One tune, three dances : using a traumatic stress framework to understand trauma survivors as networked news sources

Newman and Nelson (2012) describe three ‘dances’ to explain the vacillating psychological states of trauma survivors: the dance of approach and avoidance; the dance of fragmentation and integration; and the dance of resilience and vulnerability. The first pair of seemingly opposite responses describes how survivors at times cope by ‘approaching’ the trauma, for example by gathering information about what happened; whilst at other times, the same person will cope by ‘avoiding’ the trauma by engaging in activities which distract them from the memory of the trauma or having to deal with the consequences of it. The ‘dance’ of fragmentation and integration describes the opposing individual or group experiences encountered after traumas or disasters. Individuals may experience fragmentation, or emotional disconnection, from the trauma as an adaptive means of survival. The ‘dance’ of resilience and vulnerability refers to an individual’s ability to ‘process’ trauma and return to a resilient state in which they re-learn to trust people and the world around them and ‘bounce back’ to a state of being resilient again. This paper will illustrate how an understanding of the three dances can be used to enable survivors of child sexual assault to engage with the media to tell their stories. I will give current examples from six months of journalism research, collaboration and writing of a series of news stories and features which broke an exclusive story simultaneously in The Australian and The Times in London during 2013.

A framework for conceptualising traffic safety culture

Traffic safety culture is a relatively new concept which has recently gained attention in the field of traffic safety. There is currently little known regarding the nature of the concept, nor how it should be defined. Preliminary definitions have tended to focus on specific road safety problems and the anticipated effect of a strong traffic safety culture. The literature to date has tended to emphasise how traffic safety culture might be created or shaped. However, without a better understanding of the nature and structure of traffic safety culture, discussions regarding changes to traffic safety culture are restricted. An examination of different conceptualisations and definitions of organisational safety culture provides a preliminary theoretical framework for traffic safety culture. Two high risk driving behaviours within the Australian context are compared to illustrate how key factors within this framework can be used to understand and improve road safety outcomes.

Establishing a framework for transforming student engagement, success and retention in higher education institutions [Final Report]

The perennial issues of student engagement, success and retention (SESR) in higher education continue to attract attention as key indicators of learning and teaching quality. This project aimed to establish and provide a holistic framework that would allow higher education institutions (HEIs) manage and improve their student engagement and retention strategies and programs. The framework and main project deliverable is a Maturity Model (MM) for Student Engagement, Success and Retention (SESR-MM). The project involved three Australian universities with experience and reputations in SESR activities: Queensland University of Technology (lead institution), the University of Queensland and Griffith University, working cooperatively to develop and trial the project deliverables. Project findings suggest that the SESR-MM has the potential to positively transform the holistic—academic, social and personal—engagement experiences of students in Australian universities, and that the SESR-MM is a useful mechanism for sharing good practice and improving programs designed to enhance the student experience.

A sequential Monte Carlo framework for adaptive Bayesian model discrimination designs using mutual information

In this paper we present a unified sequential Monte Carlo (SMC) framework for performing sequential experimental design for discriminating between a set of models. The model discrimination utility that we advocate is fully Bayesian and based upon the mutual information. SMC provides a convenient way to estimate the mutual information. Our experience suggests that the approach works well on either a set of discrete or continuous models and outperforms other model discrimination approaches.

The professional identity of child care practitioners : self-authorship as a theoretical framework

This research contributes new understandings about the development of the professional identity of child care practitioners and how professional identity changes during the transition from student to practitioner. Self-authorship theory was used as the framework to investigate the development of professional identity through exploration of beliefs about practice, sense of self, and capabilities for collaborative engagement. Students recruited for this research were completing their qualifications to work with young children in child care settings. Data from initial and follow-up interviews were analysed to understand change over time in professional identity. Findings indicated a need for training institutions and workplaces to move beyond competency-based training approaches to include more critically reflective learning opportunities. Such a focus on critical reflection has implications for improving the skills, status, and recognition of child care practitioners as educators.

Security metrics for Java bytecode programs

Although there are many approaches for developing secure programs, they are not necessarily helpful for evaluating the security of a pre-existing program. Software metrics promise an easy way of comparing the relative security of two programs or assessing the security impact of modifications to an existing one. Most studies in this area focus on high level source code but this approach fails to take compiler-specific code generation into account. In this work we describe a set of object-oriented Java bytecode security metrics which are capable of assessing the security of a compiled program from the point of view of potential information flow. These metrics can be used to compare the security of programs or assess the effect of program modifications on security using a tool which we have developed to automatically measure the security of a given Java bytecode program in terms of the accessibility of distinguished ‘classified’ attributes.

HPAKE : Password authentication secure against cross-site user impersonation

We propose a new kind of asymmetric mutual authentication from passwords with stronger privacy against malicious servers, lest they be tempted to engage in “cross-site user impersonation” to each other. It enables a person to authenticate (with) arbitrarily many independent servers, over adversarial channels, using a memorable and reusable single short password. Beside the usual PAKE security guarantees, our framework goes to lengths to secure the password against brute-force cracking from privileged server information.

New paradigms for password security

For the past several decades, cryptographers have consistently provided us with stronger and more capable primitives and protocols that have found many applications in security systems in everyday life. One of the central tenets of cryptographic design is that, whereas a system’s architecture ought to be public and open to scrutiny, the keys on which it depends — long, utterly random, unique strings of bits — will be perfectly preserved by their owner, and yet nominally inaccessible to foes.

Generalized IBE in the exponent-inversion framework

The purpose of this chapter is to provide an abstraction for the class of Exponent-Inversion IBE exemplified by the [Bscr ][Bscr ]2 and [Sscr ][Kscr ] schemes, and, on the basis of that abstraction, to show that those schemes do support interesting and useful extensions such as HIBE and ABE. Our results narrow, if not entirely close, the “flexibility gap” between the Exponent-Inversion and Commutative-Blinding IBE concepts.

Framework of whole life cycle costing for Malaysian high rise residential property development

This project was an initial stage in formulating and management of the optimum budget allocation during the operational, maintenance and rehabilitation phases in high rise residential property development in Malaysia. The principal objective of this project is to develop a framework of Whole Life Cycle Costing for high rise residential property development that will enhance the quality and cost effectiveness of this building type in Malaysia. The researcher investigated 13 building components from 6 high rise residential property developments in Johor, Malaysia to determine the affect and economic impact of component initial cost and quality by applying them to a Whole Life Cycle Cost model approach. The results provide valuable data in respect to the overall cost of specific components over the whole life of a large high rise building. In addition, Dr. Mat Noor also determined the impact and satisfaction of quality of building components through WLCC.

Cyber security of networked critical infrastructures [Guest Editorial]

A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.

Does counting still count? Revisiting the security of counting based user authentication protocols against statistical attacks

At NDSS 2012, Yan et al. analyzed the security of several challenge-response type user authentication protocols against passive observers, and proposed a generic counting based statistical attack to recover the secret of some counting based protocols given a number of observed authentication sessions. Roughly speaking, the attack is based on the fact that secret (pass) objects appear in challenges with a different probability from non-secret (decoy) objects when the responses are taken into account. Although they mentioned that a protocol susceptible to this attack should minimize this difference, they did not give details as to how this can be achieved barring a few suggestions. In this paper, we attempt to fill this gap by generalizing the attack with a much more comprehensive theoretical analysis. Our treatment is more quantitative which enables us to describe a method to theoretically estimate a lower bound on the number of sessions a protocol can be safely used against the attack. Our results include 1) two proposed fixes to make counting protocols practically safe against the attack at the cost of usability, 2) the observation that the attack can be used on non-counting based protocols too as long as challenge generation is contrived, 3) and two main design principles for user authentication protocols which can be considered as extensions of the principles from Yan et al. This detailed theoretical treatment can be used as a guideline during the design of counting based protocols to determine their susceptibility to this attack. The Foxtail protocol, one of the protocols analyzed by Yan et al., is used as a representative to illustrate our theoretical and experimental results.

Security evaluation of Rakaposhi Stream Cipher

Rakaposhi is a synchronous stream cipher, which uses three main components: a non-linear feedback shift register (NLFSR), a dynamic linear feedback shift register (DLFSR) and a non-linear filtering function (NLF). NLFSR consists of 128 bits and is initialised by the secret key K. DLFSR holds 192 bits and is initialised by an initial vector (IV). NLF takes 8-bit inputs and returns a single output bit. The work identifies weaknesses and properties of the cipher. The main observation is that the initialisation procedure has the so-called sliding property. The property can be used to launch distinguishing and key recovery attacks. The distinguisher needs four observations of the related (K,IV) pairs. The key recovery algorithm allows to discover the secret key K after observing 29 pairs of (K,IV). Based on the proposed related-key attack, the number of related (K,IV) pairs is 2(128 + 192)/4 pairs. Further the cipher is studied when the registers enter short cycles. When NLFSR is set to all ones, then the cipher degenerates to a linear feedback shift register with a non-linear filter. Consequently, the initial state (and Secret Key and IV) can be recovered with complexity 263.87. If DLFSR is set to all zeros, then NLF reduces to a low non-linearity filter function. As the result, the cipher is insecure allowing the adversary to distinguish it from a random cipher after 217 observations of keystream bits. There is also the key recovery algorithm that allows to find the secret key with complexity 2 54.

Active security in multiparty computation over black-box groups

Most previous work on unconditionally secure multiparty computation has focused on computing over a finite field (or ring). Multiparty computation over other algebraic structures has not received much attention, but is an interesting topic whose study may provide new and improved tools for certain applications. At CRYPTO 2007, Desmedt et al introduced a construction for a passive-secure multiparty multiplication protocol for black-box groups, reducing it to a certain graph coloring problem, leaving as an open problem to achieve security against active attacks. We present the first n-party protocol for unconditionally secure multiparty computation over a black-box group which is secure under an active attack model, tolerating any adversary structure Δ satisfying the Q 3 property (in which no union of three subsets from Δ covers the whole player set), which is known to be necessary for achieving security in the active setting. Our protocol uses Maurer’s Verifiable Secret Sharing (VSS) but preserves the essential simplicity of the graph-based approach of Desmedt et al, which avoids each shareholder having to rerun the full VSS protocol after each local computation. A corollary of our result is a new active-secure protocol for general multiparty computation of an arbitrary Boolean circuit.