Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.

Continuous biometric authentication : can it be more practical?

Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in real world applications and continuous authentication scenarios. One of the main issues is that the presented CBAS are based on several samples of training data either of both intruder and valid users or only the valid users' profile. This means that historical profiles for either the legitimate users or possible attackers should be available or collected before prediction time. However, in some cases it is impractical to gain the biometric data of the user in advance (before detection time). Another issue is the variability of the behaviour of the user between the registered profile obtained during enrollment, and the profile from the testing phase. The aim of this paper is to identify the limitations in current CBAS in order to make them more practical for real world applications. Also, the paper discusses a new application for CBAS not requiring any training data either from intruders or from valid users.

Application of reinforcement learning in an open railway access market price negotiation

In an open railway access market price negotiation, it is feasible to achieve higher cost recovery by applying the principles of price discrimination. The price negotiation can be modeled as an optimization problem of revenue intake. In this paper, we present the pricing negotiation based on reinforcement learning model. A negotiated-price setting technique based on agent learning is introduced, and the feasible applications of the proposed method for open railway access market simulation are discussed.

Automatic generation of assertions to detect potential security vulnerabilities in C programs that use union and pointer types

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

How HCI design influences web security decisions

Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.

Climate variability and hemorrhagic fever with renal syndrome transmission in northeastern China

Background: The transmission of hemorrhagic fever with renal syndrome (HFRS) is influenced by climatic variables. However, few studies have examined the quantitative relationship between climate variation and HFRS transmission. ---------- Objective: We examined the potential impact of climate variability on HFRS transmission and developed climate-based forecasting models for HFRS in northeastern China. ---------- Methods: We obtained data on monthly counts of reported HFRS cases in Elunchun and Molidawahaner counties for 1997–2007 from the Inner Mongolia Center for Disease Control and Prevention and climate data from the Chinese Bureau of Meteorology. Cross-correlations assessed crude associations between climate variables, including rainfall, land surface temperature (LST), relative humidity (RH), and the multivariate El Niño Southern Oscillation (ENSO) index (MEI) and monthly HFRS cases over a range of lags. We used time-series Poisson regression models to examine the independent contribution of climatic variables to HFRS transmission. ----------- Results: Cross-correlation analyses showed that rainfall, LST, RH, and MEI were significantly associated with monthly HFRS cases with lags of 3–5 months in both study areas. The results of Poisson regression indicated that after controlling for the autocorrelation, seasonality, and long-term trend, rainfall, LST, RH, and MEI with lags of 3–5 months were associated with HFRS in both study areas. The final model had good accuracy in forecasting the occurrence of HFRS. ---------- Conclusions: Climate variability plays a significant role in HFRS transmission in northeastern China. The model developed in this study has implications for HFRS control and prevention.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.

How automated speed enforcement may reduce travel time variability and result in travel time savings : the case study of the loop 101 speed enforcement program in Scottsdale, Arizona

The city of Scottsdale Arizona implemented the first fixed photo Speed Enforcement camera demonstration Program (SEP) on a US freeway in 2006. A comprehensive before-and-after analysis of the impact of the SEP on safety revealed significant reductions in crash frequency and severity, which indicates that the SEP is a promising countermeasure for improving safety. However, there is often a trade off between safety and mobility when safety investments are considered. As a result, identifying safety countermeasures that both improve safety and reduce Travel Time Variability (TTV) is a desirable goal for traffic safety engineers. This paper reports on the analysis of the mobility impacts of the SEP by simulating the traffic network with and without the SEP, calibrated to real world conditions. The simulation results show that the SEP decreased the TTV: the risk of unreliable travel was at least 23% higher in the ‘without SEP’ scenario than in the ‘with SEP’ scenario. In addition, the total Travel Time Savings (TTS) from the SEP was estimated to be at least ‘569 vehicle-hours/year.’ Consequently, the SEP is an efficient countermeasure not only for reducing crashes but also for improving mobility through TTS and reduced TTV.

A DRD2 polymorphism predicts PANSS score variability in schizophrenia patients treated with antipsychotics

Antipsychotic medications act as either antagonists or partial agonists of the dopamine D2 receptor (DRD2) and antipsychotic drugs vary widely in their binding affinity for the D2 receptor (Kapur and Seeman, 2000). The DRD2 957CNT (rs6277) polymorphism has previously been associated with schizophrenia (Lawford et al., 2005) and the T-allele of the 957CNT polymorphism is associated with reduced mRNA stability and synthesis of the dopamine D2 receptor (Duan et al., 2003). The aim of the study was to determine if the rs6277 polymorphism predicts some of the variability of positive and negative symptoms observed in schizophrenia patients being treated with antipsychotic medication.

Variability of input parameters related to pollutants build-up in stormwater quality modelling

The variability of input parameters is the most important source of overall model uncertainty. Therefore, an in-depth understanding of the variability is essential for uncertainty analysis of stormwater quality model outputs. This paper presents the outcomes of a research study which investigated the variability of pollutants build-up characteristics on road surfaces in residential, commercial and industrial land uses. It was found that build-up characteristics vary highly even within the same land use. Additionally, industrial land use showed relatively higher variability of maximum build-up, build-up rate and particle size distribution, whilst the commercial land use displayed a relatively higher variability of pollutant-solid ratio. Among the various build-up parameters analysed, D50 (volume-median-diameter) displayed the relatively highest variability for all three land uses.