Authors: Zarina Safarova, Jamshid Rahmonov, Nargis Khudoyarova, Farhod Karimov
Abstract: In medical research environments, system-level security is paramount due to the highly sensitive nature of biomedical and genetic data. With regulatory frameworks like HIPAA, GDPR, and 21 CFR Part 11 requiring strong data protection and verifiable access controls, kernel parameter hardening has become a foundational strategy for achieving compliance. By tuning kernel parameters using tools such as sysctl on Linux and equivalent mechanisms on Solaris, administrators can restrict system behaviors related to networking, inter-process communication (IPC), and memory management. These configurations mitigate common vulnerabilities, including buffer overflows, shared memory leakage, and IP spoofing. When integrated into an Infrastructure-as-Code (IaC) model using tools like Puppet, Ansible, or Chef, kernel hardening becomes consistent, auditable, and reproducible across large-scale clinical or research server deployments. This review explores specific kernel parameters that enhance system integrity and reduce attack surfaces while maintaining application compatibility in complex biomedical environments. It also examines compliance-driven configuration baselines such as CIS Benchmarks and DISA STIGs. Operational challenges—including drift, rollback complexity, and conflicting application requirements—are addressed with best practices and automation frameworks. Finally, emerging trends such as AI-based anomaly detection, kernel lockdown mechanisms, and TPM-integrated validation are discussed as future directions. This comprehensive evaluation supports security professionals and biomedical IT architects in building hardened, compliant, and resilient research computing infrastructures.
DOI: https://doi.org/10.5281/zenodo.15852624
