• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.190-192
• /
• 2002

EJB(Enterprise Java Bean)컨테이너에서 보안은 크게 사용자 인증과 빈의 메소드 호출에 대한 접근 제어로 구분된다. 기업이 가지고 운영 중인 다양한 보안 플랫폼 상에 EJB 컨테이너가 구동되기 때문에 EJB 컨테이너는 개별 보안 시스템과 독립적인 방법으로 빈에 대한접근 제어 방법을 정의하고 있다. 본 논문에서는 E504(Enterprise 504) EJB 컨테이너 시스템에서의 사용자 인증 및 접근 제어 방법에 대해 논의한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.9
• /
• pp.2183-2190
• /
• 2013

Container Security Device (ConTracer) which is suggested in this study is to monitor temperature, humidity, and impact inside of the container while the container is transported. ConTracer could also give information to users when a door of the container is opened over 2 inch within 1 second. Additionally, GPS/GLONASS based global position and status information about container are transmitted to a remote server using IoT (Internet of Things) based communication. In this research, we are looking into the development trend of global container security devices; and applying ConTracer to real freight transport from domestic to overseas using Global Roaming Service which is offered for domestic Mobile Communication Companies as well. As a result, we estimate the performance of ConTracer and verify it.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.831-834
• /
• 2011

This paper is intended as performance verification of efficient container door Open/Closed detection mechanism for Container Security Device(ConTracer) to container cargo transportation. Container door Open/Closed detection mechanism using Reed sensor is important to satisfies the US Department of homeland security customs and border protections requirements to many types of container door. Also, Verify that the container door is configured correctly and that you can check the illegal opening. In this article, Performance valuation of this Contacer on reed sensor has been verified through field test for each other 30 containers. Once the improvement has been made, we are suggest that propose skills will meet the highest standards for container security safety.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.21-29
• /
• 2020

In this paper, we propose quantitative evaluation method that enable security comparison between Security Container Runtimes. security container runtime technologies have been developed to address security issues such as Container escape caused by containers sharing the host kernel. However, most literature provides only a analysis of the security of container technologies using rough metrics such as the number of available system calls, making it difficult to compare the secureness of container runtimes quantitatively. While the proposed model uses a new method of combining the degree of exposure of host system calls with various external vulnerability metrics. With the proposed technique, we measure and compare the security of runC (Docker default Runtime) and two representative Security Container Runtimes, gVisor, and Kata container.

• Information and Communications Magazine
• /
• v.24 no.11
• /
• pp.43-50
• /
• 2007

RFID 기술은 유비쿼터스 사회로 가는 첫걸음으로 인식되면서 많은 연구와 활용방안이 논의되고 있다. 항만 물류의 화물 컨테이너 보호 분야도 그 좋은 예이다. 즉, 화물 컨테이너를 안전하게 잠그고 열며, 화물 정보를 보호하기 위한 전기적 잠금 장치로써 RFID 기술이 활용될 수 있다. 본 고에서는 화물 컨테이너 운송의 안전성을 지원하기 위한 국제 표준화 현황을 살펴보고, 실제 상용화에 박차를 가하고 있는 대표적인 RFID 장치인 전자봉인(eSeal)과 컨테이너 보안장치(CSD)의 기술적 특징에 관하여 논한다. 본 고에서의 주요 관심은 전자 장치로서의 화물 컨테이너 보호용 RFID 태그와 리더 기술이며, 특히 화물 컨테이너의 중요 데이터를 보호하여 컨테이너 운송 시스템의 효율성과 보안성을 동시에 향상시킬 수 있는 데이터 보호 요구사항을 정리하며 결론을 맺는다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.961-973
• /
• 2023

With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2014.06a
• /
• pp.205-206
• /
• 2014

세계화의 진전 및 시장 개방의 가속화로 인해 국내외 항만물류산업의 중요성이 높아지고 있다. 우리나라는 항만의 경쟁에서 살아남기 위해 첨단기술을 적용한 무인 자동화 컨테이너 터미널의 구축 등을 통해 생산성, 경제성, 보안성 및 서비스 수준을 향상을 위해 연구 하고 있다. 하지만 컨테이너터미널 내부 효율 및 생산성을 향상시키는 연구가 대부분이며 보안업무 등을 처리하는 연구는 미흡한 실정이다. 컨테이너 터미널 보안의 중요성은 갈수록 중요 ${\cdot}{\cdot}$(중략)${\cdots}{\cdot}$.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.81-89
• /
• 2023

Kubernetes is a representative open-source software for container orchestration, playing a crucial role in monitoring and managing resources allocated to containers. As container environments become prevalent, security threats targeting containers continue to rise, with resource exhaustion attacks being a prominent example. These attacks involve distributing malicious crypto-mining software in containerized form to hijack computing resources, thereby affecting the operation of the host and other containers that share resources. Previous research has focused on detecting resource depletion attacks, so technology to respond when attacks occur is lacking. This paper proposes a reinforcement learning-based dynamic resource management framework for detecting and responding to resource exhaustion attacks and malicious containers running in Kubernetes environments. To achieve this, we define the environment's state, actions, and rewards from the perspective of responding to resource exhaustion attacks using reinforcement learning. It is expected that the proposed methodology will contribute to establishing a robust defense against resource exhaustion attacks in container environments

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.23-32
• /
• 2023

Container-based virtualization has attracted many attentions as an alternative to virtual machine technology because it can be used more lightly by sharing the host operating system instead of individual guest operating systems. However, this advantage may owe some vulnerabilities. In particular, excessive resource use of some containers can affect other containers, which is known as the noisy neighbor problem, so that the important property of isolation may not be guaranteed. The noisy neighbor problem can threat the availability of containers, so we need to consider the noisy neighbor problem as a security problem. In this paper, we investigate vulnerabilities on guarantee of isolation incurred by the noisy neighbor problem in container-based virtualization. For this we first analyze the structure of container-based virtualization environments. Then we present vulnerabilities in 3 functional layers and general directions for solutions with limitations.