Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS

In this paper, we present a role-based access control method for accessing databases through the Open Grid Services Architecture – Data Access and Integration (OGSA-DAI) framework. OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces and services to access and control data sources and sinks. However, in OGSA-DAI, access control causes substantial administration overhead for resource providers in virtual organizations (VOs) because each of them has to manage a role-map file containing authorization information for individual Grid users. To solve this problem, we used the Community Authorization Service (CAS) provided by the Globus Toolkit to support the role-based access control (RBAC) within OGSA-DAI. CAS uses the Security Assertion Markup Language (SAML). Our method shows that CAS can support a wide range of security policies using role-privileges, role hierarchies, and constraints. The resource providers need to maintain only the mapping information from VO roles to local database roles and the local policies in the role-map files, so that the number of entries in the role-map file is reduced dramatically. Also, unnecessary authentication, mapping and connections can be avoided by denying invalid requests at the VO level. Thus, our access control method provides increased manageability for a large number of users and reduces day-to-day administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance analysis shows that our method adds very little overhead to the existing security infrastructure of OGSA-DAI.     

Recording of electric signal passing through a pylon in direct skeletal attachment of leg prostheses with neuromuscular control

Direct recordings were made of electrical signals emanating from the muscles in a rabbit's residuum. The signals were transmitted via wires attached on one end to the muscles, and on the other to an external recording system. The cable was held in a titanium tube inside a pylon that had been transcutaneously implanted into the residuum's bone. The tube was surrounded by porous titanium cladding to enhance its bond with the bone and with the skin of the residuum. This study was the first known attempt to merge the technology of direct skeletal attachment of limb prostheses with the technology of neuromuscular control of prostheses, providing a safe and reliable passage of the electrical signal from the muscles inside the residuum to the outside recording system.     

Role-based access control for grid database services using the community authorization service

In this paper, we propose a role-based access control (RBAC) method for grid database services in open grid services architecture-data access and integration (OGSA-DAI). OGSA-DAI is an efficient grid-enabled middleware implementation of interfaces and services to access and control data sources and sinks. However, in OGSA-DAI, access control causes substantial administration overhead for resource providers in virtual organizations (VOs) because each of them has to manage a role-map file containing authorization information for individual grid users. To solve this problem, we used the community authorization service (CAS) provided by the globus toolkit to support the RBAC within the OGSA-DAI framework. The CAS grants the membership on VO roles to users. The resource providers then need to maintain only the mapping information from VO roles to local database roles in the role-map files, so that the number of entries in the role-map file is reduced dramatically. Furthermore, the resource providers control the granting of access privileges to the local roles. Thus, our access control method provides increased manageability for a large number of users and reduces day-to-day administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance analysis shows that our method adds very little overhead to the existing security infrastructure of OGSA-DAI.     

Role-based access control for a Grid system using OGSA-DAI and Shibboleth

In this paper, we propose a new role-based access control (RBAC) system for Grid data resources in the Open Grid Services Architecture Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used framework for integrating data resources in Grids. However, OGSA-DAI’s identity-based access control causes substantial administration overhead for the resource providers in virtual organizations (VOs) because of the direct mapping between individual Grid users and the privileges on the resources. To solve this problem, we used the Shibboleth, an attribute authorization service, to support RBAC within the OGSA-DAI. In addition, access control policies need to be specified and managed across multiple VOs. For the specification of access control policies, we used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML); and for distributed administration of those policies and the user-role assignments, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. Our RBAC system provides scalable and fine-grain access control and allows privacy protection. It also supports dynamic delegation of rights and user-role assignments, and reduces the administration overheads for the resource providers because they need to maintain only the mapping information from VO roles to local database roles. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC system adds only a small overhead to the existing security infrastructure of OGSA-DAI.     

An Integrated Transcriptomic Approach to Identify Molecular Markers of Calcineurin Inhibitor Nephrotoxicity in Pediatric Kidney Transplant Recipients

Calcineurin inhibitors are highly efficacious immunosuppressive agents used in pediatric kidney transplantation. However, calcineurin inhibitor nephrotoxicity (CNIT) has been associated with the development of chronic renal allograft dysfunction and decreased graft survival. This study evaluated 37 formalin-fixed paraffin-embedded biopsies from pediatric kidney transplant recipients using gene expression profiling. Normal allograft samples (n = 12) served as negative controls and were compared to biopsies exhibiting CNIT (n = 11). The remaining samples served as positive controls to validate CNIT marker specificity and were characterized by other common causes of graft failure such as acute rejection (n = 7) and interstitial fibrosis/tubular atrophy (n = 7). MiRNA profiles served as the platform for data integration. Oxidative phosphorylation and mitochondrial dysfunction were the top molecular pathways associated with overexpressed genes in CNIT samples. Decreased ATP synthesis was identified as a significant biological function in CNIT, while key toxicology pathways included NRF2-mediated oxidative stress response and increased permeability transition of mitochondria. An integrative analysis demonstrated a panel of 13 significant miRNAs and their 33 CNIT-specific gene targets involved with mitochondrial activity and function. We also identified a candidate panel of miRNAs/genes, which may serve as future molecular markers for CNIT diagnosis as well as potential therapeutic targets.     

Repurposing Bedaquiline for Effective Non-Small Cell Lung Cancer (NSCLC) Therapy as Inhalable Cyclodextrin-Based Molecular Inclusion Complexes

There is growing evidence that repurposed drugs demonstrate excellent efficacy against many cancers, while facilitating accelerated drug development process. In this study, bedaquiline (BDQ), an FDA approved anti-mycobacterial agent, was repurposed and an inhalable cyclodextrin complex formulation was developed to explore its anti-cancer activity in non-small cell lung cancer (NSCLC). A sulfobutyl ether derivative of β-cyclodextrin (SBE-β-CD) was selected based on phase solubility studies and molecular modeling to prepare an inclusion complex of BDQ and cyclodextrin. Aqueous solubility of BDQ was increased by 2.8 × 10³-fold after complexation with SBE-β-CD, as compared to its intrinsic solubility. Solid-state characterization studies confirmed the successful incorporation of BDQ in the SBE-β-CD cavity. In vitro lung deposition study results demonstrated excellent inhalable properties (mass median aerodynamic diameter: 2.9 ± 0.6 µm (<5 µm) and fine particle fraction: 83.3 ± 3.8%) of BDQ-CD complex. Accelerated stability studies showed BDQ-CD complex to be stable up to 3 weeks. From cytotoxicity studies, a slight enhancement in the anti-cancer efficacy was observed with BDQ-cyclodextrin complex, compared to BDQ alone in H1299 cell line. The IC₅₀ values for BDQ and BDQ-CD complex were found to be ~40 µM in case of H1299 cell line at 72 h, whereas BDQ/BDQ-CD were not found to be cytotoxic up to concentrations of 50 µM in A549 cell line. Taken together, BDQ-CD complex offers a promising inhalation strategy with efficient lung deposition and cytotoxicity for NSCLC treatment.     

Sodium Humate as a Promising Coating Material for Microencapsulation of Beauveria bassiana Conidia Through Spray Drying

Microencapsulation of Beauveria bassiana (Bb) conidia with sodium humate (SH) was undertaken successfully through spray drying at a high inlet air temperature of 175°C with corresponding outlet air temperature of 86.5 ± 1.3°C using 0.2% SH. The obtained product was a free-flowing, dark-brown powder containing microcapsules of Bb conidia coated with sodium humate (Bb-SH). These microcapsules measured 2.47–3.57 µm and possessed an uneven, fluffy surface. The colony-forming units (CFU) of Bb-SH microcapsules spray-dried at 175°C were 21.54 LCFUg^?1, on par with 21.59 LCFUg^?1 for Bb conidial powder not subjected to spray drying. Bb-SH microcapsules resulted in a high mortality of 93.0% against six-day-old Helicoverpa armigera larvae within five days after treatment. Bb-SH microcapsules readily dispersed in water, releasing sodium humate from the conidial surface. Germination of conidia was not affected by sodium humate as visualized by scanning electron microscopy of the cuticular surface of treated larvae. Bb-SH microcapsules showed good viability (21.11 LCFUg^?1) at the end of six months of storage at room temperature (～30°). Thus, sodium humate is a promising biopolymer for encapsulation of Bb conidia for extended shelf-life at room temperature.     

Role-Based Access Control in a Data Grid Using the Storage Resource Broker and Shibboleth

In this paper, we propose a role-based access control (RBAC) system for data resources in the Storage Resource Broker (SRB). The SRB is a Data Grid management system, which can integrate heterogeneous data resources of virtual organizations (VOs). The SRB stores the access control information of individual users in the Metadata Catalog (MCAT) database. However, because of the specific MCAT schema structure, this information can only be used by the SRB applications. If VOs also have many non-SRB applications, each with its own storage format for user access control information, it creates a scalability problem with regard to administration. To solve this problem, we developed a RBAC system with Shibboleth, which is an attribute authorization service currently being used in many Grid environments. Thus, the administration overhead is reduced because the role privileges of individual users are now managed by Shibboleth, not by MCAT or applications. In addition, access control policies need to be specified and managed across multiple VOs. For the specification of access control policies, we used the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML); and for distributed administration of those policies, we used the Object, Metadata and Artifacts Registry (OMAR). OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. Our RBAC system provides scalable and fine-grain access control and allows privacy protection. Performance analysis shows that our system adds only a small overhead to the existing security infrastructure of the SRB.