The susceptibility of digital signatures to fraud in the National Electronic Conveyancing System : an analysis

Public key cryptography, and with it,the ability to compute digital signatures, have made it possible for electronic commerce to flourish. It is thus unsurprising that the proposed Australian NECS will also utilise digital signatures in its system so as to provide a fully automated process from the creation of electronic land title instrument to the digital signing, and electronic lodgment of these instruments. This necessitates an analysis of the fraud risks raised by the usage of digital signatures because a compromise of the integrity of digital signatures will lead to a compromise of the Torrens system itself. This article will show that digital signatures may in fact offer greater security against fraud than handwritten signatures; but to achieve this, digital signatures require an infrastructure whereby each component is properly implemented and managed.

Context change archetypes : understanding the impact of context change on business processes

The emergence of Enterprise Resource Planning systems and Business Process Management have led to improvements in the design, implementation, and overall management of business processes. However, the typical focus of these initiatives has been on internal business operations, assuming a defined and stable context in which the processes are designed to operate. Yet, a lack of context-awareness for external change leads to processes and supporting information systems that are unable to react appropriately and timely enough to change. To increase the alignment of processes with environmental change, we propose a conceptual framework that facilitates the identification of context change. Based on a secondary data analysis of published case studies about process adaptation, we exemplify the framework and identify four general archetypes of context-awareness. The framework, in combination with the learning from the case analysis, provides a first understanding of what, where, how, and when processes are subjected to change.

Open standards-based system integration for asset management decision support

Over the last decade, system integration has grown in popularity as it allows organisations to streamline business processes. Traditionally, system integration has been conducted through point-to-point solutions – as a new integration scenario requirement arises, a custom solution is built between the relevant systems. Bus-based solutions are now preferred, whereby all systems communicate via an intermediary system such as an enterprise service bus, using a common data exchange model. This research investigates the use of a common data exchange model based on open standards, specifically MIMOSA OSA-EAI, for asset management system integration. A case study is conducted that involves the integration of processes between a SCADA, maintenance decision support and work management system. A diverse number of software platforms are employed in developing the final solution, all tied together through MIMOSA OSA-EAI-based XML web services. The lessons learned from the exercise are presented throughout the paper.

Managing process model complexity via abstract syntax modifications

As a result of the growing adoption of Business Process Management (BPM) technology different stakeholders need to understand and agree upon the process models that are used to configure BPM systems. However, BPM users have problems dealing with the complexity of such models. Therefore, the challenge is to improve the comprehension of process models. While a substantial amount of literature is devoted to this topic, there is no overview of the various mechanisms that exist to deal with managing complexity in (large) process models. It is thus hard to obtain comparative insight into the degree of support offered for various complexity reducing mechanisms by state-of-the-art languages and tools. This paper focuses on complexity reduction mechanisms that affect the abstract syntax of a process model, i.e. the structure of a process model. These mechanisms are captured as patterns, so that they can be described in their most general form and in a language- and tool-independent manner. The paper concludes with a comparative overview of the degree of support for these patterns offered by state-of-the-art languages and language implementations.

How Novices Model Business Processes

In this paper, we examine the design of business process diagrams in contexts where novice analysts only have basic design tools such as paper and pencils available, and little to no understanding of formalized modeling approaches. Based on a quasi-experimental study with 89 BPM students, we identify five distinct process design archetypes ranging from textual to hybrid, and graphical representation forms. We also examine the quality of the designs and identify which representation formats enable an analyst to articulate business rules, states, events, activities, temporal and geospatial information in a process model. We found that the quality of the process designs decreases with the increased use of graphics and that hybrid designs featuring appropriate text labels and abstract graphical forms are well-suited to describe business processes. Our research has implications for practical process design work in industry as well as for academic curricula on process design.

Pockets of creativity in business processes

Creative processes, for instance, the development of visual effects or computer games, increasingly become part of the agenda of information systems researchers and practitioners. Such processes get their managerial challenges from the fact that they comprise both well-structured, transactional parts and creative parts. The latter can often not be precisely specified in terms of control flow, required resources, and outcome. The processes’ high uncertainty sets boundaries for the application of traditional business process management concepts, such as process automation, process modeling, process performance measurement, and risk management. Organizations must thus exercise caution when it comes to managing creative processes and supporting these with information technology. This, in turn, requires a profound understanding of the concept of creativity in business processes. In response to this, the present paper introduces a framework for conceptualizing creativity within business processes. The conceptual framework describes three types of uncertainty and constraints as well as the interrelationships among these. The study is grounded in the findings from three case studies that were conducted in the film and visual effects industry. Moreover, we provide initial evidence for the framework’s validity beyond this narrow focus. The framework is intended to serve as a sensitizing device that can guide further information systems research on creativity-related phenomena.

Brisbane urban growth model : an integrated infrastructure management framework for Brisbane, Australia

In recent years, local government infrastructure management practices have evolved from conventional land use planning to more wide ranging and integrated urban growth and infrastructure management approaches. The roles and responsibilities of local government are no longer simply to manage daily operational functions of a city and provide basic infrastructure. Local governments are now required to undertake economic planning, manage urban growth; be involved in major infrastructure planning; and even engage in achieving sustainable development objectives. The Brisbane Urban Growth model has proven initially successful to ensure timely and coordinated delivery of urban infrastructure. This model may be the first step for many local governments to move toward an integrated, sustainable and effective infrastructure management.

Efficient querying of large process model repositories

Recent years have seen an increased uptake of business process management technology in industries. This has resulted in organizations trying to manage large collections of business process models. One of the challenges facing these organizations concerns the retrieval of models from large business process model repositories. For example, in some cases new process models may be derived from existing models, thus finding these models and adapting them may be more effective and less error-prone than developing them from scratch. Since process model repositories may be large, query evaluation may be time consuming. Hence, we investigate the use of indexes to speed up this evaluation process. To make our approach more applicable, we consider the semantic similarity between labels. Experiments are conducted to demonstrate that our approach is efficient.

Strengthening and formally verifying privacy in identity management systems

In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.

Building a methodology for context-aware business processes: insights from an exploratory case study

This paper describes the findings derived from an exploratory case study into the business processes at a leading Australian insurance provider. The business processes are frequently subjected to changes and deviations due to contextual events such as weather, financial conditions and others. In this study, we examine how context impacts business processes and how resulting business process changes are enacted. From our analysis, we suggest a methodological framework to guide organisations in the complex challenge of linking changing contextual factors with internal process design.

The key to successful implementation : project management of sustainable infrastructure provision

Delivering infrastructure projects involves many stakeholders. Their responsibilities and authorities vary over the course of the project lifecycle - from establishing the project parameters and performance requirements, to operating and maintaining the completed infrastructure. To ensure the successful delivery of infrastructure projects, it is important for the project management team to identify and manage the stakeholders and their requirements. This chapter discusses the management of stakeholders in delivering infrastructure projects, from their conception to completion. It includes managing the stakeholders for project selection and involving them to improve project constructability, operability and maintainability.

A model for constraint and delegation management

This paper introduces a model to facilitate delegation, including ad-hoc delegation, in cross security domain activities. Specifically, this paper proposes a novel delegation constraint management model to manage and track delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints.

Cultivating Innovation through Social Relationships: A Qualitative Study of Outstanding Australian Innovators in Science, Technology and the Creative Industries

In this chapter, we describe and explore social relationship patterns associated with outstanding innovation. In doing so, we draw upon the findings of 16 in-depth interviews with award-winning Australian innovators from science & technology and the creative industries. The interviews covered topics relating to various influences on individual innovation capacity and career development. We found that for all of the participants, innovation was a highly social process. Although each had been recognised individually for their innovative success, none worked in isolation. The ability to generate innovative outcomes was grounded in certain types of interaction and collaboration. We outline the distinctive features of the social relationships which seem to be important to innovation, and ask which ‘social network capabilities’ might underlie the ability to create an optimal pattern of interpersonal relationships. We discuss the implications of these findings for universities, which we argue play a key role in the development of nascent innovators.