Policy filtering with XACML

This paper presents a modified approach to evaluate access control policy similarity and dissimilarity based on the proposal by Lin et al. (2007). Lin et al.'s policy similarity approach is intended as a filter stage which identifies similar XACML policies that can be analysed further using more computationally demanding techniques based on model checking or logical reasoning. This paper improves the approach of computing similarity of Lin et al. and also proposes a mechanism to calculate a dissimilarity score by identifying related policies that are likely to produce different access decisions. Departing from the original algorithm, the modifications take into account the policy obligation, rule or policy combining algorithm and the operators between attribute name and value. The algorithms are useful in activities involving parties from multiple security domains such as secured collaboration or secured task distribution. The algorithms allow various comparison options for evaluating policies while retaining control over the restriction level via a number of thresholds and weight factors.

Legal ethics in a post-Westphalian world : building the international rule of law and otehr tasks

The emergence of strong sovereign states after the Treaty of Westphalia turned two of the most cosmopolitan professions (law and arms) into two of the least cosmopolitan. Sovereign states determined the content of the law within their borders – including which, if any, ecclesiastical law was to be applied; what form of economic regulation was adopted; and what, if any, international law applied. Similarly, states sought to ensure that all military force was at their disposal in national armies. The erosion of sovereignty in a post-Westphalian world may significantly reverse these processes. The erosion of sovereignty is likely to have profound consequences for the legal profession and the ethics of how, and for what ends, it is practised. Lawyers have played a major role in the civilization of sovereign states through the articulation and institutionalisation of key governance values – starting with the rule of law. An increasingly global profession must take on similar tasks. The same could be said of the military. This essay will review the concept of an international rule of law and its relationship to domestic conceptions and outline the task of building the international rule of law and the role that lawyers can and should play in it.

Politics and school education in Australia : a case of shifting purposes

Purpose – The paper aims to argue that there has been a privileging of the private (social mobility) and economic (social efficiency) purposes of schooling at the expense of the public (democratic equality) purposes of schooling. Design/methodology/approach – The paper employs a literature review, policy and document analysis. Findings – Since the late 1980s, the schooling agenda in Australia has been narrowed to one that gives primacy to purposes of schooling that highlight economic orientations (social efficiency) and private purposes (social mobility). Practical implications – The findings have wider relevance beyond Australia, as similar policy agendas are evident in many other countries raising the question as to how the shift in purposes of education in those countries might mirror those in Australia. Originality/value – While earlier writers have examined schooling policies in Australia and noted the implications of managerialism in relation to these policies, no study has analysed these policies from the perspective of the purposes of schooling. Conceptualising schooling, and its purposes in particular, in this way refocuses attention on how societies use their educational systems to promote (or otherwise) the public good.

Navigating, recognizing and describing urban spaces with vision and lasers

In this paper we describe a body of work aimed at extending the reach of mobile navigation and mapping. We describe how running topological and metric mapping and pose estimation processes concurrently, using vision and laser ranging, has produced a full six-degree-of-freedom outdoor navigation system. It is capable of producing intricate three-dimensional maps over many kilometers and in real time. We consider issues concerning the intrinsic quality of the built maps and describe our progress towards adding semantic labels to maps via scene de-construction and labeling. We show how our choices of representation, inference methods and use of both topological and metric techniques naturally allow us to fuse maps built from multiple sessions with no need for manual frame alignment or data association.

An approach to access control under uncertainty

In dynamic and uncertain environments such as healthcare, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. The uncertainty stems from the unpredictability of users’ operational needs as well as their private incentives to misuse permissions. In Role Based Access Control (RBAC), a user’s legitimate access request may be denied because its need has not been anticipated by the security administrator. Alternatively, even when the policy is correctly specified an authorised user may accidentally or intentionally misuse the granted permission. This paper introduces a novel approach to access control under uncertainty and presents it in the context of RBAC. By taking insights from the field of economics, in particular the insurance literature, we propose a formal model where the value of resources are explicitly defined and an RBAC policy (entailing those predictable access needs) is only used as a reference point to determine the price each user has to pay for access, as opposed to representing hard and fast rules that are always rigidly applied.

Optimal budget allocation in budget-based access control

In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.

A taint marking approach to confidentiality violation detection

This article presents a novel approach to confidentiality violation detection based on taint marking. Information flows are dynamically tracked between applications and objects of the operating system such as files, processes and sockets. A confidentiality policy is defined by labelling sensitive information and defining which information may leave the local system through network exchanges. Furthermore, per application profiles can be defined to restrict the sets of information each application may access and/or send through the network. In previous works, we focused on the use of mandatory access control mechanisms for information flow tracking. In this current work, we have extended the previous information flow model to track network exchanges, and we are able to define a policy attached to network sockets. We show an example application of this extension in the context of a compromised web browser: our implementation detects a confidentiality violation when the browser attempts to leak private information to a remote host over the network.

Identifying differences in safe roads and crash prone roads using clustering data mining

Road asset managers are overwhelmed with a high volume of raw data which they need to process and utilise in supporting their decision making. This paper presents a method that processes road-crash data of a whole road network and exposes hidden value inherent in the data by deploying the clustering data mining method. The goal of the method is to partition the road network into a set of groups (classes) based on common data and characterise the class crash types to produce a crash profiles for each cluster. By comparing similar road classes with differing crash types and rates, insight can be gained into these differences that are caused by the particular characteristics of their roads. These differences can be used as evidence in knowledge development and decision support.

Practice and procedure : an application under r367 of the Uniform Civil Procedure Rules may be of use in obtaining copies of otherwise unavailable documents held by government agencies.

In Bowenbrae Pty Ltd v Flying Fighters Maintenance and Restoration [2010] QDC 347 Reid DCJ made orders requiring the plaintiffs to make application under the Freedom of Information Act 1982 (Cth) (“the FOI Act”) for documents sought by the defendant.