Civic Engagement and Democracy in Post-Suharto Indonesia: a Review of Musrenbang, the Kecamatan Development Programme, and Labour Organising

Drawing attention to the wider literature on the linkages between civic engagement and democracy, this paper starts off by asking the question whether civic engagement beyond formal politics actually serves to strengthen democracy in Indonesia. Noting a contradiction between the literature that proposes that high associational density fosters democracy and recent analysis that highlights that political opportunity structures in Indonesia are unfavourable to popular representation and participation, the paper draws attention to a largely underexplored field within Indonesian democracy studies, namely that of mobilisation and participation by marginalised groups. The paper discusses and analyses strategies for bottom-up mobilisation, specifically the development planning programmes of Musrenbang, the Kecamatan Development Program (KDP), and Indonesian labour organising. The analysis focuses on the democratising aspects of these sectors, arguing that participation and mobilisation lacks the necessary popular foundations as well as organisational capacities that are necessary for participatory institutions to effectively enhance democracy. The paper thereby hints that associational density in and of itself is a poor indicator for democracy, especially in relation to democratic consolidation in new democracies

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

A Tool-based Semantic Framework for Security Requirements Specification

Attaining high quality in security requirements specification requires first-rate professional expertise, which is scarce. In fact, most organisations do not include core security experts in their software team. This scenario motivates the need for adequate tool support for security requirements specification so that the human requirements analyst can be assisted to specify security requirements of acceptable quality with minimum effort. This paper presents a tool-based semantic framework that uses ontology and requirements boilerplates to facilitate the formulation and specification of security requirements. A two-phased evaluation of the semantic framework suggests that it is usable, leads to reduction of effort, aids the quick discovery of hidden security threats, and improves the quality of security requirements

Energistyrings- og kraftforsyningssystem

Denne oppgaven har tatt for seg utviklingen, byggingen og idriftsettelsen av et energistyringssystem (EMS) på en modell av en elektrisk forsyningslinje. I oppgaven ble det lagt vekt på å lage en modell av en moderne forsyningslinje for fartøy, slik at det kunne utvikles og implementeres et EMS for denne. Flere typer forsyninger ble vurdert, men til slutt falt valget på en hybrid DC-fordeling. Av økonomiske grunner var det ikke mulig å lage modellen nøyaktig slik en virkelig fordeling ville blitt bygget, men det ble lagt vekt på å komme prinsippmessig så nært som mulig. Det ble valgt å bruke en spenning på 12 V for DC-fordelingen. Denne spenningen ble valgt fordi det da var mulig å anskaffe delene som trengtes for modellen innenfor prosjektets budsjettramme på 20000Kr. Modellen består av et blybatteri, en kombinert batterilader/sinusinverter, en DC/DC-omformer, nødvendige kabler, samt komponenter som er nødvendige for målinger, beregninger og modellens el-sikkerhet. Det er i tillegg anskaffet et aggregat som kan brukes som spenningsforsyning. Modellen kan forsyne forbrukere som trenger 12 VDC, 24 VDC og 230 VAC. Et EMS-program ble programmert på en WAGO PLS. Dette programmet tar inn måleverdier fra sensorer på modellen, omformer og skalerer disse og presenterer resultatene i et skjermbilde som vises på en tilkoblet datamaskin. I dette skjermbildet kan man lett se hvordan energiflyten i modellen er. Man får oppgitt hvilke effekter som går i de forskjellige kablene, hvor mange wattimer som er på batteriet og estimater over hvor lenge modellen kan være operativ ved nåværende og fastsatte belastninger før den trenger å lades. Å måle energimengden i batteriet har vært en utfordring. Det har blitt gjennomført flere utladningstester og ved å bruke resultatene fra disse har det vært mulig å programmere en batteriestimator som, ved å måle strøm og spenning, gir ganske nøyaktige verdier for gjenværende driftstider. Modellen og programvaren viser at det er prinsipielt mulig å lage et energistyringssystem som kan måle energiflyter i en elektrisk fordeling og beregne gjenværende batteridriftstid. Dette anses som høy måloppnåelse med tanke på første del av oppgaveteksten. Etter å ha sett modellen og energistyringssystemet i drift er det vår mening at dersom Forsvaret en gang skal gå til anskaffelse av autonome fartøy vil man være godt tjent med å ha et EMS ombord. Et slikt system vil kunne gi informasjon som har direkte innvirkning på hvordan fartøyet kan operere. For bemannede fartøy vil det også kunne gi større handlingsrom fordi man kan frigjøre ressurser til å løse andre oppgaver enn å overvåke og estimere driftstider manuelt

An Emergent Space for Distributed Data with Hidden Internal Order through Manifold Learning

Manifold-learning techniques are routinely used in mining complex spatiotemporal data to extract useful, parsimonious data representations/parametrizations; these are, in turn, useful in nonlinear model identification tasks. We focus here on the case of time series data that can ultimately be modelled as a spatially distributed system (e.g. a partial differential equation, PDE), but where we do not know the space in which this PDE should be formulated. Hence, even the spatial coordinates for the distributed system themselves need to be identified - to emerge from - the data mining process. We will first validate this emergent space reconstruction for time series sampled without space labels in known PDEs; this brings up the issue of observability of physical space from temporal observation data, and the transition from spatially resolved to lumped (order-parameter-based) representations by tuning the scale of the data mining kernels. We will then present actual emergent space discovery illustrations. Our illustrative examples include chimera states (states of coexisting coherent and incoherent dynamics), and chaotic as well as quasiperiodic spatiotemporal dynamics, arising in partial differential equations and/or in heterogeneous networks. We also discuss how data-driven spatial coordinates can be extracted in ways invariant to the nature of the measuring instrument. Such gauge-invariant data mining can go beyond the fusion of heterogeneous observations of the same system, to the possible matching of apparently different systems

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR

Identifying Implicit Vulnerabilities through Personas as Goal Models

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems