Kandilli'de Edip Efendi Yalısı

Taha Toros Arşivi, Dosya No: 67-Kandilli. Not: Gazetenin "Tarihten Sayfalar" köşesinde yayımlanmıştır.İstanbul Kalkınma Ajansı (TR10/14/YEN/0033) İstanbul Development Agency (TR10/14/YEN/0033

A case of gastrocolocutaneous fistula as a complication of percutaneous endoscopic gastrostomy

A rare complication of percutaneous endoscopic gastrostomy (PEG) is gastrocolocutaneous fistula which usually occurs after replacement of the PEG tube. As tube feeding is directly delivered to the transverse colon, patients typically present with a sudden onset of transient diarrhea within minutes after PEG tube feeding. A radiographic study using water-soluble contrast material via the PEG tube shows the tip of the tube in the transverse colon. We present here a patient who had this complication after PEG insertion. A PEG tube for enteral feeding was placed in a 27-year-old man with cerebral plasty and a severe scoliosis. After replacement of the PEG tube, he developed diarrhea after each PEG tube feeding. The diagnosis of gastrocolocutaneous fistula was made after injection of gastrografin from the PEG tube. Another gastrostomy tube was placed surgically and the fistula was then also excised. In conclusion, gastrocolocutaneous fistula must be considered as a complication of PEG tube placement when patients with a PEG tube develop a sudden onset of transient diarrhea immediately after PEG tube feeding.</p

Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation

To securely control access to systems, the concept of Zero Trust has been proposed. Access Control based on Zero Trust concept removes implicit trust and instead focuses on evaluating trustworthiness at every access request by using contexts. Contexts are information about the entity making an access request like the user and the device status. Consider the scenario of Zero Trust in an identity federation where the entity (Relying Party; RP) enforces access control based on Zero Trust concept. RPs should continuously evaluate trustworthiness by using collected contexts by themselves, but RPs where users rarely access cannot collect enough contexts on their own. Therefore, we propose a new federation called Zero Trust Federation (ZTF). In ZTF, contexts as well as identity are shared so that RPs can enforce access control based on Zero Trust concept. Federated contexts are managed by a new entity called Context Attribute Provider, which is independent of Identity Providers. We design a mechanism sharing contexts among entities in a ZTF by using the two protocols; context transport protocol based on Continuous Access Evaluation Protocol and user consent protocol based on User Managed Access. We implemented the ZTF prototype and evaluated the capability of ZTF in 4 use-cases

Efficient Container Image Updating in Low-bandwidth Networks with Delta Encoding

2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023Containers are the technology for Linux to isolate execution environments. By distributing a container image, which is a collection of files contained in the container, users can use an execution environment that includes the necessary files and libraries. However, container images are tens to hundreds of megabytes in size and require many network resources to be transferred. Especially in low-bandwidth network environments like edge computing, frequent image updating can be difficult and affect other services’ communication. In this paper, we propose a method to reduce the data size required for image updates using delta encoding. We use delta encoding to reduce data size and finish updating quickly, but generating and applying deltas is a time-consuming operation. Our method proposes DeltaMerging which enables faster delta generation by merging existing deltas, and Di3FS which applies deltas lazily. The proposed method reduces the data size required to update container images from 5 to 40% of that of existing methods. Also, the time required to generate and apply deltas is greatly reduced with DeltaMerging and Di3FS. Furthermore, the performance degradation of the application in the container was almost negligible

Linking Contexts from Distinct Data Sources in Zero Trust Federation

An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses information of users and devices, called context, for authentication and authorization. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA. ZTF defines CAP as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for authorization based on ZTA. To improve the quality of authorization, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP. In this research, as a general model for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. This method provides a way to collect context from some of such data sources in ZTF. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used

Protocol-Independent Context Propagation for Sharing Microservices in Multiple Environments

2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023In systems designed based on microservice architecture, many production-like environments should be deployed for testing, staging, debugging, and previewing. One way to reduce resource consumption while deploying many environments is to allow sharing of common microservices in multiple environments, and current mechanisms extend application layer protocols like HTTP and gRPC to propagate contexts including environment identifiers and to route requests. However, microservices also use other protocols such as MySQL, Redis, Memcached, and AMQP, and extending each protocol requires lots of effort to implement the extensions. This paper proposes PiCoP, a framework to propagate contexts and route requests independently of application layer protocols. PiCoP consists of a protocol that propagates contexts without interpreting application layer protocols by adding contexts to the front of each TCP byte stream and a proxy that uses the protocol to route requests. We design the protocol to make instrumentation into a system as easy as possible. We showed that PiCoP could reduce resource usage, that the proxy's communication delay is within a practical range, and that it makes sharing microservices in multiple environments with any application layer protocols possible

Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype

Ethical Education on Information Security Mind for Practical Security Learning

情報セキュリティに関する実践的な教育は、受講者が故意または過失により実際のネットワークやサービスに 対して新たな教育を試みると、トラブルの原因となる可能性がある。このような実践的な授業には、不正アクセス、プライバシー保護、著作権侵害などに関する職業倫理や関連法制度の教育が必要である。筆者らは、実践的な科目のPBL授業で使用するための「セキュリティマインド」教育のための教材パッケージを開発した。パッケージには解説スライドとテストが含まれている。本報告書では、情報セキュリティマインド教育の背景と必要性、教材開発、サンプル、評価結果などを紹介した。 Practical education on information security may cause trouble if any student in the course tries the new education against actual networks or services intentionally or negligently. Education on occupational ethics and relating legal system on unauthorized access, privacy protection, and copyright infringement must accompany such practical classes. The authors developed an education material package for “security mind” education to be used in PBL classes on practice subject. The package contains explanatory slides and tests. This report illustrates the background and need for the education on information security mind, as well as development of education material, samples and result from evaluation

Monitoring Cascading Changes of Resources in the Kubernetes Control Plane

Kubernetes is a container management system that has many automated functionalities. Those functionalities are managed by configuring objects and resources in the control plane. Since most objects change their state depending on other objects' states, a change propagates to other objects in a chain. As cluster availability is influenced by the time required for these cascading changes, it is essential to make the propagations measurable and shed light on the behavior of the Kubernetes control plane. However, it is not easy because each object constantly monitors other objects' status and acts autonomously in response to their changes to play its role. In this paper, we propose a measurement system that outputs objects' change logs published from the API server in the control plane and assists in analyzing the time of cascading changes between objects by utilizing the relationships among resources. With a practical change scenario, our system is confirmed that it can measure change propagation times within a cascading change. Also, measurements on the system itself showed it has a small CPU and memory footprint