Changes in the Human Gut Microbiome during Dietary Supplementation with Modified Rice Bran Arabinoxylan Compound

This study investigated the effects of a modified rice bran arabinoxylan compound (RBAC) as a dietary supplement on the gut microbiota of healthy adults. Ten volunteers supplemented their diet with 1 g of RBAC for six weeks and 3 g of RBAC for another six weeks, with a three-week washout period. Faecal samples were collected every 3 weeks over 21 weeks. Microbiota from faecal samples were profiled using 16S rRNA sequencing. Assessment of alpha and beta microbiota diversity was performed using the QIIME2 platform. The results revealed that alpha and beta diversity were not associated with the experimental phase, interventional period, RBAC dosage, or time. However, the statistical significance of the participant was detected in alpha (p < 0.002) and beta (weighted unifrac, p = 0.001) diversity. Explanatory factors, including diet and lifestyle, were significantly associated with alpha (p < 0.05) and beta (p < 0.01) diversity. The individual beta diversity of six participants significantly changed (p < 0.05) during the interventional period. Seven participants showed statistically significant taxonomic changes (ANCOM W ≥ 5). These results classified four participants as responders to RBAC supplementation, with a further two participants as likely responders. In conclusion, the gut microbiome is highly individualised and modulated by RBAC as a dietary supplement, dependent on lifestyle and dietary intake.

Enhanced Modbus/TCP Security Protocol: Authentication and Authorization Functions Supported

The Zero Trust concept is being adopted in information technology (IT) deployments, while human users remain to be the main risk for operational technology (OT) deployments. This article proposes to enhance the new Modbus/TCP Security protocol with authentication and authorization functions that guarantee security against intentional unauthorized access. It aims to comply with the principle of never trusting the person who is accessing the network before carrying out a security check. Two functions are tested and used in order to build an access control method that is based on a username and a password for human users with knowledge of industrial automation control systems (IACS), using simple means, low motivation, and few resources. A man-in-the-middle (MITM) component was added in order to intermediate the client and the server communication and to validate these functions. The proposed scenario was implemented using the Node-RED programming platform. The tests implementing the functions and the access control method through the Node-RED software have proven their potential and their applicability.

Orchestration of autonomous trusted third-party banking

Background

Digital transformation is changing the structure and landscape of future banking needs with much emphasis on value creation. Autonomous banking solutions must incorporate on-the-fly processing for risky transactions to create this value. In an autonomous environment, access control with role and trust delegation has been said to be highly relevant. The aim of this research is to provide an end to end working solution that will enable autonomous transaction and task processing for banking.

Method

We illustrate the use case for task delegation with the aid of risk graphs, risk bands and finite state machines. This paper also highlights a step by step task delegation process using a risk ordering relation methodology that can be embedded into smart contracts.

Results

Task delegation with risk ordering relation is illustrated with six process owners that share immutable ledgers. Task delegation properties using Multi Agent Systems (MAS) is used to eliminate barriers for autonomous transaction processing. Secondly, the application of risk graph and risk ordering relation with reference to delegation of tasks is a novel approach that is nonexistent in RBAC.

Conclusion

The novelty of this study is the logic for task delegation and task policies for autonomous execution on autonomous banking platforms akin to the idea of federated ID (Liberty Alliance).

On automated RBAC assessment by constructing a centralized perspective for microservice mesh

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies.

A Cloud-Ready Architecture for Shared Medical Imaging Repository

Nowadays usage paradigms of medical imaging resources are requesting vendor-neutral archives, accessible through standard interfaces, with multi-repository support. Regional repositories shared by distinct institutions, tele-radiology as a service at cloud, teaching, and research archives are illustrative examples of this new reality. However, traditional production environments have a server archive instance per functional domain where every registered client application has access to all studies. This paper proposes an innovator ownership concept and access control mechanisms that provide a multi-repository environment and integrates well with standard protocols. A secure accounting mechanism for medical imaging repositories was designed and instantiated as an extension of a well-known open-source archive. A new web service layer was implemented to provide a vendor-neutral solution compliant with modern DICOM Web protocols for storage, search, and retrieval of medical imaging data. The concept validation was done through the integration of proposed architecture in an open-source solution. A quantitative assessment was performed for evaluating the impact of the mechanism in the usual DICOM Web operations. This article proposes a secure accounting architecture able to easily convert a standard medical imaging archive server in a multi-repository solution. The proposal validation was done through a set of tests that demonstrated its robustness and usage feasibility in a production environment. The proposed system offers new services, fundamental in a new era of cloud-based operations, with acceptable temporal costs.

Strengthen Electronic Health Records System (EHR-S) Access-Control to Cope with GDPR Explicit Consent

Patient consent is currently a missing piece on Electronic Health Records System (EHR-S) access permission. The control is needed to ensure personal data as the property of the individual, not data controllers or health-care service providers. To cope with this need, in this article, an adaptation of existent Role-Based Access Control (RBAC), including patient-centric control, is described. The revisited feature of existing administrative and supporting RBAC functions allows exclusive control orchestrated by the patient as sole information owner, including the ability to encrypt their data for confidentiality purposes. The additions mimic a Discretionary Access Control (DAC) capability using existing user group membership to vet access over symmetric keys bind to patient's data via the associated PERMS matrix.

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

Shared Medical Imaging Repositories

This article describes the implementation of a solution for the integration of ownership concept and access control over medical imaging resources, making possible the centralization of multiple instances of repositories. The proposed architecture allows the association of permissions to repository resources and delegation of rights to third entities. It includes a programmatic interface for management of proposed services, made available through web services, with the ability to create, read, update and remove all components resulting from the architecture. The resulting work is a role-based access control mechanism that was integrated with Dicoogle Open-Source Project. The solution has several application scenarios like, for instance, collaborative platforms for research and tele-radiology services deployed at Cloud.

A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

Role-based access control through on-demand classification of electronic health record

Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority.