In-situ, real time gas composition measurements for SOFC's using laser spectroscopy

The use of standard gas composition measurement techniques, such as gas chromatography, in large scale solid oxide fuel cells (SOFC's) operating at high temperatures can be both complex and time consuming. One of the main constraints is the necessity to condense out the water vapour present in the gas streams prior to measurement in the Gas Chromatograph (GC). True gas compositions can only be extracted through back-calculation, with each measurement taking in the order of minutes, and a number of measurement points needed to make the final measurement. For system status monitoring such a time delay between condition changes and measurement is a serious disadvantage. One of the main concerns for systems running on natural gas is the risk of methane slippage through the internal reformer, which increases the risk of carbon formation on the SOFC anode, invariably leading to irreversible loss of performance. It is therefore highly advantageous to measure gas stream compositions within the SOFC system in real time, enabling a rapid response to composition deviation outside of acceptable limits. Gas chromatography can never be made to work as a real-time system status monitoring product solution. A suitable, in-situ, solution for measurement is tuneable diode laser spectroscopy, TDLS. Using this technique it is possible to measure both the gas concentration and system pressure simultaneously for a number of different species, without condensing out the water vapour: reducing analysis time considerably and reducing errors associated with back calculation. In this paper, data taken on an operational fuel cell system is presented for methane, and a comparison with results obtained using a GC is made

An analysis of security issues in building automation systems

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in BAS, however defining the threats against BAS, and detection of these threats is an area that is particularly lacking. This paper presents an overview of the current security measures in BAS, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism. Future research aims to further evaluate and improve the detection systems used in BAS through first defining the threats and then applying and evaluating machine learning algorithms for traffic classification and IDS profiling capable of operating on resource constrained BAS

Using process modelling to capture requirements for a digital library

This paper describes the results of an action research study which explored how IT professionals used process modelling to capture requirements and design artefacts concerning a digital library system. The intention was to produce a web-based, non-relational (XML) database system to store publications of various types and to allow public domain access to the system. Traditionally, such systems are constructed with a data-oriented design, with little attention being paid to process concerns. In this study, process, described by business rules, was defined first which provides advantages as many business systems (including library systems) are often process-oriented. The team involved in this study modelled a reasonably complex system, articulating 168 business rules across 18 major functions covering many aspects of the operation of a digital library system. The team was able to produce a usable requirements specification that was used as the major input into the design phase of the system being developed. The design phase considered both process and network perspectives explicitly before modelling a data-oriented view of the proposed system. It is argued that this multi-perspective view led to a better-designed system than would have been obtained with a single perspective method. An issue for this study was that third year software engineering students were used in place of professional software developers. Using students instead of practitioners raises an interesting question concerning the authenticity of this study vis-a-vis action research. The fundamental question being tested in study was to ascertain whether a process modelling method could be used to model the domain of digital libraries i.e. does it contain a necessary set of constructs to satisfactorily model the problem domain? It was considered that the environment of student projects in a university with regular supervisory oversight offered advantages for the monitoring of this question more so than the alternative. As regards the authenticity, this study was a real project for a real client

Cloud security: A case study in telemedicine

Security as part of requirements engineering is now seen as an essential part of systems development in several modern methodologies. Unfortunately, medical systems are one domain where security is seen as an impediment to patient care and not as an essential part of a system. Cloud computing may offer a seamless way to allow medical data to be transferred from patient to medical practitioners, whilst maintaining security requirements. This paper uses a case study to investigate the use of cloud computing in a mobile application for Parkinson Disease. It was found that functionality took precedence over security requirements and standards

Cloud security: A case study in telemedicine

Security as part of requirements engineering is now seen as an essential part of systems development in several modern methodologies. Unfortunately, medical systems are one domain where security is seen as an impediment to patient care and not as an essential part of a system. Cloud computing may offer a seamless way to allow medical data to be transferred from patient to medical practitioners, whilst maintaining security requirements. This paper uses a case study to investigate the use of cloud computing in a mobile application for Parkinson Disease. It was found that functionality took precedence over security requirements and standards

Security aspects of sensor-based defence systems

The Australian Defence Force (ADF) has IMAP and JMAP to perform planning prior to the deployment of forces, but there is a knowledge gap for on-ground forces during the execution of an operation. Multi-agent based sensor systems can provide on-ground forces with a significant amount of real-time information that can be used to modify planning due to changed conditions. The issue with such sensor systems is the degree to which they are vulnerable to attack by opposing forces. This paper explores the types of attack that could be successful and proposes defences that could be put in place to circumvent or minimise the effect of an attack

Modelling misuse cases as a means of capturing security requirements

Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL

Threat Modelling with Stride and UML

Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more effective threat model

Cloud Security meets Telemedicine

Medical systems are potentially one domain where security is seen as an impediment to patient care and not as an essential part of a system. This is an issue for safety-critical systems where reliability and trust are essential for successful operation. Cloud computing services offer a seamless means to allow medical data to be transferred from patient to medical specialist, whilst maintaining security requirements. This paper uses a case study to investigate the use of cloud computing in a mobile application to assist with diagnostics for patients with Parkinson Disease. It was found that the developers of the app ignored security requirements and standards, preferring to focus on functionality