Using MACsec to protect a Network Functions Virtualisation Infrastructure

IEEE 802.1AE is a standard for Media Access Control security (MACsec), which enables data integrity, authentication, and confidentiality for traffic in a broadcast domain. This protects network communications against attacks at link layer, hence it provides a higher degree of security and flexibility compared to other security protocols, such as IPsec. Softwarised network infrastructures, based on Network Functions Virtualisation (NFV) and Software Defined Networking (SDN), provide higher flexibility than traditional networks. Nonetheless, these networks have a larger attack surface compared to legacy infrastructures based on hardware appliances. In this scenario, communication security is important to ensure that the traffic in a broadcast domain is not intercepted or manipulated. We propose an architecture for centralised management of MACsec-enabled switches in a NFV environment. Moreover, we present a PoC that integrates MACsec in the Open Source MANO NFV framework and we evaluate its performance

Integrity Verification of Distributed Nodes in Critical Infrastructures

The accuracy and reliability of time synchronization and distribution are essential requirements for many critical infrastructures, including telecommunication networks, where 5G technologies place increasingly stringent conditions in terms of maintaining highly accurate time. A lack of synchronization between the clocks causes a malfunction of the 5G network, preventing it from providing a high quality of service; this makes the time distribution network a very viable target for attacks. Various solutions have been analyzed to mitigate attacks on the Global Navigation Satellite System (GNSS) radio-frequency spectrum and the Precision Time Protocol (PTP) used for time distribution over the network. This paper highlights the significance of monitoring the integrity of the software and configurations of the infrastructural nodes of a time distribution network. Moreover, this work proposes an attestation scheme, based on the Trusted Computing principles, capable of detecting both software violations on the nodes and hardware attacks aimed at tampering with the configuration of the GNSS receivers. The proposed solution has been implemented and validated on a testbed representing a typical synchronization distribution network. The results, simulating various types of adversaries, emphasize the effectiveness of the proposed approach in a wide range of typical attacks and the certain limitations that need to be addressed to enhance the security of the current GNSS receivers

MitraClip Treatment of Secondary Mitral Regurgitation in Heart Failure with Reduced Ejection Fraction: Lessons and Implications from Trials and Registries

Transcatheter mitral valve intervention using the MitraClip system has evolved as a new tool for the treatment of secondary mitral regurgitation (SMR) in patients with heart failure and reduced lef..

PALANTIR: Zero-trust architecture for Managed Security Service Provider

The H2020 PALANTIR project aims at delivering a Security-as-a-Service solution to SMEs and microenterprises via the exploitation of containerised Network Functions. However, these functions are conceived by third-party developers and can also be deployed in untrustworthy virtualisation layers, depending on the subscribed delivery model. Therefore, they cannot be trusted and require a stringent monitoring to ensure their harmlessness, as well as adequate measures to remediate any nefarious activities. This paper justifies, details and evaluates a Zero-Trust architecture supporting PALANTIR’s solution. Specifically, PALANTIR periodically attests the service and infrastructure’s components for signs of compromise by implementing the Trusted Computing paradigm. Verification addresses the firmware, OS and software using UEFI measured boot and Linux Integrity Measurement Architecture, extended to support containerised application attestation. Mitigation actions are supervised by the Recovery Service and the Security Orchestrator based on OSM to, respectively, determine the adequate remediation actions from a recovery policy and enforce them down to the lower layers of the infrastructure through local authenticated enablers. We detail an implementation prototype serving a baseline for quantitative evaluation of our work

Social Aspects of Diabetic Foot: A Scoping Review

Diabetic foot ulcer (DFU) is a severe complication of diabetes mellitus (DM). Patients with DFU have increased mortality and morbidity as well as decreased quality of life (QoL). The present scoping review aims to study the social issues of diabetic foot. Following PRISMA guidelines, the review was conducted in two databases (Scopus and Pubmed) with the use of the following keywords: “social aspects and diabetic foot”, “social characteristics and diabetic foot”, “social issues and diabetic foot”, “demographic profiles and diabetic foot”, “social determinants and diabetic foot”, “social capital and diabetic foot”, “social characteristics and gender and diabetic foot”, “social profiles and diabetic foot”, “social relationships and diabetic foot” and “social risk and diabetic foot”, from July to August 2021. Predetermined exclusion and inclusion criteria were selected. Forty-five studies (quantitative and qualitative) were eligible for inclusion in this review. Gender problems, socioeconomic status, social capital, and medical problems were the most important negative variables for diabetic foot. All the included variables reveal that the social impact of diabetic foot is the most important factor for management and prevention, in terms of aggravation and more, of the diabetic foo

Immunotherapy with CAR-T cells in paediatric haematology-oncology

Despite being a rare disease, cancer is the first cause of mortality due to disease during the paediatric age in the developed countries. The current, great increase in new treatments, such as immunotherapy, constitutes a new clinical and regulatory paradigm. Cellular immunotherapy is one of these types of immunotherapy. In particular, the advanced therapy drugs with chimeric antigen receptors in the T-lymphocytes (CAR-T), and particularly the CAR-T19 cells, has opened up a new scenario in the approach to haematology tumours like acute lymphoblastic leukaemia and the B-Cell lymphomas. The approval of tisagenlecleucel and axicabtagene ciloleucel by the regulatory authorities has led to the setting up of the National Plan for Advanced Therapies-CAR-T drugs in Spain. There is evidence of, not only the advantage of identifying the centres most suitable for their administration, but also the need for these to undergo a profound change in order that their healthcare activity is extended, in some cases, to the ability for the in-house manufacture of these types of therapies. The hospitals specialised in paediatric haematology-oncology thus have the challenge of progressing towards a healthcare model that integrates cellular immunotherapy, having the appropriate capacity to manage all aspects relative to their use, manufacture, and administration of these new treatments.A pesar de ser una enfermedad rara, el cáncer es la primera causa de mortalidad por enfermedad durante la edad pediátrica en los países desarrollados. En este momento, la irrupción de nuevos tratamientos como la inmunoterapia constituye un nuevo paradigma clínico y regulatorio. Uno de estos tipos de inmunoterapia es la inmunoterapia celular. En particular, los medicamentos de terapia avanzada con receptores antigénicos quiméricos en los linfocitos T (CAR-T), y en concreto las células CAR-T19, han supuesto un nuevo escenario en el abordaje de los tumores hematológicos, como la leucemia aguda linfoblástica y los linfomas de células tipo B. La aprobación por las autoridades regulatorias de tisagenlecleucel y axicabtagene ciloleucel,ha impulsado la puesta en marcha del Plan Nacional de Terapias Avanzadas-Medicamentos CAR-T en España, evidenciándose no solo la conveniencia de identificar los centros más adecuados para su administración, sino la necesidad de que estos sufran una profunda transformación para que su actividad asistencial se extienda en algunos casos a la capacidad de fabricación propia de este tipo de terapias. Los hospitales especializados en hematooncología pediátrica tienen por tanto el reto de evolucionar hacia un modelo asistencial que integre la inmunoterapia celular,dotándose de capacidad propia para gestionar todos los aspectos relativos al uso, fabricación y administración de estos nuevos tratamientos.Fundación CRIS contra el cáncer

New pyrrole derivatives with potent tubulin polymerization inhibiting activity as anticancer agents including hedgehog-dependent cancer

We synthesized 3-aroyl-1-arylpyrrole (ARAP) derivatives as potential anticancer agents having different substituents at the pendant 1-phenyl ring. Both the 1-phenyl ring and 3-(3,4,5-trimethoxyphenyl)carbonyl moieties were mandatory to achieve potent inhibition of tubulin polymerization, binding of colchicine to tubulin, and cancer cell growth. ARAP 22 showed strong inhibition of the P-glycoprotein-overexpressing NCI-ADR-RES and Messa/Dx5MDR cell lines. Compounds 22 and 27 suppressed in vitro the Hedgehog signaling pathway, strongly reducing luciferase activity in SAG treated NIH3T3 Shh-Light II cells, and inhibited the growth of medulloblastoma D283 cells at nanomolar concentrations. ARAPs 22 and 27 represent a new potent class of tubulin polymerization and cancer cell growth inhibitors with the potential to inhibit the Hedgehog signaling pathway

Exploiting the DICE specification to ensure strong identity and integrity of IoT devices

IoT devices are becoming widely used in several contexts, and nowadays billions of devices are deployed in different scenarios, some of which are very critical to people’s privacy and safety. For these reasons, it is very important to provide capabilities for guaranteeing the correct behaviour of the devices. Remote attestation is a technique traditionally used to monitor the integrity status of nodes and to determine if they are behaving as expected. This technique requires that the device is equipped with Roots of Trust, that are the set of hardware and software features that make the platform capable of providing reliable integrity reports even when it has been compromised. This paper proposes a solution that permits to identify and attest devices in a dynamic context, such as Smart Cities or Smart Homes, where unknown devices can connect to the network and perform several actions. The proposed security schema is based on the Device Identity Composition Engine (DICE), which represents a set of specifications designed by the Trusted Computing Group (TCG) to enhance security and privacy of devices with minimal silicon requirements

Integrated shape memory alloy devices toward a high-performance glazed curtain wall seismic retrofit

Recent dynamic events, such as Alaska and San Fernando earthquakes, have shown shortcomings in contemporary façade design processes, exacerbated by the occurrence of non-structural component damage and failure when subjected to extreme wind loads or seismic events. Accordingly, in the present work the feasibility of an original and advanced dissipation technology is pursued investigating on the façade performance by testing and modeling strategies. Initially, based on the experimental activities performed at the Construction Technologies Institute (ITC) laboratories of the Italian National Research Council (CNR), numerical simulations are run to interpret and reproduce the experimentally tested response of two full-scale façade units. Thereafter, sophisticated 3D finite element models are calibrated acquiring information on the fundamental mechanisms accountable for the dynamics in façades. Subsequently, by virtue of the peculiar properties of Shape Memory Alloys (SMA), such as superelasticity and shape memory effect, innovative curtain wall joints are designed, focusing on the improvement of the façade energy dissipation performance and on the enhancement of the overall structural behavior. Finally, the improvements are demonstrated both globally and locally: on one hand, traditional and novel curtain wall force-drift capacity curves are compared; on the other hand, the effectiveness of the suggested device is shown, when built on a reference structure

Mitigating Software Integrity Attacks With Trusted Computing in a Time Distribution Network

Time Distribution Networks (TDNs) evolve as new technologies occur to ensure more accurate, reliable, and secure timing information. These networks typically exploit several distributed time servers, organized in a master-slave architecture, that communicate via dedicated timing protocols. From the security perspective, timing data must be protected since its modification or filtering can lead to grave consequences in different time-based contexts, such as health, energy, finance, or transportation. Thus, adequate countermeasures must be employed in all the stages and systems handling timing data from its calculation until it reaches the final users. We consider a TDN offering highly accurate (nanosecond level) time synchronization through specific time unit devices that exploit terrestrial atomic or rubidium clocks and Global Navigation Satellite Systems (GNSS) receivers. Such devices are appealing targets for attackers, who might exploit various attack vectors to compromise their functionality. We individuate three possible software integrity attacks against time devices, and we propose a solution to counter them by exploiting the cryptographic Trusted Platform Module (TPM), defined and supported by the Trusted Computing Group. We used remote attestation software for cloud environments, namely the Keylime framework, to verify (periodically) the software daemons running on the time devices (or their configuration) from a trusted node. Experiments performed on a dedicated testbed set up in the ROOT project with customized time unit devices from Seven Solutions (currently Orolia Spain) allow us to demonstrate that exploiting TPMs and remote attestation in the TDNs is not only helpful but is fundamental for discovering some attacks that would remain otherwise undetected. Our work helps thus TDN operators build more robust, accurate, and secure time synchronization services