Kandilli'de Edip Efendi Yalısı

Taha Toros Arşivi, Dosya No: 67-Kandilli. Not: Gazetenin "Tarihten Sayfalar" köşesinde yayımlanmıştır.İstanbul Kalkınma Ajansı (TR10/14/YEN/0033) İstanbul Development Agency (TR10/14/YEN/0033

Efficient Container Image Updating in Low-bandwidth Networks with Delta Encoding

2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023Containers are the technology for Linux to isolate execution environments. By distributing a container image, which is a collection of files contained in the container, users can use an execution environment that includes the necessary files and libraries. However, container images are tens to hundreds of megabytes in size and require many network resources to be transferred. Especially in low-bandwidth network environments like edge computing, frequent image updating can be difficult and affect other services’ communication. In this paper, we propose a method to reduce the data size required for image updates using delta encoding. We use delta encoding to reduce data size and finish updating quickly, but generating and applying deltas is a time-consuming operation. Our method proposes DeltaMerging which enables faster delta generation by merging existing deltas, and Di3FS which applies deltas lazily. The proposed method reduces the data size required to update container images from 5 to 40% of that of existing methods. Also, the time required to generate and apply deltas is greatly reduced with DeltaMerging and Di3FS. Furthermore, the performance degradation of the application in the container was almost negligible

Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation

To securely control access to systems, the concept of Zero Trust has been proposed. Access Control based on Zero Trust concept removes implicit trust and instead focuses on evaluating trustworthiness at every access request by using contexts. Contexts are information about the entity making an access request like the user and the device status. Consider the scenario of Zero Trust in an identity federation where the entity (Relying Party; RP) enforces access control based on Zero Trust concept. RPs should continuously evaluate trustworthiness by using collected contexts by themselves, but RPs where users rarely access cannot collect enough contexts on their own. Therefore, we propose a new federation called Zero Trust Federation (ZTF). In ZTF, contexts as well as identity are shared so that RPs can enforce access control based on Zero Trust concept. Federated contexts are managed by a new entity called Context Attribute Provider, which is independent of Identity Providers. We design a mechanism sharing contexts among entities in a ZTF by using the two protocols; context transport protocol based on Continuous Access Evaluation Protocol and user consent protocol based on User Managed Access. We implemented the ZTF prototype and evaluated the capability of ZTF in 4 use-cases

Linking Contexts from Distinct Data Sources in Zero Trust Federation

An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses information of users and devices, called context, for authentication and authorization. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA. ZTF defines CAP as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for authorization based on ZTA. To improve the quality of authorization, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP. In this research, as a general model for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. This method provides a way to collect context from some of such data sources in ZTF. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used

Protocol-Independent Context Propagation for Sharing Microservices in Multiple Environments

2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023In systems designed based on microservice architecture, many production-like environments should be deployed for testing, staging, debugging, and previewing. One way to reduce resource consumption while deploying many environments is to allow sharing of common microservices in multiple environments, and current mechanisms extend application layer protocols like HTTP and gRPC to propagate contexts including environment identifiers and to route requests. However, microservices also use other protocols such as MySQL, Redis, Memcached, and AMQP, and extending each protocol requires lots of effort to implement the extensions. This paper proposes PiCoP, a framework to propagate contexts and route requests independently of application layer protocols. PiCoP consists of a protocol that propagates contexts without interpreting application layer protocols by adding contexts to the front of each TCP byte stream and a proxy that uses the protocol to route requests. We design the protocol to make instrumentation into a system as easy as possible. We showed that PiCoP could reduce resource usage, that the proxy's communication delay is within a practical range, and that it makes sharing microservices in multiple environments with any application layer protocols possible

Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype

Monitoring Cascading Changes of Resources in the Kubernetes Control Plane

Kubernetes is a container management system that has many automated functionalities. Those functionalities are managed by configuring objects and resources in the control plane. Since most objects change their state depending on other objects' states, a change propagates to other objects in a chain. As cluster availability is influenced by the time required for these cascading changes, it is essential to make the propagations measurable and shed light on the behavior of the Kubernetes control plane. However, it is not easy because each object constantly monitors other objects' status and acts autonomously in response to their changes to play its role. In this paper, we propose a measurement system that outputs objects' change logs published from the API server in the control plane and assists in analyzing the time of cascading changes between objects by utilizing the relationships among resources. With a practical change scenario, our system is confirmed that it can measure change propagation times within a cascading change. Also, measurements on the system itself showed it has a small CPU and memory footprint

Vasospastic angina resulting in sudden cardiac arrest, initially misdiagnosed as a psychiatric disorder

AbstractA 51-year-old-woman with a history of ablation therapy due to Wolff–Parkinson–White syndrome had been suffering from ambiguous chest pain, prompting investigation by several cardiologists. After being dissatisfied with a psychiatric disorder diagnosis, she was admitted to our hospital for further investigation. She lost her consciousness due to a sudden cardiac arrest shortly after admission. A provocation test indicated vasospastic angina associated with a diffuse spastic pattern of her left anterior descending artery.<Learning objective: This case demonstrates that implantation of a cardioverter defibrillator may be avoided if the angiographic pattern of the vasospasm is recognized, the condition is correctly diagnosed, and appropriate medications are prescribed.