Modelling a Secure, Mobile, and Transactional System with CO-OPN

Modelling complex concurrent systems is often difficult and error-prone, in particular when new concepts coming from advanced practical applications are considered. These new application domains include dynamicity, mobility, security, and localization dependent computing. In order to fully model and prototype such systems we propose to use several concepts introduced in our specification language CO-OPN, like context, dynamicity, mobility, subtyping and inheritance. CO-OPN (Concurrent Object Oriented Petri Net) is a formal specification language for modelling distributed systems; it is based on coordinated algebraic Petri nets. This paper focuses on the use of several basic mechanisms of CO-OPN for modelling mobile systems and the generation of corresponding Java code. A significant example of distributors accessible through mobile devices (for example, PDA with Bluetooth) is fully modelled and implemented with our technique

Testing of transactional services in NoSQL key-value databases

Transactional services guarantee the consistency of shared data during the concurrent execution of multiple applications. They have been used in various domains ranging from classical databases through to service-oriented computing systems to NoSQL databases and cloud. Though transactional services aim to ensure data consistency, NoSQL databases prioritize efficiency/availability over data consistency. In order to address these issues various transaction models and protocols have been proposed in the literature. However, testing of transactions in NoSQL database has not been addressed. In this paper, we investigate into the testing of transactional services in NoSQL databases in order to test and analyse the data consistency by taking into account the characteristics of NoSQL databases such as efficiency, velocity, etc. Accordingly, we develop a framework for testing transactional services in NoSQL databases. The novelty and contributions are that we develop a context-aware transactional model that takes into account contextual requirements of NoSQL clients and the system level setting in relation to the data consistency. This can assist NoSQL application developers in choosing between transactional and non-transactional services based on their requirements of the level of data consistency. The framework also provides ways to analyse the impact of the big data requirements and characteristics (e.g., velocity, efficiency) on the data consistency of NoSQL databases. The evaluation and testing are carried out using a widely used NoSQL key/value database, Riak, and a real (open) and big data from the Council of London for public transportation of the London bus services

Nursing Competence in Norwegian Municipal in-patient Acute Care Professional Accountability, Environment, and Leadership

Background: Changes from the introduction of the Coordination Reform in Norway have induced an increase in the need for highly qualified nursing staff in the primary health care service. Among the most important initiatives of the Coordination Reform in Norway is the municipal in-patient acute care (MipAC) service. All municipalities must provide in-patient acute care for patients requiring 24-hour care or observation. The MipAC is expected to deliver safe quality care and may entail many patient and societal benefits. However, the service establishment and organisation differ per municipality, putting the service quality into question. Older and vulnerable patients constitute the largest group of patients under the MipAC service. Even though the benefits of well-educated and competent nursing staff to care for vulnerable older people are broadly recognised, the requirements for nursing competence are sparsely defined in governmental documents, and knowledge of nursing competence in the services is lacking. Aim: This study explores and describes aspects of nursing competence in the MipAC service. It answers the following question: What is the necessary nursing competence in MipAC, and how is it facilitated, maintained, and enhanced?acceptedVersio

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

Workplace connectivity : A study of its impact on self-assessed productivity.

Previous researchers have had difficulty in defining what constitutes office productivity, especially in 'knowledge' environments rather than 'processing' environments. The main body of published research that attempts to address the link largely addresses the physical environment. It falls into two main categories, those of office layout and office comfort. It must be noted that much of the physical environment literature lacks any theoretical framework. This study developed a validated theoretical framework for the evaluation of office productivity, and included components to represent both the physical and the behavioural environment. It is proposed that by adopting such an approach, insights into the dynamic nature, or connectivity, of office environments can be established. The main objective of this thesis was to investigate the effects of the office environment on its occupant's perceived productivity. The study's strength is that it is based on two sizable data sets. Whilst the data collected contain data about the physical characteristics of the office environment, it had in addition data pertaining to the behavioural environment. The categorical data collected provided a unique opportunity to undertake an analysis of office occupiers by work process type. One of the key contributions of this study was the development of the components of office productivity, which were: comfort, office layout, informal interaction points, environmental services, designated areas, interaction and distraction. The components were reduced to four in preparation for a more detailed statistical analysis. The four distinct components were comfort, office layout, interaction and distraction. This study establishes that it is the behavioural environment that has the greatest impact on office productivity. It demonstrates that it is the dynamic elements of the office environment, interaction and distraction that are perceived as having the bigger positive and negative influences on self assessed productivity and explains the finding in a model in which knowledge creation and knowledge transfer, and ultimately productivity, are enabled through various forms of communication.Managers responsible for office environments can use the techniques, and the analysis procedures, to assist in evaluating and identifying productive office environments. The positive results can be just as important to the manager as the negative, as they give an indication as to areas in the office environment that are working correctly. A comparative approach between offices can allow best practice solutions to be transferred from one office to another

The impact of customer satisfaction on purchase intention in Malaysian takaful industry

To date the study of customer satisfaction and purchase intention have dominated the services literature. This study is aimed to investigate the impact of customer satisfaction on purchase intention among Takaful participants in Malaysia. A self-administered questionnaire is distributed to eight Takaful companies in Malaysia as a study setting for this study. Out of the total 600 distributed questionnaires 390 were finally selected for data analyses. It is expected that findings from this study will contribute to the existing literature to both theoretical and managerial approaches in order to better understand the pattern of customer satisfaction and purchase intention in Takaful industry settings