A secure, constraint-aware role-based access control interoperation framework

With the growing needs for and the benefits of sharing resources and information among different organizations, an interoperation framework that automatically integrates policies to facilitate such cross-domain sharing in a secure way is becoming increasingly important. To avoid security breaches, such policies must enforce the policy constraints of the individual domains. Such constraints may include temporal constraints that limit the times when the users can access the resources, and separation of duty (SoD) constraints. Existing interoperation solutions do not address such cross-domain temporal access control and SoDs requirements. In this paper, we propose a role-based framework to facilitate secure interoperation among multiple domains by ensuring the enforcement of temporal and SoD constraints of individual domains. To support interoperation, we do not modify the internal policies, as most of the current approaches do. We present experimental results to demonstrate our proposed framework is effective and easily realizable. © 2011 IEEE

Geo-social-rbac: A location-based socially aware access control framework

The ubiquity of low-cost GPS-enabled mobile devices and the proliferation of online social networks have enabled the collection of rich geo-social information that includes the whereabouts of the users and their social connections. This information can be used to provide a rich set of access control policies that ensure that resources are utilized securely. Existing literature focuses on providing access control systems that control the access solely based on either the location of the users or their social connections. In this paper, we argue that a number of real-world applications demand an access control model that effectively captures both the geographic as well as the social dimensions of the users in a given location. We propose, Geo-social-RBAC, a new role based access control model that allows the inclusion of geo-social constraints as part of the access control policy. Our model, besides capturing the locations of a user requesting access and her social connections, includes geo-social cardinality constraints that dictate how many people related by a particular social relation need to be present in the required locations at the time of an access. The model also allows specification of geo-social and location trace constraints that may be used to dictate if an access needs to be granted or denied

Adaptation and Convergent Evolution within the Jamesonia-Eriosorus Complex in High-Elevation Biodiverse Andean Hotspots

The recent uplift of the tropical Andes (since the late Pliocene or early Pleistocene) provided extensive ecological opportunity for evolutionary radiations. We test for phylogenetic and morphological evidence of adaptive radiation and convergent evolution to novel habitats (exposed, high-altitude páramo habitats) in the Andean fern genera Jamesonia and Eriosorus. We construct time-calibrated phylogenies for the Jamesonia-Eriosorus clade. We then use recent phylogenetic comparative methods to test for evolutionary transitions among habitats, associations between habitat and leaf morphology, and ecologically driven variation in the rate of morphological evolution. Páramo species (Jamesonia) display morphological adaptations consistent with convergent evolution in response to the demands of a highly exposed environment but these adaptations are associated with microhabitat use rather than the páramo per se. Species that are associated with exposed microhabitats (including Jamesonia and Eriorsorus) are characterized by many but short pinnae per frond whereas species occupying sheltered microhabitats (primarily Eriosorus) have few but long pinnae per frond. Pinnae length declines more rapidly with altitude in sheltered species. Rates of speciation are significantly higher among páramo than non-páramo lineages supporting the hypothesis of adaptation and divergence in the unique Páramo biodiversity hotspot

The origin of multicellularity in cyanobacteria

Background: Cyanobacteria are one of the oldest and morphologically most diverse prokaryotic phyla on our planet. The early development of an oxygen-containing atmosphere approximately 2.45 - 2.22 billion years ago is attributed to the photosynthetic activity of cyanobacteria. Furthermore, they are one of the few prokaryotic phyla where multicellularity has evolved. Understanding when and how multicellularity evolved in these ancient organisms would provide fundamental information on the early history of life and further our knowledge of complex life forms. Results: We conducted and compared phylogenetic analyses of 16S rDNA sequences from a large sample of taxa representing the morphological and genetic diversity of cyanobacteria. We reconstructed ancestral character states on 10,000 phylogenetic trees. The results suggest that the majority of extant cyanobacteria descend from multicellular ancestors. Reversals to unicellularity occurred at least 5 times. Multicellularity was established again at least once within a single-celled clade. Comparison to the fossil record supports an early origin of multicellularity, possibly as early as the “Great Oxygenation Event” that occurred 2.45 - 2.22 billion years ago. Conclusions: The results indicate that a multicellular morphotype evolved early in the cyanobacterial lineage and was regained at least once after a previous loss. Most of the morphological diversity exhibited in cyanobacteria today —including the majority of single-celled species— arose from ancient multicellular lineages. Multicellularity could have conferred a considerable advantage for exploring new niches and hence facilitated the diversification of new lineages

Coupling of ocean redox and animal evolution during the Ediacaran-Cambrian transition

The late Ediacaran to early Cambrian interval witnessed extraordinary radiations of metazoan life. The role of the physical environment in this biological revolution, such as changes to oxygen levels and nutrient availability, has been the focus of longstanding debate. Seemingly contradictory data from geochemical redox proxies help to fuel this controversy. As an essential nutrient, nitrogen can help to resolve this impasse by establishing linkages between nutrient supply, ocean redox, and biological changes. Here we present a comprehensive N-isotope dataset from the Yangtze Basin that reveals remarkable coupling between δ¹⁵N, δ¹³C, and evolutionary events from circa 551 to 515 Ma. The results indicate that increased fixed nitrogen supply may have facilitated episodic animal radiations by reinforcing ocean oxygenation, and restricting anoxia to near, or even at the sediment–water interface. Conversely, sporadic ocean anoxic events interrupted ocean oxygenation, and may have led to extinctions of the Ediacaran biota and small shelly animals

The diversity and distribution of D1 proteins in cyanobacteria

The psbA gene family in cyanobacteria encodes different forms of the D1 protein that is part of the Photosystem II reaction centre. We have identified a phylogenetically distinct D1 group that is intermediate between previously identified G3-D1 and G4-D1 proteins (Cardona et al. Mol Biol Evol 32:1310–1328, 2015). This new group contained two subgroups: D1INT, which was frequently in the genomes of heterocystous cyanobacteria and D1FR that was part of the far-red light photoacclimation gene cluster of cyanobacteria. In addition, we have identified subgroups within G3, the micro-aerobically expressed D1 protein. There are amino acid changes associated with each of the subgroups that might affect the function of Photosystem II. We show a phylogenetically broad range of cyanobacteria have these D1 types, as well as the genes encoding the G2 protein and chlorophyll f synthase. We suggest identification of additional D1 isoforms and the presence of multiple D1 isoforms in phylogenetically diverse cyanobacteria supports the role of these proteins in conferring a selective advantage under specific conditions

A trust-and-risk aware RBAC framework: Tackling insider threat

Insider Attacks are one of the most dangerous threats organizations face today. An insider attack occurs when a person authorized to perform certain actions in an organization decides to abuse the trust, and harm the organization. These attacks may negatively impact the reputation of the organization, its productivity, and may produce losses in revenue and clients. Avoiding insider attacks is a daunting task. While it is necessary to provide privileges to employees so they can perform their jobs efficiently, providing too many privileges may backfire when users accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. In this paper, we propose a framework that extends the role-based access control (RBAC) model by incorporating a risk assessment process, and the trust the system has on its users. Our framework adapts to suspicious changes in users' behavior by removing privileges when users' trust falls below a certain threshold. This threshold is computed based on a risk assessment process that includes the risk due to inference of unauthorized information. We use a Coloured-Petri net to detect inferences. We also redefine the existing role activation problem, and propose an algorithm that reduces the risk exposure. We present experimental evaluation to validate our work. Copyright 2012 ACM