Browser security : a requirements-based approach

A browser is a convenient way to access resources located remotely on computer networks. Security in browsers has become a crucial issue for users who use them for sensitive applications without knowledge ofthe hazards. This research utilises a structure approach to analyse and propose enhancements to browser security. Standard evaluation for computer products is important as it helps users to ensure that the product they use is appropriate for their needs. Security in browsers, therefore, has been evaluated using the Common Criteria. The outcome of this was a security requirements profile which attempts to formalise the security needs of browsers. The information collected during the research was used to produce a prototype model for a secure browser program. Modifications to the Lynx browser were made to demonstrate the proposed enhancements.

Securing IEEE 802.11 wireless LANs

As the acceptance and popularity of wireless networking technologies has proliferated, the security of the IEEE 802.11 wireless local area network (WLAN) has advanced in leaps and bounds. From tenuous beginnings, where the only safe way to deploy a WLAN was to assume it was hostile and employ higherlayer information security controls, to the current state of the art, all manner of improvements have been conceived and many implemented. This work investigates some of the remaining issues surrounding IEEE 802.11 WLAN operation. While the inherent issues in WLAN deployments and the problems of the original Wired Equivalent Privacy (WEP) provisions are well known and widely documented, there still exist a number of unresolved security issues. These include the security of management and control frames and the data link layer protocols themselves. This research introduces a novel proposal to enhance security at the link layer of IEEE 802.11 WLANs and then conducts detailed theoretical and empirical investigation and analysis of the eects of such proposals. This thesis �rst de�nes the state of the art in WLAN technology and deployment, including an overview of the current and emerging standards, the various threats, numerous vulnerabilities and current exploits. The IEEE 802.11i MAC security enhancements are discussed in detail, along with the likely outcomes of the IEEE 802.11 Task Group W1, looking into protected management frames. The problems of the remaining unprotected management frames, the unprotected control frames and the unprotected link layer headers are reviewed and a solution is hypothesised, to encrypt the entire MAC Protocol Data Unit (MPDU), including the MAC headers, not just the MAC Service Data Unit (MSDU) commonly performed by existing protocols. The proposal is not just to encrypt a copy of the headers while still using cleartext addresses to deliver the frame, as used by some existing protocols to support the integrity and authenticity of the headers, but to pass the entire MPDU only as ciphertext to also support the con�dentiality of the frame header information. This necessitates the decryption of every received frame using every available key before a station can determine if it is the intended recipient. As such, this raises serious concerns as to the viability of any such proposal due to the likely impact on throughput and scalability. The bulk of the research investigates the impacts of such proposals on the current WLAN protocols. Some possible variations to the proposal are also provided to enhance both utility and speed. The viability this proposal with respect to the eect on network throughput is then tested using a well known and respected network simulation tool, along with a number of analysis tools developed speci�cally for the data generated here. The simulator's operation is �rst validated against recognised test outputs, before a comprehensive set of control data is established, and then the proposal is tested and and compared against the controls. This detailed analysis of the various simulations should be of bene�t to other researchers who need to validate simulation results. The analysis of these tests indicate areas of immediate improvement and so the protocols are adjusted and a further series of experiments conducted. These �nal results are again analysed in detail and �nal appraisals provided.

Evaluating the effect of a patient education brochure on patients’ expectations and satisfaction with emergency department service

Introduction: The purpose of this study was to assess the capacity of a written intervention, in this case a patient information brochure, to improve patient satisfaction during an Emergency Department (ED) visit. For the purpose of measuring the effect of the intervention the ED journey was conceptualised as a series of distinct areas of service comprising waiting time, service by the triage nurse, care from doctors and nurses and information giving Background of study: Research into patient satisfaction has become a widespread activity endorsed by both governments and hospital administrations. The literature on ED patient satisfaction has consistently indicated three primary areas of patient dissatisfaction: waiting time, nursing care and communication. Recent developments in the literature on patient satisfaction studies however have highlighted the relationship between patients. expectations of a service encounter and their consequent assessment of the experience as dissatisfying or satisfying. Disconfirmation theory posits that the degree to which expectations are confirmed will affect subsequent levels of satisfaction. The conceptual framework utilised in this study is Coye.s (2004) model of disconfirmation. Coye while reiterating satisfaction is a consequence of the degree expectations are either confirmed or disconfirmed also posits that expectations can be modified by interventions. Coye.s work conceptualises these interventions as intra encounter experiences (cues) which function to adjust expectations. Coye suggests some cues are unintended and may have a negative impact which also reinforces the value of planned cues intended to meet or exceed consumer expectations. Consequently the brochure can be characterized as a potentially positive cue, encouraging the patient to understand processes and to orient them in what can be a confronting environment. Only a limited number of studies have examined the effect of written interventions within an ED. No studies could be located which have tested the effect of ED interventions using a conceptual framework which relates the effect of the degree to which expectations are confirmed or disconfirmed in terms of satisfaction with services. Method: Two studies were conducted. Study One used qualitative methods to explore patients. expectations of the ED from the perspective of both patients and health care professionals. Study One was used in part to direct the development of the intervention (brochure) in Study Two. The brochure was an intervention designed to modify patients. expectations thus increasing their satisfaction with the provision of ED service. As there was no existing tools to measure ED patients. expectations and satisfaction a new tool was also developed based on the findings and the literature of Study One. Study Two used a non-randomised, quasi-experimental approach using a non-equivalent post-test only comparison group design used to investigate the effect of the patient education brochure (Stommel and Wills, 2004). The brochure was disseminated to one of two study groups (the intervention group). The effect of the brochure was assessed by comparing the data obtained from both the intervention and control group. These two groups consisted of 150 participants each. It was expected that any differences in the relevant domains selected for examination would indicate the effect of the brochure both on expectation and potentially satisfaction. Results: Study One revealed several areas of common ground between patients and nurses in terms of relevant content for the written intervention, including the need for information on the triage system and waiting times. Areas of difference were also found with patients emphasizing communication issues, whereas focus group members expressed concern that patients were often unable to assimilate verbal information. The findings suggested the potential utility of written material to reinforce verbal communication particularly in terms of the triage process and other ED protocols. This material was synthesized within the final version of the written intervention. Overall the results of Study Two indicated no significant differences between the two groups. The intervention group did indicate a significant number of participants who viewed the brochure of having changed their expectations. The effect of the brochure may have been obscured by a lack of parity between the two groups as the control group presented with statistically significantly higher levels of acuity and experienced significantly shorter waiting times. In terms of disconfirmation theory this would suggest expectations that had been met or exceeded. The results confirmed the correlation of expectations with satisfaction. Several domains also indicated age as a significant predictor with older patients tending to score higher satisfaction results. Other significant predictors of satisfaction established were waiting time and care from nurses, reinforcing the combination of efficient service and positive interpersonal experiences as being valued by patients. Conclusions: Information presented in written form appears to benefit a significant number of ED users in terms of orientation and explaining systems and procedures. The degree to which these effects may interact with other dimensions of satisfaction however is likely to be limited. Waiting time and interpersonal behaviours from staff also provide influential cues in determining satisfaction. Written material is likely to be one element in a series of coordinated strategies to improve patient satisfaction during periods of peak demand.

The mobile phone as a multi OTP device using trusted computing

The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impact their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on giving the user a hardware token that generates one-time-passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this paper, we propose a scalable OTP solution using mobile phones and based on trusted computing technology that combines enhanced usability with strong security.

A matter of confidence : privacy compliance for connected-up enterprises

Governments around the world are increasingly investing in information and communications technology (ICT) as a means of improving service delivery to citizens. Government ICT adoption is also being driven by a desire to streamline information accessibility and information flows within government - both between different levels of government and between different departments at the same level. Increasing the availability of information internally and to citizens has clear and compelling benefits but it also carries risks that must be carefully managed. This talk will examine the implications of such E-government initiatives for a range of compliance obligations, with a focus on information privacy. It will review recent developments in the area of systems-based enforcement of privacy policies and the particular privacy challenges presented by the aggregation of geospatial information.

Service learning in teacher education

If the student wellbeing pedagogy characterised by the troika metaphor is to become more widely adopted, beginning teachers need to be inducted into service learning. In this chapter, we discuss the implementation and outcomes of a service learning program in a Bachelor of Education course in Australia. The program provides pre-service teachers with insights into service learning practice. Pre-service teachers are given supported opportunities to examine and challenge traditional beliefs and values about student diversity and the role of schools in developing a more inclusive society. They are supported in developing ethics of care and concern for inclusive and equitable practices – characteristics necessary for quality teaching. Thus, the Queensland University of Technology (QUT) service learning program is an ideal example of the troika effect in practice, in that the pedagogy fuses values education, quality teaching and service learning to develop within each student an inclusive ethical framework that will inform their classroom practice as beginning quality teachers.

Embedding 'philosophy in the classroom' in pre-service teacher education

The holistic conception of the troika, as described in the first chapter, centres on the relationship between the implicit and explicit teaching of values the nurturing of the specific dimensions of quality teaching and the opportunity to ‘walk the talk’ of the values education program through aspects such as practical citizenship (Lovat, Toomey, Clement, Crotty & Nielsen, 2009). It is proposed in this chapter that the conception can be realized through the embedding of Philosophy in the Classroom within pre-service teaching programs. The troika, a Russian sleigh with three horses, only function well when there is complete synergy and balance between all Classroom is a scaffold for ensuring that all three elements of the troika, namely, quality teaching, values education and service learning in the form of education for citizenship, exist within the classroom to achieve an optimal learning, growth and wellbeing for all students. For this to be more widely accomplished Philosophy in the Classroom and discusses how it constitutes a successful synergy and balance of the troika for effective teaching. It then proposes how it might be embedded into pre-service teacher education.

Service bid comparisons by fuzzy ranking in open railway market timetabling

In an open railway access market, the Infrastructure Provider (IP), upon the receipts of service bids from the Train Service Providers (TSPs), assigns track access rights according to its own business objectives and the merits of the bids; and produces the train service timetable through negotiations. In practice, IP chooses to negotiate with the TSPs one by one in such a sequence that IP optimizes its objectives. The TSP bids are usually very complicated, containing a large number of parameters in different natures. It is a difficult task even for an expert to give a priority sequence for negotiations from the contents of the bids. This study proposes the application of fuzzy ranking method to compare and prioritize the TSP bids in order to produce a negotiation sequence. The results of this study allow investigations on the behaviors of the stakeholders in bid preparation and negotiation, as well as evaluation of service quality in the open railway market.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.