The prevalence and concentration of Escherichia coli O157 in faeces of cattle from different production systems at slaughter

Aims: To determine the prevalence and concentration of Escherichia coli O157 shed in faeces at slaughter, by beef cattle from different production systems. Methods and Results: Faecal samples were collected from grass-fed (pasture) and lot-fed (feedlot) cattle at slaughter and tested for the presence of E. coli O157 using automated immunomagnetic separation (AIMS). Escherichia coli O157 was enumerated in positive samples using the most probable number (MPN) technique and AIMS and total E. coli were enumerated using Petrifilm. A total of 310 faecal samples were tested (155 from each group). The geometric mean count of total E. coli was 5 x 10(5) and 2.5 x 10(5) CFU g(-1) for lot- and grass-fed cattle, respectively. Escherichia coli O157 was isolated from 13% of faeces with no significant difference between grass-fed (10%) and lot-fed cattle (15%). The numbers of E. coli O157 in cattle faeces varied from undetectable (

Field-based evaluation of semipermeable membrane devices (SPMDs) as passive air samplers of polyaromatic hydrocarbons (PAHs)

Semipermeable membrane devices (SPMDs) have been used as passive air samplers of semivolatile organic compounds in a range of studies. However, due to a lack of calibration data for polyaromatic hydrocarbons (PAHs), SPMD data have not been used to estimate air concentrations of target PAHs. In this study, SPMDs were deployed for 32 days at two sites in a major metropolitan area in Australia. High-volume active sampling systems (HiVol) were co-deployed at both sites. Using the HiVol air concentration data from one site, SPMD sampling rates were measured for 12 US EPA Priority Pollutant PAHs and then these values were used to determine air concentrations at the second site from SPMD concentrations. Air concentrations were also measured at the second site with co-deployed HiVols to validate the SPMD results. PAHs mostly associated with the vapour phase (Fluorene to Pyrene) dominated both the HiVol and passive air samples. Reproducibility between replicate passive samplers was satisfactory (CV < 20%) for the majority of compounds. Sampling rates ranged between 0.6 and 6.1 m(3) d(-1). SPMD-based air concentrations were calculated at the second site for each compound using these sampling rates and the differences between SPMD-derived air concentrations and those measured using a HiVol were, on average, within a factor of 1.5. The dominant processes for the uptake of PAHs by SPMDs were also assessed. Using the SPMD method described herein, estimates of particulate sorbed airborne PAHs with five rings or greater were within 1.8-fold of HiVol measured values. (C) 2004 Elsevier Ltd. All rights reserved.

Towards platform-independent real-time systems

Real-time software systems are rarely developed once and left to run. They are subject to changes of requirements as the applications they support expand, and they commonly outlive the platforms they were designed to run on. A successful real-time system is duplicated and adapted to a variety of applications - it becomes a product line. Current methods for real-time software development are commonly based on low-level programming languages and involve considerable duplication of effort when a similar system is to be developed or the hardware platform changes. To provide more dependable, flexible and maintainable real-time systems at a lower cost what is needed is a platform-independent approach to real-time systems development. The development process is composed of two phases: a platform-independent phase, that defines the desired system behaviour and develops a platform-independent design and implementation, and a platform-dependent phase that maps the implementation onto the target platform. The last phase should be highly automated. For critical systems, assessing dependability is crucial. The partitioning into platform dependent and independent phases has to support verification of system properties through both phases.

Model-Driven safety evaluation with state-event-based component failure annotations

Over the past years, the paradigm of component-based software engineering has been established in the construction of complex mission-critical systems. Due to this trend, there is a practical need for techniques that evaluate critical properties (such as safety, reliability, availability or performance) of these systems. In this paper, we review several high-level techniques for the evaluation of safety properties for component-based systems and we propose a new evaluation model (State Event Fault Trees) that extends safety analysis towards a lower abstraction level. This model possesses a state-event semantics and strong encapsulation, which is especially useful for the evaluation of component-based software systems. Finally, we compare the techniques and give suggestions for their combined usage

Pattern-based reuse of successful designs: usability ofsafety-critical systems

Users of safety-critical systems are expected to effectively control or monitor complex systems, with errors potentially leading to catastrophe. For such systems, safety is of paramount importance and must be designed into the human-machine interface. While many case studies show how inadequate design practice led to poor safety and usability, concrete guidance on good design practices is scarce. The paper argues that the pattern language paradigm, widely used in the software design community, is a suitable means of documenting appropriate design strategies. We discuss how typical usability-related properties (e.g., flexibility) need some adjustment to be used for assessing safety-critical systems, and document a pattern language, based on corresponding "safety-usability" principles

The development of hard real-time systems using a formal approach

Hard real-time systems are a class of computer control systems that must react to demands of their environment by providing `correct' and timely responses. Since these systems are increasingly being used in systems with safety implications, it is crucial that they are designed and developed to operate in a correct manner. This thesis is concerned with developing formal techniques that allow the specification, verification and design of hard real-time systems. Formal techniques for hard real-time systems must be capable of capturing the system's functional and performance requirements, and previous work has proposed a number of techniques which range from the mathematically intensive to those with some mathematical content. This thesis develops formal techniques that contain both an informal and a formal component because it is considered that the informality provides ease of understanding and the formality allows precise specification and verification. Specifically, the combination of Petri nets and temporal logic is considered for the specification and verification of hard real-time systems. Approaches that combine Petri nets and temporal logic by allowing a consistent translation between each formalism are examined. Previously, such techniques have been applied to the formal analysis of concurrent systems. This thesis adapts these techniques for use in the modelling, design and formal analysis of hard real-time systems. The techniques are applied to the problem of specifying a controller for a high-speed manufacturing system. It is shown that they can be used to prove liveness and safety properties, including qualitative aspects of system performance. The problem of verifying quantitative real-time properties is addressed by developing a further technique which combines the formalisms of timed Petri nets and real-time temporal logic. A unifying feature of these techniques is the common temporal description of the Petri net. A common problem with Petri net based techniques is the complexity problems associated with generating the reachability graph. This thesis addresses this problem by using concurrency sets to generate a partial reachability graph pertaining to a particular state. These sets also allows each state to be checked for the presence of inconsistencies and hazards. The problem of designing a controller for the high-speed manufacturing system is also considered. The approach adopted mvolves the use of a model-based controller: This type of controller uses the Petri net models developed, thus preservIng the properties already proven of the controller. It. also contains a model of the physical system which is synchronised to the real application to provide timely responses. The various way of forming the synchronization between these processes is considered and the resulting nets are analysed using concurrency sets.

Ultra-long haul optical fibre transmission systems

This thesis examines experimentally options for optical fibre transmission over oceanic distances. Its format follows the chronological evolution of ultra-long haul optical systems, commencing with opto-electronic regenerators as repeaters, progressing to optically amplified NRZ systems and finally solitonic propagation. In each case recirculating loop techniques are deployed to simplify the transmission experiments. Advances in high speed electronics have allowed regenerators operating at 10 Gbit/s to become a practical reality. By augmenting such devices with optical amplifiers it is possible to greatly enhance the repeater spacing. Work detailed in this thesis has culminated in the propagation of 10 Gbit/s data over 400,000 km with a repeater spacing of 160 km. System reliability and robustness are enhanced by the use of a directly modulated DFB laser transmitter and total insensitivity of the system to the signal state of polarisation. Optically amplified ultra-long haul NRZ systems have taken on particular importance with the impending deployment of TAT 12/13 and TPC 5. The performance of these systems is demonstrated to be primarily limited by analogue impairments such as the accumulation of amplifier noise, polarisation effects and optical non-linearities. These degradations may be reduced by the use of appropriate dispersion maps and by scrambling the transmitted state of signal polarisation. A novel high speed optically passive polarisation scrambler is detailed for the first time. At bit rates in excess of 10 Gbit/s it is shown that these systems are severely limited and do not offer the advantages that might be expected over regenerated links. Propagation using solitons as the data bits appears particularly attractive since the dispersive and non-linear effects of the fibre allow distortion free transmission. However, the generation of pure solitons is difficult but must be achieved if the uncontrolled transmission distance is to be maximised. This thesis presents a new technique for the stabilisation of an erbium fibre ring laser that has aUowed propagation of 2.5 Gbit/s solitons to the theoretical limit of ~ 18,000 km. At higher bit rates temporal jitter becomes a significant impairment and to aUow an increase in the aggregate line rate multiplexing in both time and polarisation domains has been proposed. These techniques are shown to be of only limited benefit in practical systems and ultimately some form of soliton transmission control is required. The thesis demonstrates synchronous retiming by amplitude modulation that has allowed 20 Gbit/s data to propagate 125,000 km error free with an amplifier spacing approaching the soliton period. Ultimately the speed of operation of such systems is limited by the electronics used and, thus, a new form of soliton control is demonstrated using all optical techniques to achieve synchronous phase modulation.

A formal methodology for the verification of concurrent systems

There is an increasing emphasis on the use of software to control safety critical plants for a wide area of applications. The importance of ensuring the correct operation of such potentially hazardous systems points to an emphasis on the verification of the system relative to a suitably secure specification. However, the process of verification is often made more complex by the concurrency and real-time considerations which are inherent in many applications. A response to this is the use of formal methods for the specification and verification of safety critical control systems. These provide a mathematical representation of a system which permits reasoning about its properties. This thesis investigates the use of the formal method Communicating Sequential Processes (CSP) for the verification of a safety critical control application. CSP is a discrete event based process algebra which has a compositional axiomatic semantics that supports verification by formal proof. The application is an industrial case study which concerns the concurrent control of a real-time high speed mechanism. It is seen from the case study that the axiomatic verification method employed is complex. It requires the user to have a relatively comprehensive understanding of the nature of the proof system and the application. By making a series of observations the thesis notes that CSP possesses the scope to support a more procedural approach to verification in the form of testing. This thesis investigates the technique of testing and proposes the method of Ideal Test Sets. By exploiting the underlying structure of the CSP semantic model it is shown that for certain processes and specifications the obligation of verification can be reduced to that of testing the specification over a finite subset of the behaviours of the process.

An expert system for the development of a health and safety policy/risk assessment in the plastics industry

Health and safety policies may be regarded as the cornerstone for positive prevention of occupational accidents and diseases. The Health and Safety at Work, etc Act 1974 makes it a legal duty for employers to prepare and revise a written statement of a general policy with respect to the health and safety at work of employees as well as the organisation and arrangements for carrying out that policy. Despite their importance and the legal equipment to prepare them, health and safety policies have been found, in a large number of plastics processing companies (particularly small companies), to be poorly prepared, inadequately implemented and monitored. An important cause of these inadequacies is the lack of necessary health and safety knowledge and expertise to prepare, implement and monitor policies. One possible way of remedying this problem is to investigate the feasibility of using computers to develop expert system programs to simulate the health and safety (HS) experts' task of preparing the policies and assisting companies implement and monitor them. Such programs use artificial intelligence (AI) techniques to solve this sort of problems which are heuristic in nature and require symbolic reasoning. Expert systems have been used successfully in a variety of fields such as medicine and engineering. An important phase in the feasibility of development of such systems is the engineering of knowledge which consists of identifying the knowledge required, eliciting, structuring and representing it in an appropriate computer programming language.

The design of fault tolerant software for loosely coupled distributed systems

Requirements for systems to continue to operate satisfactorily in the presence of faults has led to the development of techniques for the construction of fault tolerant software. This thesis addresses the problem of error detection and recovery in distributed systems which consist of a set of communicating sequential processes. A method is presented for the `a priori' design of conversations for this class of distributed system. Petri nets are used to represent the state and to solve state reachability problems for concurrent systems. The dynamic behaviour of the system can be characterised by a state-change table derived from the state reachability tree. Systematic conversation generation is possible by defining a closed boundary on any branch of the state-change table. By relating the state-change table to process attributes it ensures all necessary processes are included in the conversation. The method also ensures properly nested conversations. An implementation of the conversation scheme using the concurrent language occam is proposed. The structure of the conversation is defined using the special features of occam. The proposed implementation gives a structure which is independent of the application and is independent of the number of processes involved. Finally, the integrity of inter-process communications is investigated. The basic communication primitives used in message passing systems are seen to have deficiencies when applied to systems with safety implications. Using a Petri net model a boundary for a time-out mechanism is proposed which will increase the integrity of a system which involves inter-process communications.

The interaction between the implementation of an occupational health and safety management system and safety culture:a case study in the rubber industry

A prominent theme emerging in Occupational Health and Safety (OSH) is the development of management systems. A range of interventions, according to a prescribed route detailed by one of the management systems, can be introduced into an organisation with some expectation of improved OSH performance. This thesis attempts to identify the key influencing factors that may impact upon the process of introducing interventions, (according to B88800: 1996, Guide to Implementing Occupational Health and Safety Management Systems) into an organisation. To help identify these influencing factors a review of possible models from the sphere of Total Quality Management (TQM) was undertaken and the most suitable TQM model selected for development and use in aSH. By anchoring the aSH model's development in the reviewed literature a range ofeare, medium and low level influencing factors were identified. This model was developed in conjunction with the research data generated within the case study organisation (rubber manufacturer) and applied to the organisation. The key finding was that the implementation of an OSH intervention was dependant upon three broad vectors of influence. These are the Incentive to introduce change within an organisation which refers to the drivers or motivators for OSH. Secondly the Ability within the management team to actually implement the changes refers to aspects, amongst others, such as leadership, commitment and perceptions of OSH. Ability is in turn itself influenced by the environment within which change is being introduced. TItis aspect of Receptivity refers to the history of the plant and characteristics of the workforce. Aspects within Receptivity include workforce profile and organisational policies amongst others. It was found that the TQM model selected and developed for an OSH management system intervention did explain the core influencing factors and their impact upon OSH performance. It was found that within the organisation the results that may have been expected from implementation of BS8800:1996 were not realised. The OSH model highlighted that given the organisation's starting point, a poor appreciation of the human factors of OSH, gave little reward for implementation of an OSH management system. In addition it was found that general organisational culture can effectively suffocate any attempts to generate a proactive safety culture.