• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.61-70
• /
• 2011

Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. As a part of cost savings and green IT policies, there is a tendency in which recent businesses increase the adoption of such virtualization. In particular, regarding the virtualization in desktop, it is one of the most widely used technology at the present time. Because it is able to efficiently use various types of operating systems in a physical computer. A virtual machine image that is a key component of virtualization is difficult to investigate. because the structure of virtual machine image is different from hard disk image. Therefore, we need researches about appropriate investigation procedure and method based on technical understanding of a virtual machine. In this research, we suggest a procedure of investigation on a virtual machine image and a method for a corrupted image of the VMware Workstation that has the largest number of users.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.43-50
• /
• 2022

It is no exaggeration to say that mobile devices have already become an essential tool in our daily life. Among these mobile devices, a representative smart phone is overheating the market by introducing new functions and services whenever a new product is released. However, most users do not know that there are various vulnerabilities depending on the manufacturer, service, or function, and damage is occurring due to attacks that exploit the vulnerabilities.Research on this has already been conducted, but it is very difficult to predict because there are various differences depending on new devices, operating systems, services, and functions. For this reason, it is necessary to continuously monitor and study new vulnerable factors. Therefore, through this study, research so far, vulnerabilities, attack technology, and response technology were considered. In addition, it is expected that it can be used as basic data for the development of systems and response technologies in the future by proposing countermeasures.

• The KIPS Transactions:PartD
• /
• v.19D no.1
• /
• pp.63-80
• /
• 2012

Mobile devices with Android OS and iOS have been emerged as mobile computing devices where various software applications are deployed. Furthermore, they are anticipated to be used not only for traditional personal computing but also for enterprise computing. However, such mobile devices have their intrinsic characteristics such as limited resources and flexible network capabilities, which are not revealed in traditional computers. Hence, there is high demand for methods to develop mobile applications with reflecting their intrinsic characteristics. Since those characteristics belong to non-functional requirements, they should be reflected in architecture design while designing mobile applications. To design architecture, the architecture drivers that are architecture non-functional requirements are decided from mobile application characteristics. Conventional architecture design methods do not consider those characteristics so that the methods cannot be straightforwardly applied to mobile applications. In this paper, to efficiently develop mobile applications reflecting those characteristics, we propose a set of architecture patterns and define a guideline to apply those patterns. First, we define the characteristics of mobile applications distinguished and derive architectural drivers from them. Then, we propose architecture patterns in terms of static and dynamic views and define an architectural guideline to apply the patterns to designing architecture for mobile application. And, we perform case studies to verify the applicability of proposed patterns. Finally, we assess the proposed architecture patterns by proving how the patterns can fulfill identified architecture drivers and by comparing our approach with previous works.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.4
• /
• pp.1-11
• /
• 2013

Dynamic Software Update(DSU) is a technique, which updates a new version of the software to a running process without stopping. Many DSU systems that update C application programs are introduced. However, these DSU systems differ in implementation method or in main features. In this paper, we propose a new DSU system that can solve some disadvantages of existing DSU systems. DSU system presented in this paper splits existing program to code, global data and local data and then updates each part of the program considering the characteristics of the respective parts. The proposed system in this paper is implemented and tested on Linux. Also, we compared our DSU system with other DSU systems and we could find some strength of our DSU system. First, the code memory usage of our DSU system can be efficient since our system does not need to maintain code of an old version. Second, the global data memory waste is small because our system does not need to allocate the global data again which is not modified in the new version. Finally, we restore local data of old version in stack area of the new version using stack reconstruction technique. This paper is meaningful since we proposed a new DSU method and we implemented a full DSU system using the method.

• Journal of The Korean Society of Grassland and Forage Science
• /
• v.12 no.3
• /
• pp.64-129
• /
• 1992

최근 초지중심 사양형태의 증가와 초지면적의 확대에 따라 단순한 사료로서가 아니라 영양가치가 높고 기호성이 높은 목초생산이 요구되고 있다. 그러나, 고위생산을 위해 다량으로 사용된 질소질비료에 의하여 질산태 중독 등의 문제가 야기되고 있어 목초의 생리 및 영양에 관한 연구가 필요하게 되었다. 사료성분 혹은 영양가치에 대한 연구는 이미 일찍부터 다루어져 왔으나, 주로 야초류, 청예작물 및 농가부산물 등의 일반성분 특히, 조단백질과 조섬유함량의 연구가 주가 되었고 다년생 목초류에 대한 연구는 1975년경부터 본격화 되기 시작하였다. 그동안 한국초지학회지와 축산학회지($1972\sim1991$)에 게재된 총 151편의 생리 및 영양에 관한 연구 중에서 다년생 목초류를 취급한 것은 불과 63편에 머물고 있다. 이 분야의 연구는 각종 목초 사료작물에 대한 재배조건과 생육단계에 따른 생리생태학적 연구와 사료성분, 소화율 및 가소화양분 함량의 일반적인 변화, 경향을 검토하여 사료 가치 평가를 위한 기준으로 삼았다. 그러나 다년생 목초류는 물론 사료 작물에 있어서 육종 생리분야의 연구는 매우 미흡한 상태로써 단지 발아, 생육, 저장탄수화물 및 유독성분 등 단편적인 연구만이 행해지고 있을 뿐이다. 또한 사료 성분이 가축의 기호성에 미치는 영향을 구명하기 위한 연구는 거의 이루어지고 있지 않으므로 금후 탄수화물과 미량 요소에 대한 자세한 연구 검토가 필요하다고 생각된다. 특히 목초와 사료작물의 화학적인 조성과 가축의 생리에 관련한 여러가지 문제들도 앞으로 보다 깊이 연구되어야 할 과제라고 생각된다.권을 잡기 위해 10년지기였던 IBM과 MS사는 각각 OS/2와 윈도즈를 내세우고 양보할 수 없는 힘겨루기에 들어갔다. 또 이들 양사는 펜컴퓨터,멀티미디어등 차세대제품의 운영체제 시장을 둘러싸고 일찍부터 격전에 들어갔으며 IBM과 MS사의 혼전을 틈타 썬마이크로시스템을 필두로한 워크스테이션 업체 및 유닉스진영까지 고성능 PC시장을 겨냥한 OS를 속속 개발, 90년대의 OS 전쟁은 한치 앞을 내다볼 수 없는 안개국면으로 접어들고 있다. DOS에서 32비트시대,펜컴퓨터, 멀티미디어에 이르는 차세대제품을 둘러싼 업계의 OS 쟁탈전을 통해 OS의 발전동향과 미래를 전망해 본다. results in the large change of the objective function, the sum of squares of deviations of the observed and computed groundwater levels. 본 논문에서는 가파른 산사면에서 산사태의 발생을 예측하기 위한 수문학적 인 지하수 흐름 모델을 개발하였다. 이 모델은 물리적인 개념에 기본하였으며, Lumped-parameter를 이용하였다. 개발된 지하수 흐름 모델은 두 모델을 조합하여 구성되어 있으며, 비포화대 흐름을 위해서는 수정된 abcd 모델을, 포화대 흐름에 대해서는 시간 지체 효과를 고려할 수 있는 선형 저수지 모델을 이용하였다. 지하수 흐름 모델은 토층의 두께, 산사면의 경사각, 포화투수계수, 잠재 증발산 량과 같은 불확실한 상수들과 a, b, c, 그리고 K와 같은 자유모델변수들을 가진다. 자유모델변수들은 유입-유출 자료들로부터 평가할 수

• The Transactions of the Korea Information Processing Society
• /
• v.1 no.3
• /
• pp.367-379
• /
• 1994

This paper describes scheduling algorithms of the UNIX operating system and shows an analytical approach to approximate the average conditional response time for a process in the UNIX operating system. The average conditional response time is the average time between the submittal of a process requiring a certain amount of the CPU time and the completion of the process. The process scheduling algorithms in thr UNIX system are based on the priority service disciplines. That is, the behavior of a process is governed by the UNIX process schuduling algorithms that (ⅰ) the time-shared computer usage is obtained by allotting each request a quantum until it completes its required CPU time, (ⅱ) the nonpreemptive switching in system mode and the preemptive switching in user mode are applied to determine the quantum, (ⅲ) the first-come-first-serve discipline is applied within the same priority level, and (ⅳ) after completing an allotted quantum the process is placed at the end of either the runnable queue corresponding to its priority or the disk queue where it sleeps. These process scheduling algorithms create the round-robin effect in user mode. Using the round-robin effect and the preemptive switching, we approximate a process delay in user mode. Using the nonpreemptive switching, we approximate a process delay in system mode. We also consider a process delay due to the disk input and output operations. The average conditional response time is then obtained by approximating the total process delay. The results show an excellent response time for the processes requiring system time at the expense of the processes requiring user time.

• 대한공업교육학회지
• /
• v.32 no.1
• /
• pp.134-152
• /
• 2007

This study deals with the development of computer program which can restrict students to access to the unallowable web sites during the Internet based class. Our suggested program can find the student's access list to the unallowable sites, display it on the teacher's computer screen. Through the limitation of the student's access, teacher can enhance the efficiency of class and fulfill his educational purpose for the class. The use of our results leads to the effective and safe utilization of the Internet as the teaching tools in the class. Meanwhile, the typical method is to turn off the LAN (Local Area Network) power in order to limit the student's access to the unallowable web sites. Our program has been developed on the Linux operating systems in the small network environment. The program includes following five functions: the translation function to change the domain name into the IP(Internet Protocol) address, the search function to find the active students' computers, the packet snoop to capture the ongoing packets and investigate their contents, the comparison function to compare the captured packet contents with the predefined access restriction IP address list, and the restriction function to limit the network access when the destination IP address is equal to the IP address in the access restriction list. Our program can capture all passing packets through the computer laboratory in real time and exactly. In addition, it provides teacher's computer screen with the all relation information of students' access to the unallowable sites. Thus, teacher can limit the student's unallowable access immediately. The proposed program can be applied to the small network of the elementary, junior and senior high school. Our research results make a contribution toward the effective class management and the efficient computer laboratory management. The related researches provides teacher with the packet observation and the access limitation for only one host, but our suggested program provides teacher with those for all active hosts.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.33-40
• /
• 2018

In an environment with a large network bandwidth, maximizing bandwidth utilization is an important issue to increase transmission efficiency. End-to-end transfer efficiency is significantly influenced by factors such as network, data transfer nodes, and intranet network security policies. Science DMZ is an innovative network architecture that maximizes transfer performance through optimal solution of these complex components. Among these, the data transfer node is a key factor that greatly affects the transfer performance depending on storage, network interface, operating system, and transfer application tool. However, tuning parameters constituting a data transfer node must be performed to provide high transfer efficiency. In this paper, we propose a method to enhance performance through tuning parameters of 100Gbps data transfer node. With experiment result, we confirmed that the transmission efficiency can be improved greatly in 100Gbps network environment through the tuning of Jumbo frame and CPU governor. The network performance test through Iperf showed improvement of 300% compared to the default state and NVMe SSD showed 140% performance improvement compared to hard disk.