especially for female NBCSP/QBCSP participants), and polyp and adenoma detection and removal, including newer techniques to detect flat and depressed lesions. 3. Introduction of colonoscopy training initiatives for trainees that are aligned with NBCSP/QBCSP colonoscopy quality indicators, including measurement of training outcomes using objective quality indicators such as caecal intubation, withdrawal time, and adenoma detection rate. 4. Introduction of standardised, interdisciplinary colonoscopy training to reduce apparent differences between specialties with regard to compliance with guideline recommendations, completion rates, and quality of polypectomy. 5. Improved quality of colonoscopy training by adoption of a UK-style training program with centres of excellence, incorporating newer, more objective assessment methods, use of a variety of training tools such as simulation and rotations of trainees between metropolitan, rural, and public and private sector training facilities. 6. Incorporation of NHMRC guidelines into colonoscopy information systems to improve documentation, provide guideline recommendations at the point of care, use of gastroenterology nurse coordinators to facilitate compliance with guidelines and provision of guideline-based colonoscopy referral letters for GPs. 7. Provision of information and education about the NBCSP/QBCSP, bowel cancer risk factors, including family history and polyp surveillance guidelines, for participants, GPs and proceduralists. 8. Improved referral of NBCSP/QBCSP participants found to have a high-risk family history of bowel cancer to appropriate genetics services.
Resumo:
Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.
Resumo:
This paper investigates how to interface the wireless application protocol (WAP) architecture to the SCADA system running distributed network protocol (DNP) in a power process plant. DNP is a well-developed protocol to be applied in the supervisory control and data acquisition (SCADA) system but the system control centre and remote terminal units (RTUs) are presently connected through a local area network. The conditions in a process plant are harsh and the site is remote. Resources for data communication are difficult to obtain under these conditions, thus, a wireless channel communication through a mobile phone is practical and efficient in a process plant environment. The mobile communication industries and the public have a strong interest in the WAP technology application in mobile phone networks and the WAP application programming interface (API) in power industry applications is one area that requires extensive investigation.
Resumo:
A Wireless Sensor Network (WSN) is a set of sensors that are integrated with a physical environment. These sensors are small in size, and capable of sensing physical phenomena and processing them. They communicate in a multihop manner, due to a short radio range, to form an Ad Hoc network capable of reporting network activities to a data collection sink. Recent advances in WSNs have led to several new promising applications, including habitat monitoring, military target tracking, natural disaster relief, and health monitoring. The current version of sensor node, such as MICA2, uses a 16 bit, 8 MHz Texas Instruments MSP430 micro-controller with only 10 KB RAM, 128 KB program space, 512 KB external ash memory to store measurement data, and is powered by two AA batteries. Due to these unique specifications and a lack of tamper-resistant hardware, devising security protocols for WSNs is complex. Previous studies show that data transmission consumes much more energy than computation. Data aggregation can greatly help to reduce this consumption by eliminating redundant data. However, aggregators are under the threat of various types of attacks. Among them, node compromise is usually considered as one of the most challenging for the security of WSNs. In a node compromise attack, an adversary physically tampers with a node in order to extract the cryptographic secrets. This attack can be very harmful depending on the security architecture of the network. For example, when an aggregator node is compromised, it is easy for the adversary to change the aggregation result and inject false data into the WSN. The contributions of this thesis to the area of secure data aggregation are manifold. We firstly define the security for data aggregation in WSNs. In contrast with existing secure data aggregation definitions, the proposed definition covers the unique characteristics that WSNs have. Secondly, we analyze the relationship between security services and adversarial models considered in existing secure data aggregation in order to provide a general framework of required security services. Thirdly, we analyze existing cryptographic-based and reputationbased secure data aggregation schemes. This analysis covers security services provided by these schemes and their robustness against attacks. Fourthly, we propose a robust reputationbased secure data aggregation scheme for WSNs. This scheme minimizes the use of heavy cryptographic mechanisms. The security advantages provided by this scheme are realized by integrating aggregation functionalities with: (i) a reputation system, (ii) an estimation theory, and (iii) a change detection mechanism. We have shown that this addition helps defend against most of the security attacks discussed in this thesis, including the On-Off attack. Finally, we propose a secure key management scheme in order to distribute essential pairwise and group keys among the sensor nodes. The design idea of the proposed scheme is the combination between Lamport's reverse hash chain as well as the usual hash chain to provide both past and future key secrecy. The proposal avoids the delivery of the whole value of a new group key for group key update; instead only the half of the value is transmitted from the network manager to the sensor nodes. This way, the compromise of a pairwise key alone does not lead to the compromise of the group key. The new pairwise key in our scheme is determined by Diffie-Hellman based key agreement.
Resumo:
The major purpose of Vehicular Ad Hoc Networks (VANETs) is to provide safety-related message access for motorists to react or make a life-critical decision for road safety enhancement. Accessing safety-related information through the use of VANET communications, therefore, must be protected, as motorists may make critical decisions in response to emergency situations in VANETs. If introducing security services into VANETs causes considerable transmission latency or processing delays, this would defeat the purpose of using VANETs to improve road safety. Current research in secure messaging for VANETs appears to focus on employing certificate-based Public Key Cryptosystem (PKC) to support security. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This paper proposes an efficient public key management system for VANETs: the Public Key Registry (PKR) system. Not only does this paper demonstrate that the proposed PKR system can maintain security, but it also asserts that it can improve overall performance and scalability at a lower cost, compared to the certificate-based PKC scheme. It is believed that the proposed PKR system will create a new dimension to the key management and verification services for VANETs.
Resumo:
This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program's overall security based on our security metrics.
Resumo:
Availability has become a primary goal of information security and is as significant as other goals, in particular, confidentiality and integrity. Maintaining availability of essential services on the public Internet is an increasingly difficult task in the presence of sophisticated attackers. Attackers may abuse limited computational resources of a service provider and thus managing computational costs is a key strategy for achieving the goal of availability. In this thesis we focus on cryptographic approaches for managing computational costs, in particular computational effort. We focus on two cryptographic techniques: computational puzzles in cryptographic protocols and secure outsourcing of cryptographic computations. This thesis contributes to the area of cryptographic protocols in the following ways. First we propose the most efficient puzzle scheme based on modular exponentiations which, unlike previous schemes of the same type, involves only a few modular multiplications for solution verification; our scheme is provably secure. We then introduce a new efficient gradual authentication protocol by integrating a puzzle into a specific signature scheme. Our software implementation results for the new authentication protocol show that our approach is more efficient and effective than the traditional RSA signature-based one and improves the DoSresilience of Secure Socket Layer (SSL) protocol, the most widely used security protocol on the Internet. Our next contributions are related to capturing a specific property that enables secure outsourcing of cryptographic tasks in partial-decryption. We formally define the property of (non-trivial) public verifiability for general encryption schemes, key encapsulation mechanisms (KEMs), and hybrid encryption schemes, encompassing public-key, identity-based, and tag-based encryption avors. We show that some generic transformations and concrete constructions enjoy this property and then present a new public-key encryption (PKE) scheme having this property and proof of security under the standard assumptions. Finally, we combine puzzles with PKE schemes for enabling delayed decryption in applications such as e-auctions and e-voting. For this we first introduce the notion of effort-release PKE (ER-PKE), encompassing the well-known timedrelease encryption and encapsulated key escrow techniques. We then present a security model for ER-PKE and a generic construction of ER-PKE complying with our security notion.
