DOI QR코드

DOI QR Code

융합서비스를 위한 클라우드 컴퓨팅 환경에서 가상화 보안에 관한 연구

A Study on Security of Virtualization in Cloud Computing Environment for Convergence Services

  • 이보경 (한국산업기술대학교 컴퓨터공학부)
  • Lee, Bo-Kyung (Department of Computer Engineering, Korea Polytechnic University)
  • 투고 : 2014.08.28
  • 심사 : 2014.10.28
  • 발행 : 2014.12.31

초록

클라우드 컴퓨팅은 인터넷 기술을 활용하여 IT자원을 필요한 만큼 빌려서 사용하고 서비스 부하에 따라서 실시간 확장성을 지원받으며 사용한 만큼 비용을 지불하는 컴퓨팅 기술을 말한다. 클라우드 컴퓨팅의 핵심기술인 가상화는 서버, 스토리지 및 하드웨어 등을 분리된 시스템이 아닌 하나의 영역으로 간주하여 자원을 필요에 따라 할당하는 기술이다. 그러나 가상화 환경에서 필요로 하는 보안 메커니즘은 하나의 서버 내부가 아닌 서버 간의 트래픽을 모니터링 하도록 설계되어 있고 기본 수준의 가시성, 통제성 및 감사 기능을 갖는 기존 보안 메카니즘으로는 대응하기 어려운 상황이다. 본 논문에서는 클라우드 컴퓨팅 환경에서 가상화 기술의 보안 취약점을 분석하고 이를 토대로 가상화 기술과 관련된 하이퍼바이저 보안 및 게스트 OS 보안 권고 사항을 제시하고자 한다.

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

키워드

참고문헌

  1. Jeon Jeong Hoon, 'A study on the vulnerability and corresponding technique trends of the cloud computing service', Journal of Convergence Security, Vol. 13, Issue. 6, 2013.
  2. CSA(Cloud Security Alliance), The Notorious Nine : Cloud Computing top Threats in 2013. 2013.
  3. Lee Hyang Jin, Son Kyoung Ho, Lee Jae Il, 'Strategy for strengthening information security based on cloud service', Journal of The Korea Institute of Information Security and Cryptology, Vol. 23, Issue. 4, 2013.
  4. NIST(National Institute of Standards and Technology), Guide to Security for Full Virtualization Technologies, 2010.
  5. Dave Thomas, 'Enabling Application Agility Software as a Service, Cloud Computing and Dynamic Languages', Journal of Object Technology, Vol. 7, No. 4, 2008.
  6. http://www.kisa.or.kr/jsp/common/downloadAction.jsp? bno=4&dno=1236&fseq=1

피인용 문헌

  1. A Study on Design for Efficient Personal Policy of Service based RBAC vol.14, pp.2, 2016, https://doi.org/10.14400/JDC.2016.14.2.191
  2. Attacks and Defenses for Vulnerability of Cross Site Scripting vol.13, pp.2, 2015, https://doi.org/10.14400/JDC.2015.13.2.177
  3. Priority-Based Resource Allocation Algorithm for Virtual Network vol.14, pp.10, 2016, https://doi.org/10.14400/JDC.2016.14.10.303
  4. The ICT convergence agriculture automated machines designed for smart agriculture vol.14, pp.2, 2016, https://doi.org/10.14400/JDC.2016.14.2.141
  5. A Design of Authority Management Protocol for Secure Storage Access Control in Cloud Environment vol.17, pp.9, 2016, https://doi.org/10.5762/KAIS.2016.17.9.12
  6. Analysis of Relative Combat Power with Expert System vol.14, pp.6, 2016, https://doi.org/10.14400/JDC.2016.14.6.143
  7. Verifying a Safe P2P Security Protocol in M2M Communication Environment vol.13, pp.5, 2015, https://doi.org/10.14400/JDC.2015.13.5.213