Specification & design of safety technologies for complex socio-technical systems : low-cost level crossings case study

The introduction of safety technologies into complex socio-technical systems requires an integrated and holistic approach to HF and engineering, considering the effects of failures not only within system boundaries, but also at the interfaces with other systems and humans. Level crossing warning devices are examples of such systems where technically safe states within the system boundary can influence road user performance, giving rise to other hazards that degrade safety of the system. Chris will discuss the challenges that have been encountered to date in developing a safety argument in support of low-cost level crossing warning devices. The design and failure modes of level crossing warning devices are known to have a significant influence on road user performance; however, quantifying this effect is one of the ongoing challenges in determining appropriate reliability and availability targets for low-cost level crossing warning devices.

Formal analysis of security properties in trusted computing protocols

This research introduces a general methodology in order to create a Coloured Petri Net (CPN) model of a security protocol. Then standard or user-defined security properties of the created CPN model are identified. After adding an attacker model to the protocol model, the security property is verified using state space method. This approach is applied to analyse a number of trusted computing protocols. The results show the applicability of proposed method to analyse both standard and user-defined properties.

Working together-apart : exploring the relationships between formal and informal care networks for people dying at home

Introduction Informal caring networks contribute significantly to end-of-life (EOL) care in the community. However, to ensure that these networks are sustainable, and unpaid carers are not exploited, primary carers need permission and practical assistance to gather networks together and negotiate the help they need. Our aim in this study was to develop an understanding of how formal and informal carers work together when care is being provided in a dying person's home. We were particularly interested in formal providers’ perceptions and knowledge of informal networks of care and in identifying barriers to the networks working together. Methods Qualitative methods, informed by an interpretive approach, were used. In February-July 2012, 10 focus groups were conducted in urban, regional, and rural Australia comprising 88 participants. Findings Our findings show that formal providers are aware, and supportive, of the vital role informal networks play in the care of the dying at home. A number of barriers to formal and informal networks working together more effectively were identified. In particular, we found that the Australian policy of health-promoting palliative is not substantially translating to practice. Conclusion Combinations of formal and informal caring networks are essential to support people and their primary carers. Formal service providers do little to establish, support, or maintain the informal networks although there is much goodwill and scope for them to do so. Further re-orientation towards a health-promoting palliative care and community capacity building approach is suggested.

Security analysis of Australian and E.U. e-passport implementation

This paper makes a formal security analysis of the current Australian e-passport implementation using model checking tools CASPER/CSP/FDR. We highlight security issues in the current implementation and identify new threats when an e-passport system is integrated with an automated processing system like SmartGate. The paper also provides a security analysis of the European Union (EU) proposal for Extended Access Control (EAC) that is intended to provide improved security in protecting biometric information of the e-passport bearer. The current e-passport specification fails to provide a list of adequate security goals that could be used for security evaluation. We fill this gap; we present a collection of security goals for evaluation of e-passport protocols. Our analysis confirms existing security weaknesses that were previously identified and shows that both the Australian e-passport implementation and the EU proposal fail to address many security and privacy aspects that are paramount in implementing a secure border control mechanism. ACM Classification C.2.2 (Communication/Networking and Information Technology – Network Protocols – Model Checking), D.2.4 (Software Engineering – Software/Program Verification – Formal Methods), D.4.6 (Operating Systems – Security and Privacy Protection – Authentication)

Non-formal techniques for early assessment of design ideas for services

Designing systems for multiple stakeholders requires frequent collaboration with multiple stakeholders from the start. In many cases at least some stakeholders lack a professional habit of formal modeling. We report observations from student design teams as well as two case studies, respectively of a prototype for supporting creative communication to design objects, and of stakeholder-involvement in early design. In all observations and case studies we found that non-formal techniques supported strong collaboration resulting in deep understanding of early design ideas, of their value and of the feasibility of solutions.

Causal behavioural profiles : efficient computation, applications, and evaluation

Analysis of behavioural consistency is an important aspect of software engineering. In process and service management, consistency verification of behavioural models has manifold applications. For instance, a business process model used as system specification and a corresponding workflow model used as implementation have to be consistent. Another example would be the analysis to what degree a process log of executed business operations is consistent with the corresponding normative process model. Typically, existing notions of behaviour equivalence, such as bisimulation and trace equivalence, are applied as consistency notions. Still, these notions are exponential in computation and yield a Boolean result. In many cases, however, a quantification of behavioural deviation is needed along with concepts to isolate the source of deviation. In this article, we propose causal behavioural profiles as the basis for a consistency notion. These profiles capture essential behavioural information, such as order, exclusiveness, and causality between pairs of activities of a process model. Consistency based on these profiles is weaker than trace equivalence, but can be computed efficiently for a broad class of models. In this article, we introduce techniques for the computation of causal behavioural profiles using structural decomposition techniques for sound free-choice workflow systems if unstructured net fragments are acyclic or can be traced back to S- or T-nets. We also elaborate on the findings of applying our technique to three industry model collections.

Histories of user-generated content : between formal and informal media economies

Debates about user-generated content (UGC) often depend on a contrast with its normative opposite, the professionally produced content that is supported and sustained by commercial media businesses or public organisations. UGC is seen to appear within or in opposition to professional media, often as a disruptive, creative, change-making force. Our suggestion is to position UGC not in opposition to professional or "producer media", or in hybridised forms of subjective combination with it (the so-called "pro-sumer" or "pro-am" system), but in relation to different criteria, namely the formal and informal elements in media industries. In this article, we set out a framework for the comparative and historical analysis of UGC systems and their relations with other formal and informal media activity, illustrated with examples ranging from games to talkback radio. We also consider the policy implications that emerge from a historicised reading of UGC as a recurring dynamic within media industries, rather than a manifestation of consumer agency specific to digital cultures.

Non-formal techniques for requirements elicitation, modeling, and early assessment for services

Designing systems for multiple stakeholders requires frequent collaboration with multiple stakeholders from the start. In many cases at least some stakeholders lack a professional habit of formal modeling. We report observations from two case studies of stakeholder-involvement in early design where non-formal techniques supported strong collaboration resulting in deep understanding of requirements and of the feasibility of solutions.

Systematic integration of human factors in the specification of requirements for new railway technologies

Engineering design processes are necessary to attain the requisite standards of integrity for high-assurance safety-related systems. Additionally, human factors design initiatives can provide critical insights that parameterise their development. Unfortunately, the popular perception of human factors as a “forced marriage” between engineering and psychology often provokes views where the ‘human factor’ is perceived as a threat to systems design. Some popular performance-based standards for developing safety-related systems advocate identifying and managing human factors throughout the system lifecycle. However, they also have a tendency to fall short in their guidance on the application of human factors methods and tools, let alone how the outputs generated can be integrated in to various stages of the design process. This case study describes a project that converged engineering with human factors to develop a safety argument for new low-cost railway level crossing technology for system-wide implementation in Australia. The paper enjoins the perspectives of a software engineer and cognitive psychologist and their involvement in the project over two years of collaborative work to develop a safety argument for low-cost level crossing technology. Safety and reliability requirements were informed by applying human factors analytical tools that supported the evaluation and quantification of human reliability where users interfaced with the technology. The project team was confronted with significant challenges in cross-disciplinary engagement, particularly with the complexities of dealing with incongruences in disciplinary language. They were also encouraged to think ‘outside the box’ as to how users of a system interpreted system states and ehaviour. Importantly, some of these states, while considered safe within the boundary of the constituent systems that implemented safety-related functions, could actually lead the users to engage in deviant behaviour. Psychology explained how user compliance could be eroded to levels that effectively undermined levels of risk reduction afforded by systems. Linking the engineering and psychology disciplines intuitively, overall safety performance was improved by introducing technical requirements and making design decisions that minimized the system states and behaviours that led to user deviancy. As a commentary on the utility of transdisciplinary collaboration for technical specification, the processes used to bridge the two disciplines are conceptualised in a graphical model.

Formal home health care, informal care, and family decision making

We use the 1993 wave of the Assets and Health Dynamics Among the Oldest Old (AHEAD) data set to estimate a game-theoretic model of families' decisions concerning the provision of informal and formal care for elderly individuals. The outcome is the Nash equilibrium where each family member jointly determines her consumption, transfers for formal care, and allocation of time to informal care, market work, and leisure. We use the estimates to decompose the effects of adult children's opportunity costs, quality of care, and caregiving burden on their propensities to provide informal care. We also simulate the effects of a broad range of policies of current interest. © (2009) by the Economics Department of the University of Pennsylvania and the Osaka University Institute of Social and Economic Research Association.

Formal analysis of card-based payment systems in mobile devices

To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.

Digital image watermarking: its formal model, fundamental properties and possible attacks

While formal definitions and security proofs are well established in some fields like cryptography and steganography, they are not as evident in digital watermarking research. A systematic development of watermarking schemes is desirable, but at present their development is usually informal, ad hoc, and omits the complete realization of application scenarios. This practice not only hinders the choice and use of a suitable scheme for a watermarking application, but also leads to debate about the state-of-the-art for different watermarking applications. With a view to the systematic development of watermarking schemes, we present a formal generic model for digital image watermarking. Considering possible inputs, outputs, and component functions, the initial construction of a basic watermarking model is developed further to incorporate the use of keys. On the basis of our proposed model, fundamental watermarking properties are defined and their importance exemplified for different image applications. We also define a set of possible attacks using our model showing different winning scenarios depending on the adversary capabilities. It is envisaged that with a proper consideration of watermarking properties and adversary actions in different image applications, use of the proposed model would allow a unified treatment of all practically meaningful variants of watermarking schemes.

What parents value from formal support services in the context of identified child abuse

Parents whose children are identified as having experienced or being at risk of experiencing significant harm potentially provide an invaluable dimension to our understanding of the circumstances that result in child abuse or neglect and how best to respond to these invariably complex situations. This paper reports findings from a study of the experiences of six parents. In-depth interviews were conducted with four mothers and two fathers who had been referred to an intensive family support services by the Queensland statutory child protection authority. Using a critical ecological perspective, the study focused on identifying and understanding the experiences of the parents in using formal family support services, including aspects of service delivery that were helpful or unhelpful. Parents also commented on their experiences of statutory child protection services. Service components and worker qualities that parents identified as being helpful included being accessible, targeted and integrated and being able to meet a continuum of needs, from a micro to a broader level. Their reports provide invaluable insight into how formal family support services, including child protection services, can better meet the needs of parents in addressing the recurring problem of child maltreatment.

Augmenting and assisting model elicitation tasks with 3D virtual world context metadata

Accurate process model elicitation continues to be a time consuming task, requiring skill on the part of the interviewer to extract explicit and tacit process information from the interviewee. Many errors occur in this elicitation stage that would be avoided by better activity recall, more consistent specification methods and greater engagement in the elicitation process by interviewees. Theories of situated cognition indicate that interactive 3D representations of real work environments engage and prime the cognitive state of the viewer. In this paper, our major contribution is to augment a previous process elicitation methodology with virtual world context metadata, drawn from a 3D simulation of the workplace. We present a conceptual and formal approach for representing this contextual metadata, integrated into a process similarity measure that provides hints for the business analyst to use in later modelling steps. Finally, we conclude with examples from two use cases to illustrate the potential abilities of this approach.

Aboriginal and Torres Strait Islander university students conceptions of formal learning and experiences of informal learning

This paper describes an investigation of conceptions of learning held by 22 Aboriginal and Torres Strait Islander students from three universities in Queensland, Australia. Other areas investigated were students' experiences of informal learning, their reasons for studying and the strategies they used to learn. Research into conceptions of learning is gaining impetus and current beliefs include the premise that approaches to learning adopted by university students, and hence learning outcomes, are closely related to their conceptions of learning. There is substantial research focused on Aboriginal learning styles in early childhood and primary school which indicates that Aboriginal children prefer to learn in a practical way as well as through observation and imitation and trial and error. Very little research has focused specifically on Aboriginal university students' conceptions of learning. Results of this study found that these students view and approach formal university learning in much the same way as other university students and most hold quantitative conceptions of learning. The most interesting result was the difference between students' conceptions of formal learning and their experiences of informal learning. Many students' experiences of informal learning were grounded in practical activities or exhibited a cultural focus, however, most formal learning is not dependent upon practical or cultural knowledge. It is proposed that formal learning for Indigenous students recognise and include an Indigenous perspective such as integrating, where appropriate, practical strategies for learning. We also suggest that Indigenous students be helped to develop conceptions that will enable them to learn formal, theoretical material successfully.