90 research outputs found
Kandilli'de Edip Efendi Yalısı
Taha Toros Arşivi, Dosya No: 67-Kandilli. Not: Gazetenin "Tarihten Sayfalar" köşesinde yayımlanmıştır.İstanbul Kalkınma Ajansı (TR10/14/YEN/0033) İstanbul Development Agency (TR10/14/YEN/0033
Efficient Container Image Updating in Low-bandwidth Networks with Delta Encoding
2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023Containers are the technology for Linux to isolate execution environments. By distributing a container image, which is a collection of files contained in the container, users can use an execution environment that includes the necessary files and libraries. However, container images are tens to hundreds of megabytes in size and require many network resources to be transferred. Especially in low-bandwidth network environments like edge computing, frequent image updating can be difficult and affect other services’ communication. In this paper, we propose a method to reduce the data size required for image updates using delta encoding. We use delta encoding to reduce data size and finish updating quickly, but generating and applying deltas is a time-consuming operation. Our method proposes DeltaMerging which enables faster delta generation by merging existing deltas, and Di3FS which applies deltas lazily. The proposed method reduces the data size required to update container images from 5 to 40% of that of existing methods. Also, the time required to generate and apply deltas is greatly reduced with DeltaMerging and Di3FS. Furthermore, the performance degradation of the application in the container was almost negligible
Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation
To securely control access to systems, the concept of Zero Trust has been
proposed. Access Control based on Zero Trust concept removes implicit trust and
instead focuses on evaluating trustworthiness at every access request by using
contexts. Contexts are information about the entity making an access request
like the user and the device status. Consider the scenario of Zero Trust in an
identity federation where the entity (Relying Party; RP) enforces access
control based on Zero Trust concept. RPs should continuously evaluate
trustworthiness by using collected contexts by themselves, but RPs where users
rarely access cannot collect enough contexts on their own. Therefore, we
propose a new federation called Zero Trust Federation (ZTF). In ZTF, contexts
as well as identity are shared so that RPs can enforce access control based on
Zero Trust concept. Federated contexts are managed by a new entity called
Context Attribute Provider, which is independent of Identity Providers. We
design a mechanism sharing contexts among entities in a ZTF by using the two
protocols; context transport protocol based on Continuous Access Evaluation
Protocol and user consent protocol based on User Managed Access. We implemented
the ZTF prototype and evaluated the capability of ZTF in 4 use-cases
Linking Contexts from Distinct Data Sources in Zero Trust Federation
An access control model called Zero Trust Architecture (ZTA) has attracted
attention. ZTA uses information of users and devices, called context, for
authentication and authorization. Zero Trust Federation (ZTF) has been proposed
as a framework for extending an idea of identity federation to support ZTA. ZTF
defines CAP as the entity that collects context and provides it to each
organization (Relying Party; RP) that needs context for authorization based on
ZTA. To improve the quality of authorization, CAPs need to collect context from
various data sources. However, ZTF did not provide a method for collecting
context from data sources other than RP. In this research, as a general model
for collecting context in ZTF, we propose a method of linking identifiers
between the data source and CAP. This method provides a way to collect context
from some of such data sources in ZTF. Then, we implemented our method using
RADIUS and MDM as data sources and confirmed that their contexts could be
collected and used
Protocol-Independent Context Propagation for Sharing Microservices in Multiple Environments
2023 IEEE International Conference on Cloud Engineering (IC2E), 25-29 Sept. 2023In systems designed based on microservice architecture, many production-like environments should be deployed for testing, staging, debugging, and previewing. One way to reduce resource consumption while deploying many environments is to allow sharing of common microservices in multiple environments, and current mechanisms extend application layer protocols like HTTP and gRPC to propagate contexts including environment identifiers and to route requests. However, microservices also use other protocols such as MySQL, Redis, Memcached, and AMQP, and extending each protocol requires lots of effort to implement the extensions. This paper proposes PiCoP, a framework to propagate contexts and route requests independently of application layer protocols. PiCoP consists of a protocol that propagates contexts without interpreting application layer protocols by adding contexts to the front of each TCP byte stream and a proxy that uses the protocol to route requests. We design the protocol to make instrumentation into a system as easy as possible. We showed that PiCoP could reduce resource usage, that the proxy's communication delay is within a practical range, and that it makes sharing microservices in multiple environments with any application layer protocols possible
Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation
Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype
Monitoring Cascading Changes of Resources in the Kubernetes Control Plane
Kubernetes is a container management system that has many automated
functionalities. Those functionalities are managed by configuring objects and
resources in the control plane. Since most objects change their state depending
on other objects' states, a change propagates to other objects in a chain. As
cluster availability is influenced by the time required for these cascading
changes, it is essential to make the propagations measurable and shed light on
the behavior of the Kubernetes control plane. However, it is not easy because
each object constantly monitors other objects' status and acts autonomously in
response to their changes to play its role. In this paper, we propose a
measurement system that outputs objects' change logs published from the API
server in the control plane and assists in analyzing the time of cascading
changes between objects by utilizing the relationships among resources. With a
practical change scenario, our system is confirmed that it can measure change
propagation times within a cascading change. Also, measurements on the system
itself showed it has a small CPU and memory footprint
Vasospastic angina resulting in sudden cardiac arrest, initially misdiagnosed as a psychiatric disorder
AbstractA 51-year-old-woman with a history of ablation therapy due to Wolff–Parkinson–White syndrome had been suffering from ambiguous chest pain, prompting investigation by several cardiologists. After being dissatisfied with a psychiatric disorder diagnosis, she was admitted to our hospital for further investigation. She lost her consciousness due to a sudden cardiac arrest shortly after admission. A provocation test indicated vasospastic angina associated with a diffuse spastic pattern of her left anterior descending artery.<Learning objective: This case demonstrates that implantation of a cardioverter defibrillator may be avoided if the angiographic pattern of the vasospasm is recognized, the condition is correctly diagnosed, and appropriate medications are prescribed.
- …