Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.

On the robustness and security of digital image watermarking

In most of the digital image watermarking schemes, it becomes a common practice to address security in terms of robustness, which is basically a norm in cryptography. Such consideration in developing and evaluation of a watermarking scheme may severely affect the performance and render the scheme ultimately unusable. This paper provides an explicit theoretical analysis towards watermarking security and robustness in figuring out the exact problem status from the literature. With the necessary hypotheses and analyses from technical perspective, we demonstrate the fundamental realization of the problem. Finally, some necessary recommendations are made for complete assessment of watermarking security and robustness.

Performance and scalability assessment for non-certificate-based public key management in VANETS

Current research in secure messaging for Vehicular Ad hoc Networks (VANETs) appears to focus on employing a digital certificate-based Public Key Cryptosystem (PKC) to support security. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This paper proposes a non-certificate-based public key management for VANETs. A comprehensive evaluation of performance and scalability of the proposed public key management regime is presented, which is compared to a certificate-based PKC by employing a number of quantified analyses and simulations. Not only does this paper demonstrate that the proposal can maintain security, but it also asserts that it can improve overall performance and scalability at a lower cost, compared to the certificate-based PKC. It is believed that the proposed scheme will add a new dimension to the key management and verification services for VANETs.

Maintenance considerations in applied substation reliability assessment

This paper presents a reliability assessment of a substation, part of the Queensland transmission network in Australia. As part of a maintenance considerations, this study utilises the substation reliability assessment package STAREL to quantitatively compare the reliability improvement achieved by two circuit breaker reinforcement alternatives for Swanbank circuit breaker replacement or refurbishment. Substation reliability is interpreted on the basis of outage frequency and outage duration indices for each individual transmission line terminated in Swanbank 'B' substation. By considering the reliability indices in this paper with the cost associated conducted by POWERLINK Queensland, a Swanbank 'B' reinforcement alternative can be selected that optimises both transmission line security and the costs incurred in achieving it.

Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

A matrix for appropriate assessment of workplace learning in stem disciplines

With increasing interest shown by Universities in workplace learning, especially in STEM disciplines, an issue has arisen amongst educators and industry partners regarding authentic assessment tasks for work integrated learning (WIL) subjects. This paper describes the use of a matrix, which is also available as a decision-tree, based on the features of the WIL experience, in order to facilitate the selection of appropriate assessment strategies. The matrix divides the WIL experiences into seven categories, based on such factors as: the extent to which the experience is compulsory, required for membership of a professional body or elective; whether the student is undertaking a project, or embedding in a professional culture; and other key aspects of the WIL experience. One important variable is linked to the fundamental purpose of the assessment. This question revolves around the focus of the assessment: whether on the person (student development); the process (professional conduct/language); or the product (project, assignment, literature review, report, software). The matrix has been trialed at QUT in the Faculty of Science and Technology, and also at the University of Surrey, UK, and has proven to have good applicability in both universities.

Computer security incidents against Australian businesses : predictors of victimisation

Drawing on data from the Australian Business Assessment of Computer User Security (ABACUS) survey, this paper examines a range of factors that may influence businesses’ likelihood of being victimised by a computer security incident. It has been suggested that factors including business size, industry sector, level of outsourcing, expenditure on computer security functions and types of computer security tools and/or policies used may influence the probability of particular businesses experiencing such incidents. This paper uses probability modelling to test whether this is the case for the 4,000 businesses that responded to the ABACUS survey. It was found that the industry sector that a business belonged to, and business expenditure on computer security, were not related to businesses’ likelihood of detecting computer security incidents. Instead, the number of employees that a business has and whether computer security functions were outsourced were found to be key indicators of businesses’ likelihood of detecting incidents. Some of the implications of these findings are considered in this paper.

The development of a carrying capacity assessment model for the Australian socio-environmental context

A key aim of this research was to highlight how society's understanding of constraints to the productive capacity of its resource base is vital to its long-term survival. This was achieved through the development of an online model, the Carrying Capacity Dashboard. The Dashboard was developed to estimate how much land Australian populations require for the production of their food, textiles, timber and liquid fuel. Findings reveal that Australia's estimated carrying capacity is currently over 40 million people but longer-term and more regional analyses suggest a much smaller number. Carrying capacity assessment also indicates that optimal resource security is to be found in balancing both small and large-scale self-sufficiency.

An assessment of the geographical scale of recurrent gene flow in wild populations of two species of Mekong River carps (Henicorhynchus spp.)

The Mekong is the most productive river fishery in the world, and such as, the Mekong River Basin (MRB) is very important to very large human populations across the region as a source of revenue (through fishing and marketing of aquatic resources products) and as the major source for local animal protein. Threats to biodiversity in the MRB, either to the fishery sector itself or to other sectors are a major concern, even though currently, fisheries across this region are still very productive. If not managed properly however, fish population declines will cause significant economic impact and affect livelihoods of local people and will have a major impact on food security and nutrition. Biodiversity declines will undoubtedly affect food security, income and socio-economic status of people in the MRB that depend on aquatic resources. This is an indicator of unsustainable development and hence should be avoided. Genetic diversity (biodiversity) that can be measured using techniques based on DNA markers; refers to variation within and among populations within the same species or reproductive units. In a population, new genetic variation is generated by sexual recombination contributed by individuals with mutations in genes and chromosomes. Over time, populations of a species that are not reproducing together will diverge as differential impacts of selection and genetic drift change their genetic attributes. For mud carp (Henicorhynchus spp.), understanding the status of breeding units in the MRB will be important for their long term persistence, sustainability and for implementing effective management strategies. Earlier analysis of stock structure in two economically important mud carp species (Henicorhynchus siamensis and H. lobatus) in the MRB completed with mtDNA markers identified a number of populations of both species where gene flow had apparently been interrupted or reduced but applying these data directly to management unit identification is potentially compromised because information was only available about female dispersal patterns. The current study aimed to address this problem and to fully assess the extent of current gene flow (nDNA) and reproductive exchange among selected wild populations of two species of carp (Henicorhynchus spp.) of high economic importance in the MRB using combined mtDNA and nDNA markers. In combination, the data can be used to define effective management units for each species. In general, nDNA diversity for H. lobatus (with average allelic richness (A) 7.56 and average heterozygosity (Ho) 0.61) was very similar to that identified for H. siamensis (A = 6.81 and Ho = 0.75). Both mud carp species show significant but low FST estimates among populations as a result of lower genetic diversity among sampled populations compared with genetic diversity within populations that may potentially mask any 'real' population structure. Overall, population genetic structure patterns from mtDNA and nDNA in both Henicorhynchus species were largely congruent. Different population structures however, were identified for the two Henicorhynchus species across the same geographical area. Apparent co-similarity in morphology and co-distribution of these two relatively closely related species does not apparently imply parallel evolutionary histories. Differences in each species population structure likely reflect historical drainage rearrangement of the Mekong River. The data indicate that H. siamensis is likely to have occupied the Mekong system for much longer than has H. lobatus in the past. Two divergent stocks were identified for H. lobatus in the MRB below the Khone Falls while a single stock had been evident in the earlier mtDNA study. This suggests that the two Henicorhynchus species may possess different life history traits and that different patterns of gene flow has likely influenced modern genetic structure in these close congeners. In combination, results of the earlier mtDNA and the current study have implications for effective management of both Henicorhynchus species across the MRB. Currently, both species are essentially treated as a single management unit in this region. This strategy may be appropriate for H. lobatus as a single stock was evident in the main stream of the MRB, but may not be appropriate for H. siamensis as more than a single stock was identified across the same range for this species. Management strategies should consider this difference to conserve overall biodiversity (local discrete populations) and this will include maintaining natural habitat and migration pathways, provision of fish sanctuaries (refuges) and may also require close monitoring of any stock declines, a signal that may require effective recovery strategies.

Scalar considerations in carrying capacity assessment : an Australian example

Regional resource self-sufficiency has been proposed as a way to improve food security by lessening the demand on long-distance transport. An online tool, the Carrying Capacity Dashboard, was developed for Australian conditions in order to gauge self-sufficiency at three different scales: regional, state and national. It allows users to test a variety of societal behaviours such as diet, biofuel production, farming systems and ecological protection practices. Analysis developed from the Dashboard tests the effects of various resource consumption patterns on land carrying capacity. Findings reveal that Australia’s current carrying capacity is estimated to be over 40 million, but if calculated on a regional basis, this is reduced by almost half.

Assessment of robust autonomy for unmanned systems : progress and challenges

The growing number of potential applications of Unmanned Aircraft Systems (UAS) in civilian operations and national security is putting pressure of National Airworthiness Authorities to provide a path for certification and allow UAS integration into the national airspace. The success of this integration depends not only on developments in improved UAS reliability and safety, but also on regulations for certification, and methodologies for operational performance and safety assessment. This paper focuses on the latter and describes progress in relation to a previously proposed framework for evaluating robust autonomy of UAS. The paper draws parallels between the proposed evaluation framework and the evaluation of pilots during the licensing process. It discusses how the data from the proposed evaluation can be used as an aid for decision making in certification and UAS designs. Finally, it discusses challenges associated with the evaluation.