Security automation for multi-cluster orchestration in Kubernetes

In the latest years, multi-domain Kubernetes architectures composed of multiple clusters have been getting more frequent, so as to provide higher workload isolation, resource availability flexibility and scalability for application deployment. However, manually configuring their security may lead to inconsistencies among policies defined in different clusters, or it may require knowledge that the administrator of each domain cannot have. Therefore, this paper proposes an automatic approach for the automatic generation of the network security policies to be deployed in each cluster of a multi-domain Kubernetes deployment. The objectives of this approach are to reduce of configuration errors that human administrators commonly make, and to create transparent cross-cluster communications. This approach has been implemented as a framework named Multi-Cluster Orchestrator, which has been validated in realistic use cases to assess its benefits to Kubernetes orchestration

A demonstration of VEREFOO: an automated framework for virtual firewall configuration

Nowadays, security automation exploits the agility characterizing network virtualization to replace the traditional error-prone human operations. This dynamism allows user-specified high-level intents to be rapidly refined into the concrete configuration rules which should be deployed on virtual security functions. In this revolutionary context, this paper proposes the demonstration of a novel security framework based on an optimized approach for the automatic orchestration of virtual distributed firewalls. The framework provides formal guarantees for the firewall configuration correctness and minimizes the size of the firewall allocation scheme and rule set. The framework produces rules that can be deployed on multiple types of real virtual function implementations, such as iptables, eBPF firewalls and Open vSwitch

Automation for network security configuration: state of the art and research trends

The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated

Introducing programmability and automation in the synthesis of virtual firewall rules

The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case

Improving the formal verification of reachability policies in virtualized networks

Network Function Virtualization (NFV) and Software Defined Networking (SDN) are new emerging paradigms that changed the rules of networking, shifting the focus on dynamicity and programmability. In this new scenario, a very important and challenging task is to detect anomalies in the data plane, especially with the aid of suitable automated software tools. In particular, this operation must be performed within quite strict times, due to the high dynamism introduced by virtualization. In this paper, we propose a new network modeling approach that enhances the performance of formal verification of reachability policies, checked by solving a Satisfiability Modulo Theories (SMT) problem. This performance improvement is motivated by the definition of function models that do not work on single packets, but on packet classes. Nonetheless, the modeling approach is comprehensive not only of stateless functions, but also stateful functions such as NATs and firewalls. The implementation of the proposed approach achieves high scalability in complex networked systems consisting of several heterogeneous functions

preliminary studies on productivity of white pleurotus eryngii isolates in protected cultivation

Four isolates of Pleurotus eryngii species-complex, originating from different basidiomata growing in a mountainous area of the Basilicata region (southern Italy) and characterized by white pileus cuticle (Wh A, Wh B, Wh C, and Wh D) were compared, in artificial cultivation conditions, to other isolates of the same mushroom with beige (Be 3, Be 5) or brown cap (Br 1, Br 2) originating from the same area of the former or selected among the commercial ones (Com 142 and Com 164) in order to evaluate their productivity and morphological features. The experiments were carried out in a greenhouse belonging to the Faculty of Agriculture, University of Bari Aldo Moro, in autumn winter 2010-2011, using substrate bags well colonized by P. eryngii mycelium and kept at 4-6°C for 5 months. Wh A and Wh D and, less significantly, Wh C, Be 5 and Com 142, produced a fresh basidioma yield significantly higher than the five other tested isolates (Wh B, Be 3, Br 1, Br 2 and Com 164). Only Com 142 produced the basidiomata of medium and maximum size significantly heavier and with larger pileus diameter than other tested isolates. Com 142 also resulted significantly different, for the basidiomata number/substrate bag, from the white pileus cuticle isolates except for Wh B. All tested isolates concentrated almost all (90-95%) of the sporophore yield in the first basidioma flush. No significant differences were found among all tested P. eryngii isolates in terms of yield earliness

What's in a Sign? Trademark Law and Economic Theory

Abstract: The aim of this paper is to summarise the extant theory as it relates to the economics of trademark, and to give some suggestions for further research with reference to distinct streams of literature. The proposed line of study inevitably looks at the complex relationship between signs and economics. Trademark is a sign introduced to remedy a market failure. It facilitates purchase decisions by indicating the provenance of the goods, so that consumers can identify specific quality attributes deriving from their own, or others', past experience. Trademark holders, on their part, have an incentive to invest in quality because they will be able to reap the benefits in terms of reputation. In other words, trademark law becomes an economic device which, opportunely designed, can produce incentives for maximising market efficiency. This role must, of course, be recognised, as a vast body of literature has done, with its many positive economic consequences. Nevertheless, trademark appears to have additional economic effects that should be properly recognized: it can determine the promotion of market power and the emergence of rent-seeking behaviours. It gives birth to an idiosyncratic economics of signs where very strong protection tends to be assured, even though the welfare effects are as yet poorly understood. In this domain much remains to be done and the challenge to researchers is open

Mesenchymal Stromal Cells Primed with Paclitaxel Provide a New Approach for Cancer Therapy

BACKGROUND: Mesenchymal stromal cells may represent an ideal candidate to deliver anti-cancer drugs. In a previous study, we demonstrated that exposure of mouse bone marrow derived stromal cells to Doxorubicin led them to acquire anti-proliferative potential towards co-cultured haematopoietic stem cells (HSCs). We thus hypothesized whether freshly isolated human bone marrow Mesenchymal stem cells (hMSCs) and mature murine stromal cells (SR4987 line) primed in vitro with anti-cancer drugs and then localized near cancer cells, could inhibit proliferation. METHODS AND PRINCIPAL FINDINGS: Paclitaxel (PTX) was used to prime culture of hMSCs and SR4987. Incorporation of PTX into hMSCs was studied by using FICT-labelled-PTX and analyzed by FACS and confocal microscopy. Release of PTX in culture medium by PTX primed hMSCs (hMSCsPTX) was investigated by HPLC. Culture of Endothelial cells (ECs) and aorta ring assay were used to test the anti-angiogenic activity of hMSCsPTX and PTX primed SR4987(SR4987PTX), while anti-tumor activity was tested in vitro on the proliferation of different tumor cell lines and in vivo by co-transplanting hMSCsPTX and SR4987PTX with cancer cells in mice. Nevertheless, despite a loss of cells due to chemo-induced apoptosis, both hMSCs and SR4987 were able to rapidly incorporate PTX and could slowly release PTX in the culture medium in a time dependent manner. PTX primed cells acquired a potent anti-tumor and anti-angiogenic activity in vitro that was dose dependent, and demonstrable by using their conditioned medium or by co-culture assay. Finally, hMSCsPTX and SR4987PTX co-injected with human cancer cells (DU145 and U87MG) and mouse melanoma cells (B16) in immunodeficient and in syngenic mice significantly delayed tumor takes and reduced tumor growth. CONCLUSIONS: These data demonstrate, for the first time, that without any genetic manipulation, mesenchymal stromal cells can uptake and subsequently slowly release PTX. This may lead to potential new tools to increase efficacy of cancer therapy

How future surgery will benefit from SARS-COV-2-related measures: a SPIGC survey conveying the perspective of Italian surgeons

COVID-19 negatively affected surgical activity, but the potential benefits resulting from adopted measures remain unclear. The aim of this study was to evaluate the change in surgical activity and potential benefit from COVID-19 measures in perspective of Italian surgeons on behalf of SPIGC. A nationwide online survey on surgical practice before, during, and after COVID-19 pandemic was conducted in March-April 2022 (NCT:05323851). Effects of COVID-19 hospital-related measures on surgical patients' management and personal professional development across surgical specialties were explored. Data on demographics, pre-operative/peri-operative/post-operative management, and professional development were collected. Outcomes were matched with the corresponding volume. Four hundred and seventy-three respondents were included in final analysis across 14 surgical specialties. Since SARS-CoV-2 pandemic, application of telematic consultations (4.1% vs. 21.6%; p < 0.0001) and diagnostic evaluations (16.4% vs. 42.2%; p < 0.0001) increased. Elective surgical activities significantly reduced and surgeons opted more frequently for conservative management with a possible indication for elective (26.3% vs. 35.7%; p < 0.0001) or urgent (20.4% vs. 38.5%; p < 0.0001) surgery. All new COVID-related measures are perceived to be maintained in the future. Surgeons' personal education online increased from 12.6% (pre-COVID) to 86.6% (post-COVID; p < 0.0001). Online educational activities are considered a beneficial effect from COVID pandemic (56.4%). COVID-19 had a great impact on surgical specialties, with significant reduction of operation volume. However, some forced changes turned out to be benefits. Isolation measures pushed the use of telemedicine and telemetric devices for outpatient practice and favored communication for educational purposes and surgeon-patient/family communication. From the Italian surgeons' perspective, COVID-related measures will continue to influence future surgical clinical practice

Fluid focusing and viscosity allow high gain and stability of the cochlear response

This paper discusses the role of two-dimensional (2-D)/three-dimensional (3-D) cochlear fluid hydrodynamics in the generation of the large nonlinear dynamical range of the basilar membrane (BM) and pressure response, in the decoupling between cochlear gain and tuning, and in the dynamic stabilization of the high-gain BM response in the peak region. The large and closely correlated dependence on stimulus level of the BM velocity and fluid pressure gain [Dong, W., and Olson, E. S. (2013). Biophys. J. 105(4), 1067-1078] is consistent with a physiologically oriented schematization of the outer hair cell (OHC) mechanism if two hydrodynamic effects are accounted for: amplification of the differential pressure associated with a focusing phenomenon, and viscous damping at the BM-fluid interface. The predictions of the analytical 2-D Wentzel-Kramers-Brillouin (WKB) approach are compared to solutions of a 3-D finite element model, showing that these hydrodynamic phenomena yield stable high-gain response in the peak region and a smooth transition among models with different effectiveness of the active mechanism, mimicking the cochlear nonlinear response over a wide stimulus level range. This study explains how an effectively anti-damping nonlinear outer hair cells (OHC) force may yield large BM and pressure dynamical ranges along with an almost level-independent admittance