• Proceedings of the KIEE Conference
• /
• 2003.11c
• /
• pp.681-684
• /
• 2003

정보 가전 분야에 있어서 급속한 기술 발전으로 인해 하루가 다르게 새로운 기능이 추가됨에 따라 내장형 시스템 소프트웨어의 크기 및 복잡도 또한 함께 증가하고 있고 이를 개발하고 유지보수 하는데 있어서도 막대한 비용과 노력이 요구된다. 이를 해결하기 위한 방안으로 소프트웨어의 재사용성을 높이기 위한 노력이 이어지고 있다. 본 논문에서는 실시간 제약 특성을 지닌 평면 디스플레이 시스템 소프트웨어의 재사용성을 높이기 위하여 기존 내장형 시스템 소프트웨어에서 사용되던 순차적 구조에서 탈피하여 마이크로 커널 기반 태스크 구조를 제안하고 각각의 구조에 따른 소프트웨어의 재사용성을 측정하기 위한 기준(Metrics)과 그 측정 결과를 통하여 제안된 구조가 재사용에 적합함을 보이고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.153-168
• /
• 2016

This paper introduces a structure, features and programming techniques for the CNG(Cryptography API: Next Generation), which is the substitution of the CAPI(Cryptography API) from Microsoft. The CNG allows to optimize a scope of functions and features because it is comprised of independent modules based on plug-in structure. Therefore, the CNG is competitive on development costs and agility to extend. In addition, the CNG supports various functions for the newest cryptographic algorithm, audit, kernel-mode programming with agility and possible to contribute for core cryptography services in a new environment. Therefore, based on these advantageous functions, we analyze the structure of CNG to extend it for the enterprise and the public office. In addition, we implement an error-detection tool for program which utilizes CNG library.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.21-26
• /
• 2023

The development and distribution approach of applications is transitioning from a monolithic architecture to microservices and containerization, a lightweight virtualization technology, is becoming a core IT technology. However, unlike traditional virtual machines based on hypervisors, container technology does not provide concrete security boundaries as it shares the same kernel. According to various preceding studies, there are many security vulnerabilities in most container images that are currently shared. Accordingly, attackers may attempt exploitation by using security vulnerabilities, which may seriously affect the system environment. Therefore, in this study, we propose an efficient automated deployment pipeline design to prevent the distribution of container images with security vulnerabilities, aiming to provide a secure container environment. Through this approach, we can ensure a safe container environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.6
• /
• pp.1204-1211
• /
• 2004

As the development of information telecommunication technology and thus the information sharing and opening is accelerated, f system is exposed to various threatener and the avrious security incident is rasing its head with social problem. As countermeasure, to protect safely and prepare in the attack for a system from a be latent security threat, various security systems are been using such as IDS, Firewall, VPN etc.. But, expertise or expert is required to handle security system. The module, implemented in this paper, is based on Windows XP, like Linux and Unix, and has effect integrity and non-repudiation for a file.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.3
• /
• pp.710-716
• /
• 2008

This paper covers the performance evaluation of two flash memory-based file storages, NAND and NOR, which are the major flash types. To evaluate their performances, we set up separate file storages for the two types of flash memories on a PocketPC-based experimental platform. Using the platform, we measured and compared the I/O throughputs in terms of buffer size, amount of used space, and kernel-level write caching. According to the results from our experiments, the overall performance of the NAND-based storage is higher than that of NOR by up to 4.8 and 5.7 times in write and read throughputs, respectively. The experimental results show the relative strengths and weaknesses of the two schemes and provide insights which we believe assist in the design of flash memory-based file storages.

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.115-123
• /
• 2017

A message processor is server software that receives non-realtime messages as well as realtime messages from clients that need to be processed within a deadline. With the recent advances of micro-processor technologies and Linux, the message processor is often implemented in Linux-based multi-core servers and it is important to use cores efficiently to maximize the performance of system in multi-core environments. Numerous research efforts on a real-time scheduler for the efficient utilization of the multi-core environments have been conducted. Typically, though, they have been conducted theoretically or via simulation, making a subsequent real-system application difficult. Moreover, many Linux-based real-time schedulers can only be used in a specific Linux version, or the Linux source code needs to be modified. This paper presents the design of a Linux-based message processor for multi-core environments that maps the threads to the cores at user level. The message processor is implemented through a modification of the traditional RM algorithm that consolidates the real-time messages into certain cores using a first-fit-based bin-packing algorithm; this minimizes the response-time delay of the non-real-time messages, while guaranteeing the violation rate of the real-time messages. To compare the performances, the message processor was implemented using the two multi-core-scheduling algorithms GSN-EDF and P-FP, which are provided by the LITMUS framework. The benchmarking results show that the response-time delay of non-real-time messages in the proposed system was improved up to a maximum of 17% to 18%.

• Journal of Korea Multimedia Society
• /
• v.2 no.3
• /
• pp.265-276
• /
• 1999

Video on Demand (VOD) system is definitely one of main applications in upcoming multimedia era. In this research, we have designed and implemented a host-based scalable VOD system (SVOD) which is composed of low cost PC servers and runs on Linux kernel that is currently spotlighted in enterprise and research domains. Our contribution is as follows: first, the previous Ext2 file system was modified to efficiently support continuous media like MPEG stream. Second, the storage server features a host-based scalable architecture. Third, a software MPEG decoder was implemented using Microsoft's DirectShow$\circledR$COM. Finally, flow control between client and server is provided to suppress overflow and underflow of client circular buffer and supports FF VCR operation. We have known that it is possible to develop a thread-based and scalable VOD system on low cost PC servers and free Linux kernel.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.6
• /
• pp.339-347
• /
• 2010

Inter-process communication (IPC), which is a technique that enables exchanging data among multiple processes, is commonly used not only in user applications but also in system processes. For this reason, the performance of IPC highly influences the performance of whole computer system. Especially, heavy overload on a single server process caused by IPC requests from multiple client processes, easily results overall slowdown of IPC response time. Here, to deal with the problem stated above, the time-slice donation technique which is adapted in L4 microkernel is analyzed and enhanced for reducing latency of IPC response time and implemented on linux kernel for actual performance evaluation. While trying to maintain the additional overhead as least as possible, the experiment shows that the use of this technique enhances the performance of IPC multiple times of existing technique under certain circumstances.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.763-765
• /
• 2005

DVS(dynamic voltage sealing)은 이동형 프로세서에서 에너지 효율을 높이기 위한 필수 요소로 자리 잡고있다. DVS를 효과적으로 사용하기 위해선 대상 태스크의 특성과 하드웨어 특성에 맞는 DVS 알고리즘이 필요하다. 상품화 수준의 않은 운영체계들이 일정한 인터벌(interval)을 바탕으로 시스템 사용 상황을 분석하여 목표 성능을 결정하는 방식을 사용하고 있다. 이러한 방식은 태스크의 특성이 갑자기 변하여 성능을 요구할 경우 인터벌만큼의 시간이 진행된 후에야 반응 한다는 단점이 있다. 또한, 태스크 별 특성이 아닌 시스템 전체의 특성을 따르므로 이질적인 성격의 태스크들이 동시에 실행 되는 환경에는 적합하지 않다. 최근의 모바일 프로세서들은 수 마이크로초 수준의 성능 전환 시간을 제공하고 있으며 이 속도는 계속 줄어들고 있다. 프로세서의 고성능화로 인해 I/O 작업의 경우 프로세서 성능에 따른 실행 시간의 차이가 존재 하지 않는다. 이러한 두 가지 특성을 바탕으로 우리는 TIB(timer interrupt based) 알고리즘을 제안한다. TIB 알고리즘은 일정한 길이의 인터벌 대신 타임 슬라이스(time slice)를 성능 결정의 단위로 삼는다. 성능의 결정은 태스크 별로 이루어지며 각 태스크가 사용했던 이전 타임 슬라이스가 타이머 인터룹트(timer interrupt)에 의해 끝났다면 최대의 성능을 그 외의 경우는 최저의 성능으로 실행하게 된다. 이러한 접근 방식을 통해 I/O 작업이나 이벤트를 기다리는 태스크에 대해 최저 성능을 제공함으로써 실행 시간의 적은 손해를 대가로 많은 에너지 절감을 이룰 수 있다. 또한, 태스크의 속성이 변한 경우 타임 슬라이스 길이 만큼의 지체만을 허용하게 된다. 이러한 TIB 인터벌에 기반한 알고리즘에 비해 개별 태스크의 특성에 따른 성능 조절과 태스크의 변화에 따른 빠른 반응을 자랑으로 한다. 본 논문에선 TIB 알고리즘을 리눅스 커널에 구현하여 성능을 평가하였고 그 결과 리눅스에서 사용되는 기존 인터벌 기반의 알고리즘들에 비해 좋은 전력 절감 효과를 얻을 수 있었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.