Daily Archives: July 9, 2025

Authors: Kateryna Holub, Oleksandr Kravchuk, Natalia Koval, Yuriy Sydorenko

Abstract: In regulated IT environments, achieving audit-ready system builds is crucial for maintaining compliance, operational integrity, and trust. This review explores how the integration of Solaris Service Management Facility (SMF) and Puppet configuration management enables the creation of infrastructure that is both resilient and verifiable. SMF offers deterministic service lifecycle control, dependency resolution, and fault recovery, while Puppet ensures declarative system provisioning, configuration drift correction, and policy enforcement. Together, they form a robust framework for building and maintaining UNIX systems that meet stringent compliance standards such as HIPAA, SOX, PCI-DSS, and ISO 27001. This article details integration patterns between Puppet and SMF, including automated service registration, state enforcement, and logging strategies that support continuous compliance verification. Real-world use cases from healthcare, finance, and scientific research sectors highlight the scalability and traceability benefits of this approach. Further, the paper addresses challenges in manifest maintenance, performance bottlenecks, and error debugging, offering practical mitigation strategies. Emerging trends such as Policy-as-Code, AIOps integration, and immutable infrastructure are also discussed, illustrating the direction of future-ready, compliance-driven automation. By aligning infrastructure-as-code principles with service-level orchestration, this framework transforms audit-readiness from a reactive task into a continuous, automated operational model.

DOI: https://doi.org/10.5281/zenodo.15848272

Published by: vikaspatanker

Authors: Olena Shevchenko, Dmytro Bondarenko, Iryna Kovalenko, Andriy Melnyk

Abstract: Modern IT environments increasingly span a mix of Linux, UNIX (Solaris and AIX), and Windows systems, creating significant challenges in managing decentralized user accounts, enforcing strong authentication, and maintaining comprehensive audit trails. Security and compliance frameworks including HIPAA, SOX, and NIST SP 800-53 demand centralized control over identity and privileged access, yet many organizations still rely on fragile local account systems or disparate tools. This fragmented model often leads to inconsistent enforcement, audit gaps, and elevated risk of unauthorized access. This review examines CentrifyDC, an Active Directory bridge that delivers unified, centralized authentication and role-based access control across heterogeneous environments. By integrating with Linux Pluggable Authentication Modules (PAM), Name Service Switch (NSS), SSH, and native Role-Based Access Control (RBAC) for Solaris and AIX, CentrifyDC enables seamless AD-based login, command-level delegation, and multi-factor authentication. Privileged sessions are audited, logged, and stored centrally, bolstering compliance while minimizing reliance on sudo or multiple account stores. Deployment considerations and operational benefits are highlighted through real-world use cases from high-performance research clusters and Solaris-based healthcare infrastructure to AIX servers in government environments. CentrifyDC demonstrates how centralized policy inheritance, zone-based delegation, and secure PAM routines enforce least privilege and simplify administration across large fleets. Performance optimizations including login caching and load balancing are evaluated to ensure scalability. The review concludes with an exploration of future enhancements, such as integration with Azure Active Directory and Okta, AI-driven access risk modeling, and Infrastructure-as-Code pipelines for automated policy deployment. These developments promise to extend centralized access control into hybrid cloud environments and DevSecOps workflows. Ultimately, CentrifyDC offers a robust, compliant, and future-ready solution for managing identity and privileged access across diverse operating systems under a unified directory infrastructure.

DOI: https://doi.org/10.5281/zenodo.15848025

Published by: vikaspatanker

Authors: Daria Kuznetsova, Sergey Belov, Anna Fedorova, Viktor Pavlov

Abstract: As Solaris continues to serve mission-critical workloads across healthcare, government, and financial sectors, maintaining system integrity and regulatory compliance has become increasingly complex. Traditional security controls often lack the real-time responsiveness and policy-driven rigor required for hardened UNIX environments. This review explores the application of Tripwire a widely trusted file integrity monitoring solution for enforcing real-time security compliance on Solaris platforms. The article delves into how Tripwire enables continuous monitoring of system files, binaries, libraries, and configuration artifacts using cryptographic checksums and customized policies. Through automated scans, deviation detection, and audit-ready reporting, Tripwire ensures alignment with frameworks such as HIPAA, FISMA, and PCI-DSS. The review further examines operational deployments of Tripwire within Solaris Zones, legacy AIX integrations, and hybrid infrastructures. Challenges related to system overhead, false positives, and policy maintenance are also analyzed, with optimization techniques offered to minimize performance impact. Emphasis is placed on Tripwire’s integration with SIEM platforms, service management facilities (SMF), and compliance dashboards, enabling seamless escalation, incident tracking, and forensics. The framework's ability to enforce baseline configurations, detect unauthorized modifications, and generate tamper-proof audit evidence makes it invaluable in regulated UNIX environments. Looking ahead, Tripwire's role is evolving through alignment with AIOps, Compliance-as-Code, and GitOps pipelines, paving the way for dynamic and automated security enforcement. This article concludes by asserting that Tripwire, when strategically configured and integrated, provides a scalable and proactive compliance solution tailored for Solaris-based infrastructures strengthening operational resilience while satisfying stringent audit requirements.

DOI: https://doi.org/10.5281/zenodo.15847881

Published by: vikaspatanker

Authors: Ekaterina Morozova, Ivan Petrov, Natalia Smirnova, Alexey Volkov

Abstract: Biomedical computing environments face a unique set of challenges in securing critical infrastructure while maintaining the high availability, performance, and regulatory compliance required for sensitive healthcare and research workloads. From electronic medical record (EMR) systems and genomics data pipelines to real-time telemedicine platforms, these systems demand adaptive and resilient security architectures. Traditional static hardening techniques—based on fixed baselines, manual patching, and predefined firewall rules are increasingly insufficient in the face of dynamic threat landscapes, complex workloads, and ever-evolving compliance mandates like HIPAA, HITECH, and 21 CFR Part 11. This review explores the concept of adaptive server hardening, a modern, behavior-driven approach that dynamically adjusts server configurations, access controls, and security policies based on real-time telemetry, system state, and threat intelligence. It examines OS-specific strategies across Red Hat, Solaris, and AIX platforms, highlighting tools like SELinux, SMF, Trusted AIX, ZFS ACLs, and live patching utilities. Key technologies include behavior-based anomaly detection, AI-assisted rule tuning, and integration with SIEM and EDR platforms such as Tripwire, Splunk, and OSSEC. Furthermore, the paper addresses runtime configuration drift, automated remediation, privilege management, and audit automation for compliance readiness. Through detailed technical analysis and real-world case studies, the review demonstrates how adaptive hardening improves security posture, supports continuous compliance, and ensures operational continuity in biomedical settings. It also considers challenges such as overhead management, multi-platform complexity, and tuning of dynamic policies. Finally, the article discusses future trends including autonomous compliance agents, AIOps integration, and adaptive security in hybrid and cloud-based biomedical infrastructures.

DOI: https://doi.org/10.5281/zenodo.15847766

Published by: vikaspatanker

Authors: Chathurika Ranasinghe, Dineth Weerakoon, Malsha Bandara, Thivanka Gunawardana

Abstract: Biomedical imaging systems generate large volumes of sensitive data that must be securely stored, reliably retrieved, and retained for long durations to meet regulatory, clinical, and research demands. ZFS, a high-integrity, copy-on-write file system with integrated volume management, has emerged as a viable solution for long-term imaging storage in healthcare and biomedical research institutions. This review explores the suitability of ZFS for managing medical imaging archives highlighting its built-in features such as end-to-end checksumming, atomic snapshots, native encryption, and tiered storage capabilities. The paper examines ZFS's alignment with regulatory requirements like HIPAA, GDPR, and FDA 21 CFR Part 11, and discusses how its auditability, snapshot lifecycle management, and disaster recovery features help ensure compliance and data integrity. We delve into ZFS performance tuning for imaging workloads, including optimizations using ARC, L2ARC, SLOG, and record size configuration, which are critical for high-throughput radiology and pathology systems. Integration with PACS, RIS, and AI processing pipelines is reviewed, along with real-world deployments in clinical and research environments. Operational challenges such as resource overhead, secure deletion limitations, and administrative complexity are addressed, alongside emerging trends like object storage extensions, support for storage-class memory, and container-native workflows. Through this comprehensive review, ZFS is positioned not only as a technically robust and scalable imaging storage platform, but also as a strategic foundation for future-proof, compliant biomedical data management.

DOI: https://doi.org/10.5281/zenodo.15847617

Published by: vikaspatanker

Authors: Harini Samarasinghe, Dilan Madushanka, Ruwani Gamage, Amila Wickramasinghe

Abstract: Research institutions are increasingly challenged to support a diverse array of computing workloads ranging from high-throughput bioinformatics to high-performance simulations within constrained physical infrastructure. Multi-tenant architectures offer a cost-effective and scalable solution, enabling multiple research groups to securely share resources while maintaining strong boundaries of isolation, performance, and compliance. This review explores the architectural, operational, and security dimensions of building multi-tenant environments using Oracle Solaris. It covers foundational technologies such as zones and Logical Domains (LDOMs), details approaches to resource allocation, identity management, and audit logging, and addresses the specific needs of research computing environments including regulatory compliance (HIPAA, GDPR, FERPA), data reproducibility, and access governance. The article further discusses automation, orchestration, and monitoring strategies, including integration with DevOps tools and SIEM platforms. Real-world use cases from genomics labs, physics departments, and engineering faculties illustrate the practical applications of Solaris-based tenancy. Challenges such as kernel-sharing risks, resource contention, and cloud scalability limitations are critically examined. Finally, the paper outlines future directions including hybrid cloud integration, AI-optimized zone support, and policy-as-code templates for rapid, compliant deployments. This comprehensive review serves as a technical and strategic guide for research institutions seeking to modernize and secure their multi-tenant UNIX infrastructure using Solaris.

DOI: https://doi.org/10.5281/zenodo.15847545

Published by: vikaspatanker

Authors: Aatheni U, Dr. M. M. Janeela Theresa

Abstract: – Collaborative searchable encryption for group data sharing enables authorized users to jointly generate trapdoors and retrieve encrypted data without compromising privacy. However, existing solutions remain vulnerable to keyword guessing attacks (KGAs) by malicious insiders and subversion threats such as backdoors from untrusted hardware or software vendors. To overcome these security challenges, we propose a Privacy- Preserving Collaborative Searchable Encryption (PCSE) scheme using the BLAKE3 hash function. PCSE introduces a dedicated keyword server to enable server-derived keywords that resist insider KGAs, and employs cryptographic reverse firewalls to mitigate subversion risks. A distributed, multi-server keyword architecture is adopted to prevent single-point failures. The system also supports multi-keyword search, result verification, and includes a rate-limiting mechanism to restrict brute-force attempts. Formal analysis confirms resistance against KGAs and subversion attacks. Empirical evaluations demonstrate that PCSE achieves strong privacy, scalability, and efficient keyword-based search, making it suitable for secure cloud-based group data sharing

DOI: https://doi.org/10.5281/zenodo.15847524

 

Published by: vikaspatanker

Authors: Dilani Jayawardena, Kasun Rathnayake, Nimali Dissanayake, Sahan Abeysekera

Abstract: Biomedical data systems operate under stringent uptime requirements, complex regulatory constraints, and increasingly sophisticated cyber threats. Ensuring the security and reliability of these systems through regular patching presents a significant operational challenge, particularly in environments where downtime is unacceptable. This review examines state-of-the-art patching strategies tailored for always-on biomedical infrastructures, including electronic health records (EHR), PACS, LIMS, and real-time monitoring platforms. Key considerations such as risk-based patch prioritization, live kernel patching, failover strategies, and automation via CI/CD pipelines are discussed in detail. Emphasis is placed on regulatory compliance with HIPAA, FDA 21 CFR Part 11, and ISO 27001, as well as alignment with industry standards such as NIST SP 800-40 and CIS benchmarks. The review also explores governance mechanisms, stakeholder coordination, and validation processes essential for maintaining both uptime and auditability. Through real-world case studies and analysis of common pitfalls, the paper provides actionable insights into achieving secure, reliable, and regulation-ready patch deployment in biomedical environments. Future directions highlight the convergence of artificial intelligence, continuous compliance validation, and threat-informed patch orchestration as the next evolution in patch management for mission-critical healthcare systems.

DOI: https://doi.org/10.5281/zenodo.15847374

Published by: vikaspatanker

Authors: Nadeesha Perera, Tharindu Silva, Ishara Fernando, Chamika Weerasinghe

Abstract: Secure data storage in biomedical environments is a foundational requirement for maintaining regulatory compliance, safeguarding patient privacy, and enabling ethical scientific research. As healthcare and life sciences organizations generate and manage vast amounts of sensitive information ranging from electronic health records to genomic sequences the need for secure, resilient, and policy-driven storage architectures has become increasingly urgent. This review examines the technical, regulatory, and operational considerations involved in designing storage systems that align with frameworks such as HIPAA, GDPR, and FDA 21 CFR Part 11. The paper begins by analyzing the classification of protected health information (PHI) and the importance of data sensitivity in biomedical workflows. It explores regulatory mandates related to auditability, legal retention, and chain-of-custody, followed by a detailed examination of the evolving threat landscape, including ransomware and insider attacks. The review compares traditional SAN/NAS models, object-based architectures, and software-defined storage solutions, highlighting their respective roles in compliance-driven deployments. Further sections address critical security practices such as encryption, key management, access control, and data lifecycle enforcement. The integration of secure storage with biomedical systems like PACS, LIMS, and EHRs is evaluated, with attention to secure APIs and auditability. Emerging technologies including confidential computing, blockchain-based integrity tracking, and AI-driven anomaly detection are also explored for their future impact. Through real-world case studies, the review illustrates successful implementations in hospitals, research institutions, and hybrid infrastructures. It concludes with an analysis of common challenges such as vendor lock-in and the trade-offs between compliance and usability. Looking ahead, the paper advocates for zero trust-aligned architectures and adaptive compliance automation as guiding principles for next-generation biomedical storage design.

DOI: https://doi.org/10.5281/zenodo.15847131

Published by: vikaspatanker

Authors: Faria Mahmud, Khaled Noor, Sabrina Yasmin, Tanmoy Hossain

Abstract: The unprecedented growth of genomic data driven by next-generation sequencing technologies has imposed complex computational demands on bioinformatics infrastructure. UNIX-based systems comprising Solaris, AIX, and Linux form the backbone of genomic data processing environments due to their reliability, performance, and rich toolchain support. However, their default configurations are seldom tuned for the high-throughput, memory-intensive, and I/O-sensitive nature of genomic workloads. This review explores the critical need for infrastructure-level optimization in UNIX environments to support workflows such as sequence alignment, variant calling, and RNA-Seq analysis. It presents a detailed examination of system-level strategies including NUMA-aware CPU allocation, memory page tuning, ZFS and GPFS storage optimization, network throughput enhancement, and scheduler configuration using SLURM and PBS. Case studies from academic and clinical domains highlight the real-world impact of these optimizations on pipeline performance and resource efficiency. The article also addresses compliance considerations under HIPAA and GDPR, demonstrating how audit controls and data encryption can be embedded into UNIX configurations. Looking forward, the review outlines emerging trends such as AI-assisted infrastructure tuning, containerization of genomic workflows, and the integration of persistent memory and cloud bursting strategies. Collectively, this review provides system administrators, bioinformatics engineers, and IT architects with a comprehensive blueprint for transforming UNIX platforms into high-performance, secure, and scalable environments tailored for genomics.

DOI: https://doi.org/10.5281/zenodo.15846976

Published by: vikaspatanker