Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
4 results
Search Results
Item Restricted A RISK-ADAPTIVE ACCESS CONTROL MODEL FOR THE SERVICE MESH IN A MICROSERVICES ARCHITECTURE(The University of Tulsa, 2025-05) Alboqmi, Rami; Gamble, RoseCloud computing has transformed our lives by enabling applications to be deployed at scale, allowing a broad range of customers to access services seamlessly. However, as cloud computing has evolved, several challenges have emerged, such as meeting high customer demands while maintaining system stability and scalability. As a result, the cloud community introduced cloud-native computing in 2015, enabling applications to be scaled efficiently to meet customers’ demands. The microservices architecture (MSA) is a key enabler of cloud-native application development. It allows developers to build an application's components loosely and independently as microservices (also referred to as services). Following and applying the MSA architecture has many benefits, such as a failure within a microservice may not affect the entire deployed MSA application. For example, a failure in the temperature display microservice functionality does not affect the core functionalities of other microservices, such as map navigation. The map navigation microservice will still operate without temperature data. As a result, an MSA application becomes more resilient to failure. However, MSA introduces challenges in securing communication between microservices where orchestration solutions cannot ensure secure communications. A rogue microservice could act as a backdoor, compromising other microservices within the MSA application after initial authentication and authorization at deployment. Thus, service mesh technology was introduced as an infrastructure layer within an orchestration solution in 2017 to handle robust security, such as secure microservices-to-microservices communication with features like mutual TLS. Nevertheless, the current service mesh solutions are not mature yet and still rely on static AC policies set at deployment. In addition, these static policies operate with implicit trust between microservices, which do not adapt to changes in response to the trustworthiness of microservice. As a result, the service mesh limits its ability to detect compromised microservices at runtime, requires manual AC policy updates, and creates security gaps. A dynamic AC model for the service mesh is crucial to continuously assess the trustworthiness of microservices based on their behavior and vulnerability posture to align with the Zero Trust (ZT) principle of “never trust, always verify.” Additionally, any proposed dynamic AC model for the service mesh must not only offer dynamic and adaptive AC policies but also address the research gap in service mesh in the lack of capabilities such as sharing threat intelligence and enforcing automated microservice owner compliance requirements at runtime. These capabilities are essential for continuous monitoring and adaptive security responses for MSA applications at runtime. To dynamically adjust AC policies at runtime based on the trustworthiness of microservices, this research introduces the Service Mesh risk-Adaptive Access Control (SMAAC). SMAAC consists of three components: (1) Runtime Trust Evaluator (RTE) that assigns a trust metric (TM) to all microservices based on their behaviors and vulnerabilities; (2) Threat Intelligence Sharing (TIS) that shares TM values and vulnerability reports of all microservices; and (3) Access Policy Generation (APG) that creates dynamic AC policies when the TM of a microservice falls below a compliant threshold. Evaluated on three research MSA applications μBench, Lakeside Mutual, and Train Ticket, SMAAC effectively shows an adaptive mechanism for creating compliant AC policies to secure the operations of microservices and reduce security risks.12 0Item Restricted Checkpointing in Transiently Powered Sensor-Based Internet of Things (S-IoT) Networks(University of Warwick, 2024-02) Alharbi, Jawaher; Jhumka, ArshadThe era of smart cities is upon us, requiring the deployment of large-scale networks where autonomy is essential. Crucial to this autonomy is a continuous energy supply. However, a major shortcoming in Sensor-Based Internet of Things (S-IoT) networks is the finite energy supply available for computation and communication. To address this issue, energy harvesting has been proposed to enable continuous energy supply to IoT devices. However, fluctuations in energy supply due to energy harvesting often lead to node crashes due to energy exhaustion. Then, applications lose their state and checkpointing in non-volatile memory (NVM) has been proposed to persist state across crashes, albeit at the expense of significant overheads. While checkpointing is popular in traditional distributed systems, the state-of-the-art for transiently-powered sensor-based IoT (TP-IoT) has focused on checkpointing in uniprocessor setting (i.e, on a single device). Therefore, evaluating checkpointing strategies in TP-IoT networks is essential. There are three main factors to consider when checkpointing is done: (i) when to checkpoint, (ii) what to checkpoint and (iii) when to restore. Our contributions are: (i) we run testbed experiments to understand when is checkpointing beneficial (or not) in a computation, (ii) we develop a framework that guides in the selection of variables for checkpointing and (iii) we reduce the checkpointing to a precedence-constrained scheduling problem, called the CheckIn problem, and propose an adaptive algorithm that outperforms existing checkpointing strategies.22 0Item Restricted Intra-Rater Reliability and Concurrent Validity of the 2-minute Step Test applied virtually to Healthy Adults: a Descriptive Study(Cardiff University, 2022) Alharbi, Ziyad Ahmed S; Jones, UnaBackground: Morbidity of cardiopulmonary diseases is heavily affected by cardiopulmonary fitness (CPF), which is correlated with physical activity and inversely correlated with all-case mortality. People with cardiopulmonary disorders often have lower CPF, due to pathological changes causing pulmonary symptoms, such as exercise intolerance. Assessment of CPF, before, during and after prescribed rehabilitation programmes is an important role of physiotherapists. This is often achieved by exercise testing using, for example, the 2-minute step test (2MST). 2MST is valid and reliable when conducted in person. In conditions such as those imposed by the COVID-19 pandemic, teleassessment can help physiotherapists to continue to monitor CPF remotely, therefore, the reliability and validity of 2MST conducted remotely, currently unknown, is important. Study aims: To determine intra-rater reliability and concurrent validity of remotely administered 2MST in healthy people. Methods: an observational study comprising three remotely administered 2MST separated by 15-minute rest intervals, followed, within a week, by a face-to-face 2MST. Remote 2MSTs were supervised by the researcher via a web-based videoconferencing tool. Achieved steps were used to estimate reliability. Scores from the second remote and face-to-face assessments were used to assess validity. Results: In a sample of ten healthy participants, eight males, mean age 25.6 (22 – 30) years, intra-rater reliability of remote 2MST was excellent (ICC = 0.924), and there was strong correlation between remote and face-to-face tests (Pearson’s r = 0.865; p < 0.01). Agreement between remote and face-to-face tests was relatively low (mean difference -1.8 steps) with wide limits of agreement (-17.92 – 14.32). Conclusions: The findings suggest that 2MST administered remotely, when used on healthy adults, with excellent relative reliability and high levels of validity. However, due to lower absolute agreement between the tests cannot be used interchangeably. further studies could overcome the limitations of this study and confirm its legitimacy.33 0Item Restricted Systems Failure Diagnosis and Repair Kit using Survival Signature(Durham University, 2024-07-09) Alharshan, Anas Fahad Ibrahim; Coolen, Frank; Aslett, LouisA pivotal aspect of studying systems involves diagnosing its failures, referred to in this thesis as identifying the components or types of components associated with system failure. System failure diagnosis serves various purposes, including facilitating maintenance activities and informing system design. This thesis delves into the study of system failure from two distinct perspectives: determining which types of components are most likely to lead to system failure and estimating the numbers of failed components of each type at the time of system failure. While Barlow and Proschan introduced an importance measure that determines the probability of a component causing system failure based on the structure function, the complexity associated with the structure function may pose challenges in applying it to real com- plex systems. Therefore, for a general system structure containing multiple types of components, we use the concept of the survival signature introduced by Coolen and Coolen-Maturi to derive the probability of a component of a specific type failing at the system failure time, ultimately leading to system failure. Additionally, we derive probabilities of three events related to the number of failed components of multiple types at a future moment when the system fails, based on the survival signature. First, we determine the probability of the number of failed components at system failure, given that the system will fail at a specific time t and conditioning on the number of failed components prior to system failure. Second, the probability of the number of failed components at an unknown system failure, assuming the system is functioning at a certain time, is derived. We also consider the probability of the number of failed components at system failure, assuming the system will fail in a specific future time interval. The results of the probabilities depend only on the distributions of failure times of component types and the survival signature of the system.29 0