Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.

Client recommendations for financial incentives on construction projects

Purpose: To provide recommendations for construction clients who design and implement financial incentive mechanisms (FIMs) on projects. ---------- Methodology: Four large Australian building projects commissioned by government clients under managing contractor contracts and completed between 2001 and 2005 were examined to explore the ‘drivers’ that promoted motivation toward financial incentive goals. The results were triangulated across data sources, projects and stakeholder types. ---------- Findings: FIM design should incorporate: 1. flexibility to modify goals and measurement procedures over time, 2. multiple goals covering different project areas, 3. distribution of rewards across all the key organizations contributing to team performance (e.g. potentially not just the contractor, but the subcontractors and consultants) and a reward amount sufficient to be valued by potential recipients. FIM benefits are maximized through the following complementary procurement initiatives: 4. equitable contract risk allocation, 5. early contractor involvement in design, 6. value-driven tender selection, 7. relationship workshops, and 8. future work opportunities.---------- Research Limitations: This paper provides practical recommendations to industry and hence does not emphasize theoretical aspects.---------- Practical Implications: The uptake of these recommendations is likely to increase the impact of FIMs on motivation and improve project and industry outcomes. Although the study focuses on government clients of building projects, all the recommendations would seem to apply equally to private-sector clients and to non-building projects.---------- Originality: In order to improve motivation and reward high performance, clients are increasingly using FIM in their construction contracts. Despite the rising use of financial incentives, there is a lack of comprehensive construction-specific knowledge available to help clients maximize outcomes. The study addresses this gap in the literature.

Motivation toward financial incentive goals on construction projects

Construction industry observers tout the use of financial incentives as promoters of motivation and commitment on projects. Yet, little empirical evidence exists concerning their effectiveness. What are the drivers of motivation on construction projects? The reasons that construction project participants are motivated to pursue voluntary incentive goals are examined through four Australian case studies. The results demonstrate the critical role played by project relationships and equitable contract conditions in promoting the effectiveness of financial incentives. In the context of a construction project, this study finds financial incentives to be less important to motivation and performance than relationship enhancement initiatives. This finding is unexpected and has implications for the design of project procurement strategies. These results suggest if project clients ignore the importance of relationship quality between participants, the impact of any financial incentive will be compromised.

Automatic generation of assertions to detect potential security vulnerabilities in C programs that use union and pointer types

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Strategic entrepreneurship in New Zealand's state-owned enterprises : underlying elements and financial implications

The concept of strategic entrepreneurship has received increased attention over the past ten yeras. Viewed as the intersection of entrepreneurship and strategy this field of research is populated by conceptual studies which focus mainly on the nature and perceived benefits of strategic entrepreneurship. Similarly the study of entrepreneurship in a public sector context has gained increasing support in recent years but also remains underexplored. To address these gaps this thesis considers : what are the underlying elements and financial implications of strategic entrepreneurship in New Zealand's state-owned enterprises, New Zealand's SOE sector comprising 17 government-owned,commercially focused organisations, is considered to be a prime subject for this research. Well known for their implementation of new public management, many New Zealand SOEs have also been publicly recognised as both innovative and entrepreneurial. The research question is addressed by first developing a preliminary framework of strategic entrepreneurship from literature on entrepreneurhsip and strategy. The framework is then examined in the context of case studies on activity.

Financial planning and well-being

The aim of this paper is to provide a review of the theoretical and research literature on the ways in which financial planning can enhance well-being. In reviewing the literature, the paper develops a conceptual framework for thinking about the extended value of financial planning, beyond financial outcomes, by examining the process of planning in the financial domain and its relationship to life satisfaction, living an intentional life, attainment of life goals, and the development of a sense of mastery. An essential element of psychological well-being is engagement in life tasks and roles. Planning can be considered a life management strategy that enables individuals to control and structure their lives. Having meaningful goals and the plans to achieve those goals enable individuals to experience higher levels of life engagement and well-being (MacLeod et al., 2008). Recent research on well-being suggests that domain-specific behaviours contribute to domain-specific satisfactions, which in turn contribute to an individual’s overall satisfaction with life (Easterlin, 2003; 2006). Thus changes in domain satisfaction, such as financial satisfaction, are likely to effect changes in life satisfaction.

An analysis of the Brisbane residential property market and the global financial crisis

The period from 2007 to 2009 covered the residential property boom from early 2000, to the property recession following the Global Financial Crisis. Since late 2008, a number of residential property markets have suffered significant falls in house prices, buth this has not been consistent across all market sectors. This paper will analyze the housing market in Brisbane Australia to determine the impact, similarities and differences that the4 GFC had on range of residential sectors across a divesified property market. Data analysis will provide an overview of residential property prices, sales and listing volumes over the study period and will provide a comparison of median house price performance across the geographic and socio-economic areas of Brisbane.

How HCI design influences web security decisions

Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.

The regulation of insurance intermediaries in the Australian financial services market

The insurance industry discharges a critical role in the Australian economy and is a significant part of the Australian financial services market. The industry relies upon intermediaries, the principal types being brokers and agents, to promote, arrange and distribute their products and services in the market. The pivotal role that they play in this context and sensitivities associated with the consumer oriented products, such as house and contents insurance, has ensured close regulatory attention. Of particular importance was the passage of the Insurance (Agents and Brokers) Act 1984 (Cth), a comprehensive attempt to address the responsibilities of intermediaries as well as particular problem areas associated with the handling of money. However, with the introduction of financial services and market reform early in the new millennium this insurance intermediary specific regulatory approach was abandoned in favour of a market-wide strategy; that is, market reform was based upon across-the-board licensing, disclosure, conduct and fairness standards, and all financial products and services are now regulated at a generic level under Ch 7 of the Corporations Act 2001 (Cth). This article briefly explores the categories of insurance intermediaries and the relevant distinctions between them but focuses mainly upon the regulatory context in which they operate. This context transcends a strictly legal framework as the regulatory body, the Australian Securities and Investments Commission (ASIC), has sought to inform and guide the market through Policy Statements and Regulatory Guides. The usefulness of these guides as an adjunct to the legislation in explaining the scope and operation of regulatory framework is examined. In addition, the article looks at the self-regulatory and dispute resolution practices in this area and their impact. In conclusion an assessment of this across-the-board regulatory regime is advanced.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.