RESUMO
The interaction among plants, insects, and microbes (PIM) is a determinant factor for the assembly and functioning of natural and anthropic ecosystems. In agroecosystems, the relationships among PIM are based on the interacting taxa, environmental conditions, and agricultural management, including genetically modified (GM) organisms. Although evidence for the unintended effects of GM plants on non-target insects is increasingly robust, our knowledge remains limited regarding their impact on gut microbes and their repercussions on the host's ecology, especially in the wild. In this study, we compared the gut microbial community of Dysdercus concinnus bugs collected on wild cotton (Gossypium hirsutum), with and without insecticidal transgenes (cry1ab/ac), in its center of origin and diversity. By sequencing the V4-V5 region of 16S rRNA, we show differences in the diversity, structure, and topology of D. concinnus gut microbial interactions between specimens foraging cotton plants with and without transgenes. Identifying unintended residual effects of genetic engineering in natural ecosystems will provide first-line knowledge for informed decision-making to manage genetic, ecological, and evolutionary resources. Thus, determining which organisms interact with GM plants and how is the first step toward conserving natural ecosystems with evidence of transgenic introgression.
RESUMO
The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, such as the cloud, road infrastructure, other vehicles, pedestrians, and smart grids, using either cellular or wireless networks. This vehicle data are distributed, private, and vulnerable, which can compromise the safety and security of vehicles and their passengers. It is therefore necessary to design an access control mechanism around the vehicle data's unique attributes and distributed nature. Since connected vehicles operate in a highly dynamic environment, it is important to consider context information such as location, time, and frequency when designing a fine-grained access control mechanism. This leads to our research question: How can Attribute-Based Access Control (ABAC) fulfill connected vehicle requirements of Signal Access Control (SAC), Time-Based Access Control (TBAC), Location-Based Access Control (LBAC), and Frequency-Based Access Control (FBAC)? To address the issue, we propose a data flow model based on Attribute-Based Access Control (ABAC) called eXtensible Access Control Markup Language for Mobility (XACML4M). XACML4M adds additional components to the standard eXtensible Access Control Markup Language (XACML) to satisfy the identified requirements of SAC, TBAC, LBAC, and FBAC in connected vehicles. Specifically, these are: Vehicle Data Environment (VDE) integrated with Policy Enforcement Point (PEP), Time Extensions, GeoLocation Provider, Polling Frequency Provider, and Access Log Service. We implement a prototype based on these four requirements on a Raspberry Pi 4 and present a proof-of-concept for a real-world use case. We then perform a functional evaluation based on the authorization policies to validate the XACML4M data flow model. Finally, we conclude that our proposed XACML4M data flow model can fulfill all four of our identified requirements for connected vehicles.
RESUMO
Hyperledger Fabric (HLF) is an open-source platform for deploying enterprise-level permissioned blockchains where users from multiple organizations can participate. Preventing unauthorized access to resources in such blockchains is of critical importance. Towards addressing this requirement, HLF supports different access control models. However, support for Attribute-Based Access Control (ABAC) in the current version of HLF is not comprehensive enough to address various requirements that arise when multiple organizations interact in an enterprise setting. To address those shortcomings, in this paper, we develop and present methods for providing full ABAC functionality in Hyperledger Fabric. Performance evaluation under different network configurations using the Hyperledger Caliper benchmarking tool shows that the proposed approach is quite efficient in practice.
RESUMO
Access control policies are dynamic in nature, and therefore require frequent updates to synchronize with the latest organizational security requirements. As these updates are handled, it is important that all user access requests be answered contemporaneously and correctly without any interruption or delay. In this paper, considering the context of Attribute Based Access Control (ABAC), we propose an approach that is capable of immediately materializing any update to the policy and ensuring that it is taken into account for any subsequent access requests. One possibility is to update the policy based on the incoming changes through ABAC policy mining techniques. However, it turns out that no existing mining approach can offer correct enforcement of policies when access requests are entertained during the updates. We provide a formal proof for this surprising result and then propose an approach called δwOP that does not suffer from this problem. Essentially, δwOP keeps track of the needed information from updates and uses this in conjunction with the existing ABAC policy rules to make access decisions. We present the complexity analysis as well as a comprehensive experimental evaluation to demonstrate the efficacy of the proposed approach for different types of changes.
RESUMO
In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy requires a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. In this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to assist system administrators in creating new ABAC policies as well as augmenting existing policies. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, new rules are inferred based on the knowledge gathered from the existing rules. A detailed experimental evaluation shows that the proposed approach is both efficient and effective.
RESUMO
With the large-scale planting of genetically modified (GM) crops, consumers were more aware of biosafety. Onsite rapid diagnostic methods were advantageous to the regulation of GM products. In this study, a rapid, sensitive and portable detection method based on recombinase polymerase amplification were proposed based on RPA reaction and Cas12a cleavage reaction for GM ingredients, named RPA-Cas12a-GM. The results would be displayed by fluorescence signal (FS) and visual bands of lateral flow strip (LFS). RPA-Cas12a-GM method could be completed within 45 min, and the detection limit was as low as 45 copies/µL of the standard plasmid containing CP4-EPSPS gene and Cry1Ab/Ac gene. Furthermore, the detection coincidence rate of RPA-Cas12a-GM method was 100%. In conclusion, the proposed RPA-Cas12a-GM method based FS and LFS were sensitive, specific, rapid and visible for diagnosis of CP4-EPSPS gene and Cry1Ab/Ac gene without complex equipment, which provides technical support for the regulation of GM products in the field.
RESUMO
Memory updating is an adaptive function that requires people's registry of changes of episodes. However, the research on the role of prior knowledge on memory updating among older adults is scant. We instructed young and older adults to learn two sets of pairs with overlapping scene (A) on Day 1 (A-B) and Day 2 (A-C) and tested the competing memories on Day 3. We further manipulated the schema-congruency between item (B/C) and scene (A). Young adults performed comparatively well in the A-B and A-C memory tests, and showed no difference under different congruency conditions. However, memory updating among older adults was moderated by prior knowledge, with better memory performance in A-C test relative to A-B test when the to-be-updated item C was schema-congruent, however, with poorer memory performance in the A-C test when the to-be-updated item is schema-incongruent. This study advances the understanding that prior knowledge significantly contributes to memory updating among older adults. They would experience retroactive interference when the to-be-updated memories were consistent with their prior knowledge, yet proactive interference when the to-be-updated memories were inconsistent with their prior knowledge. Meanwhile, prior knowledge among young adults does not affect memory updating, given that their memory patterns are consistent across congruency conditions.
Assuntos
Memória Episódica , Adulto Jovem , Humanos , Idoso , Envelhecimento , Conhecimento , Aprendizagem , Transtornos da Memória , Rememoração MentalRESUMO
Recent emergencies, such as the COVID-19 pandemic have shown how timely information sharing is essential to promptly and effectively react to emergencies. Internet of Things has magnified the possibility of acquiring information from different sensors and using it for emergency management and response. However, it has also amplified the potential of information misuse and unauthorized access to information by untrusted users. Therefore, this paper proposes an access control framework tailored to MQTT-based IoT ecosystems. By leveraging Complex Event Processing, we can enforce controlled and timely data sharing in emergency and ordinary situations. The system has been tested with a case study that targets patient monitoring during the COVID-19 pandemic, showing promising results.
RESUMO
Linux has built-in security features based on discretionary access control that can be enhanced using the Linux Security Module (LSM) framework. However, so far there has been no reported work on strengthening Linux with Attribute-Based Access Control (ABAC), which is gaining in popularity in recent years due to its flexibility and dynamic nature. In this paper, a method for enabling ABAC for Linux file system objects using LSM is proposed. We report initial experimental results and also share our public repository links for integrating ABAC in any Linux installation.
RESUMO
Effective utilization of human capital is one of the key requirements for any successful business endeavor, with reorganization necessary if there are nonproductive employees or employees that are retiring. However, while reorganizing tasks for newer employees, it should be ensured that the employees have the requisite capabilities of handling the assigned tasks. Furthermore, security constraints forbid any arbitrary assignment of tasks to employees and also enforce major dependencies on other employees who have access to the same tasks. Since Attribute Based Access Control (ABAC) is poised to emerge as the de facto model for specifying access control policies in commercial information systems, we consider organizational policies and constraints to be modeled with ABAC. Given the increasing size and scale of organizations, both in terms of employees and resources that need to be managed, it is crucial that computational solutions are developed to automate the process of employee to task assignment. In this work, we define the Employee Replacement Problem (ERP) which answers the question of whether a given set of employees can be replaced by a smaller set of employees, while ensuring that the desired security constraints are not violated. We prove that the problem is NP-hard and use CNF-SAT to obtain a solution. An extensive experimental evaluation is carried out on diverse data sets to validate the efficiency of the proposed solution.
RESUMO
Synthetic Cry1Ab/Ac proteins expressed by genetically modified (GM) crops have a high potential to control insect pests without utilizing large amounts of chemical insecticides. Before these crops are used in agriculture, the environmental fate and interactions in the soil must be understood. Stable isotope-labeled Cry1Ab/Ac protein is a highly useful tool for collecting such data. We developed a protocol to produce 13 C/15 N single-labeled Cry proteins. The artificially synthesized gene Cry1Ab/Ac of Bt rice Huahui No. 1, which has been certified by the Chinese government to be safe for human consumption, was subcloned into pUC57, and the expression vector pET-28a-CryAb/Ac was constructed and transformed into Escherichia coli BL21 (DE3) competent cells. Next, 0.2 mM isopropyl thiogalactoside (IPTG) was added to these cells and cultured at 37°C for 4 h to induce the synthesis and formation of inclusion bodies in M9 growth media containing either [U-13 C] glucose (5% 13 C-enriched) or [15 N] ammonium chloride (5% 15 N-enriched). Then, Cry inclusion bodies were dissolved in urea and purified by affinity chromatography under denaturing conditions, renatured by dialysis, and further detected by sodium dodecyl sulfate-polyacrylamide gel electrophoresis (SDS-PAGE) and Western blotting. The purities of 13 C/15 N-labeled Cry proteins reached 99% with amounts of 12.6 mg/L and 8.8 mg/L, respectively. The δ 13 C and ä 15 N values of 13 C-labeled Cry protein and 15 N-labeled Cry protein were 3,269 and 2,854, respectively. A bioassay test revealed that the labeled Cry1Ab/Ac proteins had strong insecticidal activity. The stable isotope-labeled insecticidal Cry proteins produced for the first time in this study will provide an experimental basis for future metabolic studies on Cry proteins in soil and the characteristics of nitrogen (N) and carbon (C) transformations. Our findings may also be employed as a reference for elucidating the environmental behavior and ecological effects of BT plants and expressed products.
Assuntos
Toxinas de Bacillus thuringiensis/biossíntese , Toxinas de Bacillus thuringiensis/genética , Agentes de Controle Biológico/análise , Endotoxinas/biossíntese , Endotoxinas/genética , Escherichia coli/genética , Escherichia coli/metabolismo , Proteínas Hemolisinas/biossíntese , Proteínas Hemolisinas/genética , Inseticidas/análise , Bacillus thuringiensis/patogenicidade , Clonagem Molecular , Oryza/genética , Oryza/metabolismoRESUMO
Internet of Multimedia Things (IoMT) brings convenient and intelligent services while also bringing huge challenges to multimedia data security and privacy. Access control is used to protect the confidentiality and integrity of restricted resources. Attribute-Based Access Control (ABAC) implements fine-grained control of resources in an open heterogeneous IoMT environment. However, due to numerous users and policies in ABAC, access control policy evaluation is inefficient, which affects the quality of multimedia application services in the Internet of Things (IoT). This paper proposed an efficient policy retrieval method to improve the performance of access control policy evaluation in multimedia networks. First, retrieve policies that satisfy the request at the attribute level by computing based on the binary identifier. Then, at the attribute value level, the depth index was introduced to reconstruct the policy decision tree, thereby improving policy retrieval efficiency. This study carried out simulation experiments in terms of the different number of policies and different policy complexity situation. The results showed that the proposed method was three to five times more efficient in access control policy evaluation and had stronger scalability.
RESUMO
In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.
RESUMO
As a consequence of the epidemiological transition towards non-communicable diseases, integrated care approaches are required, not solely focused on medical purposes, but also on a range of essential activities for the maintenance of the individuals' quality of life. In order to allow the exchange of information, these integrated approaches might be supported by digital platforms, which need to provide trustful environments and to guarantee the integrity of the information exchanged. Therefore, together with mechanisms such as authentication, logging or auditing, the definition of access control policies assumes a paramount importance. This article focuses on the development of a parser as a component of a platform to support the care of community-dwelling older adults, the SOCIAL platform, to allow the definition of access control policies and rules using natural languages.
Assuntos
Troca de Informação em Saúde/tendências , Armazenamento e Recuperação da Informação/tendências , Processamento de Linguagem Natural , Qualidade de Vida , Software/tendências , Humanos , Sistemas de Informação/tendências , LinguísticaRESUMO
In Attribute-Based Access Control (ABAC), a user is permitted or denied access to an object based on a set of rules (together called an ABAC Policy) specified in terms of the values of attributes of various types of entities, namely, user, object and environment. Efficient evaluation of these rules is therefore essential for ensuring decision making at on-line speed when an access request comes. Sequentially evaluating all the rules in a policy is inherently time consuming and does not scale with the size of the ABAC system or the frequency of access requests. This problem, which is quite pertinent for practical deployment of ABAC, surprisingly has not so far been addressed in the literature. In this paper, we introduce two variants of a tree data structure for representing ABAC policies, which we name as PolTree. In the binary version (B-PolTree), at each node, a decision is taken based on whether a particular attribute-value pair is satisfied or not. The n-ary version (N-PolTree), on the other hand, grows as many branches out of a given node as the total number of possible values for the attribute being checked at that node. An extensive experimental evaluation with diverse data sets shows the scalability and effectiveness of the proposed approach.
RESUMO
In Attribute-based Access Control (ABAC) systems, utilizing environment attributes along with the subject and object attributes introduces a dynamic nature to the access decisions. The inclusion of environment attributes helps in achieving a more fine-grained access control. In this paper, we present an ABAC policy mining algorithm that considers the environment attributes and their associated values while forming the rules. Furthermore, we use gini impurity to form the rules. This helps to minimize the number of rules in the generated policy. The experimental evaluation shows that our approach is quite effective in practice.
RESUMO
An important way to limit malicious insiders from distributing sensitive information is to as tightly as possible limit their access to information. This has always been the goal of access control mechanisms, but individual approaches have been shown to be inadequate. Ensemble approaches of multiple methods instantiated simultaneously have been shown to more tightly restrict access, but approaches to do so have had limited scalability (resulting in exponential calculations in some cases). In this work, we take the Next Generation Access Control (NGAC) approach standardized by the American National Standards Institute (ANSI) and demonstrate its scalability. The existing publicly available reference implementations all use cubic algorithms and thus NGAC was widely viewed as not scalable. The primary NGAC reference implementation took, for example, several minutes to simply display the set of files accessible to a user on a moderately sized system. In our approach, we take these cubic algorithms and make them linear. We do this by reformulating the set theoretic approach of the NGAC standard into a graph theoretic approach and then apply standard graph algorithms. We thus can answer important access control decision questions (e.g., which files are available to a user and which users can access a file) using linear time graph algorithms. We also provide a default linear time mechanism to visualize and review user access rights for an ensemble of access control mechanisms. Our visualization appears to be a simple file directory hierarchy but in reality is an automatically generated structure abstracted from the underlying access control graph that works with any set of simultaneously instantiated access control policies. It also provide an implicit mechanism for symbolic linking that provides a powerful access capability. Our work thus provides the first efficient implementation of NGAC while enabling user privilege review through a novel visualization approach. This may help transition from concept to reality the idea of using ensembles of simultaneously instantiated access control methodologies, thereby limiting insider threat.
RESUMO
Jute (Corchorus sp.) is naturally occurring, biodegradable, lignocellulosic-long, silky, golden shiny fiber producing plant that has great demands globally. Paper and textile industries are interested in jute because of the easy availability, non-toxicity and high yield of cellulosic biomass produced per acre in cultivation. Jute is the major and most industrially used bast fiber-producing crop in the world and it needs protection from insect pest infestation that decreases its yield and quality. Single locus integration of the synthetically fused cry1Ab/Ac gene of Bacillus thuringiensis (Bt) in Corchorus capsularis (JRC 321) by Agrobacterium tumefaciens-mediated shoot tip transformation provided 5 potent Bt jute lines BT1, BT2, BT4, BT7 and BT8. These lines consistently expressed the Cry1Ab/Ac endotoxin ranging from 0.16 to 0.35 ng/mg of leaf, in the following generations (analyzed upto T4). The effect of Cry1Ab/Ac endotoxin was studied against 3 major Lepidopteran pests of jute- semilooper (Anomis sabulifera Guenee), hairy caterpillar (Spilarctia obliqua Walker) and indigo caterpillar (Spodoptera exigua Hubner) by detached leaf and whole plant insect bioassay on greenhouse-grown transgenic plants. Results confirm that larvae feeding on transgenic plants had lower food consumption, body size, body weight and dry weight of excreta compared to non-transgenic controls. Insect mortality range among transgenic feeders was 66-100% for semilooper and hairy caterpillar and 87.50% for indigo caterpillar. Apart from insect resistance, the transgenic plants were at par with control plants in terms of agronomic parameters and fiber quality. Hence, these Bt jutes in the field would survive Lepidopteran pest infestation, minimize harmful pesticide usage and yield good quality fiber.
RESUMO
Two transgenic rice lines (T2A-1 and T1C-19b) expressing cry2A and cry1C genes, respectively, were developed in China, targeting lepidopteran pests including Chilo suppressalis (Walker) (Lepidoptera: Crambidae). The seasonal expression of Cry proteins in different tissues of the rice lines and their resistance to C. suppressalis were assessed in comparison to a Bt rice line expressing a cry1Ab/Ac fusion gene, Huahui 1, which has been granted a biosafety certificate. In general, levels of Cry proteins were T2A-1 > Huahui 1 > T1C-19b among rice lines, and leaf > stem > root among rice tissues. The expression patterns of Cry protein in the rice line plants were similar: higher level at early stages than at later stages with an exception that high Cry1C level in T1C-19b stems at the maturing stage. The bioassay results revealed that the three transgenic rice lines exhibited significantly high resistance against C. suppressalis larvae throughout the rice growing season. According to Cry protein levels in rice tissues, the raw and corrected mortalities of C. suppressalis caused by each Bt rice line were the highest in the seedling and declined through the jointing stage with an exception for T1C-19b providing an excellent performance at the maturing stage. By comparison, T1C-19b exhibited more stable and greater resistance to C. suppressalis larvae than T2A-1, being close to Huahui 1. The results suggest cry1C is an ideal Bt gene for plant transformation for lepidopteran pest control, and T1C-19b is a promising Bt rice line for commercial use for tolerating lepidopteran rice pests.