• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.101-106
• /
• 2020

Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.14 no.5
• /
• pp.60-70
• /
• 2018

A software defined storage (SDS) is being deployed in cloud environment to allow multiple users to virtualize physical servers, but a solution for optimizing space efficiency with limited physical resources is needed. In the conventional data deduplication system, it is difficult to deduplicate redundant data uploaded to distributed storages. In this paper, we propose a distributed deduplication method using similarity-based clustering and multi-layer bloom filter. Rabin hash is applied to determine the degree of similarity between virtual machine servers and cluster similar virtual machines. Therefore, it improves the performance compared to deduplication efficiency for individual storage nodes. In addition, a multi-layer bloom filter incorporated into the deduplication process to shorten processing time by reducing the number of the false positives. Experimental results show that the proposed method improves the deduplication ratio by 9% compared to deduplication method using IP address based clusters without any difference in processing time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.81-83
• /
• 2023

태양 에너지 수집형 IoT 기기는 주기적으로 재충전되는 태양 에너지의 특성상, 에너지 소모를 최소화하기보다는 수집된 에너지를 최대한 유용하게 사용하는 것이 중요하다. 한편, 데이터 기밀성과 프라이버시, 응답속도, 비용 등의 이유로 클라우드가 아닌 데이터 소스 근처에서 머신러닝을 수행하는 엣지 AI에 대한 연구도 활발한데, 그 중 하나는 여러 IoT 장치들이 수집한 오디오 데이터를 활용하여, 다양한 AI 응용들을 IoT 엣지 컴퓨팅 환경에서 제공하는 것이다. 그러나, 이와 관련된 많은 연구에서, IoT 기기들은 에너지의 제약으로 인하여, 엣지 서버(IoT 서버)로의 센싱 데이터 전송만을 수행하고, 데이터 전처리를 포함한 모든 AI 과정은 엣지 서버에서 수행한다. 이 경우, 엣지 서버의 과부하 문제 뿐 아니라, 학습 및 추론에 불필요한 데이터까지도 서버에 그대로 전송되므로 네트워크 과부하 문제도 야기한다. 또한, 이를 해결하고자, 데이터 전처리 과정을 각 IoT 기기에 모두 맡긴다면, 기기의 에너지 부족으로 정전시간이 증가하는 또 다른 문제가 발생한다. 본 논문에서는 각 IoT 기기의 에너지 상태에 따라 데이터 전처리 여부를 결정함으로써, 기기들의 정전시간 증가 문제를 완화시키면서 서버 집중형 엣지 AI 환경의 문제들(엣지 서버 및 네트워크 과부하)을 완화시키고자 한다. 제안기법에서 IoT 장치는 기기가 기본적으로 동작하는 데 필요한 에너지 외의 여분의 에너지 양을 예측하고, 이 여분의 에너지가 있는 경우에만 이를 사용하여 기기에서 전처리 과정, 즉 수집 대상 소리 판별과 잡음 제거 과정을 거친 후 서버에 전송함으로써, IoT기기의 정전시간에 영향을 주지 않으면서, 에너지 적응적으로 데이터 전처리 위치(IoT기기 또는 엣지 서버)를 결정하여 수행한다.

• Journal of Information Technology and Architecture
• /
• v.10 no.3
• /
• pp.371-378
• /
• 2013

Video-demand learning through E-learning continuously increases on these days. However, not all video-demand learning systems can be utilized properly. When students study by education videos not matched to level of their own, it is possible for them to lose interest in learning. It causes to reduce the learning efficiency. In order to solve the problem, we need to develop a recommendation system which recommends customized education videos according the study levels of students. In this paper, we estimate the study level based on the history of students' watching behaviors such as average watching time, skipping and rewinding of videos. In the experimental section, we demonstrate our recommendation system using real students' video watching history to show that our system is feasible in a practical environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.547-554
• /
• 2022

Recently, the field of telemedicine is growing rapidly due to the COVID-19 pandemic. However, the cost of telemedicine services is relatively high, since cloud computing, video conferencing, and cyber security should be considered. Therefore, in this paper, we design and implement a cost-effective P2P-based telemedicine system. It is implemented using the widely used the open source computing platform, Raspberry Pi, and P2P network that frees users from security problems such as the privacy leakage by the central server and DDoS attacks resulting from the server/client architecture and enables trustworthy identifying connection system using SSL protocol. Also it enables users to check the other party's status including body temperature in real time by installing a thermal imaging camera using Raspberry Pi. This allows several medical diagnoses that requires visual aids. The proposed telemedicine system will popularize telemedicine service and meet the ever-increasing demand for telemedicine.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.214-216
• /
• 2021

It proposes a plan to strengthen the limitations of existing corporate security systems based on Zero-Trust. With the advent of the era of the Fourth Industrial Revolution, the paradigm of security is also changing. As remote work becomes more active due to cloud computing and COVID-19, security issues arising from the changed IT environment are raised. At the same time, in the current situation where attack techniques are becoming intelligent and advanced, companies should further strengthen their current security systems by utilizing zero trust security. Zero-trust security increases security by monitoring all data communications based on the concept of doubting and trusting everything, and allowing strict authentication and minimal access to access requestors. Therefore, this paper introduces a zero trust security solution that strengthens the existing security system and presents the direction and validity that companies should introduce.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06b
• /
• pp.357-360
• /
• 2011

최근 인터넷과 통신기술, 특히 모바일과 관련된 기술의 급속한 발전으로 소셜 커뮤니케이션 수단으로 대표되는 SNS(Social Networking Service)가 중요한 이슈로 부각되어지고 있다. SNS 서비스 제공시 중요하게 고려되어져야 할 사항은 정확하고 의미 있는 데이터를 통해서 사용자가 원하고 관심 있는 분야의 정보를 어떻게 제공할 것인가에 초점이 맞춰져 있어야 한다. 그러나 최근 폭발적으로 증가되어지고 있는 소셜 데이터 때문에 사용자는 의미 분석이 정확하게 이루어지지 않은 신뢰성이 결여된 소셜 커뮤니케이션 서비스를 제공받고 있다. 이러한 소셜데이터 분석의 문제점을 해결하기 위해서 본 논문에서는 소셜 네트워크 서비스에 필요한 데이터를 수집하고, 클라우드 컴퓨팅 환경에서 수집된 대용량 SNS 데이터의 의미를 분석 할 수 있는 MapReduce 기반의 분석 모듈의 구조를 제안하였다. 제안한 모듈은 의미 분석에 필요한 소셜 데이터를 수집하는 수집 기능과 수집된 소셜데이터의 의미 분석을 수행하는 분석 기능을 포함하고 있다. 수집 기능은 SNS에서 생성되는 텍스트 형태의 데이터를 수집하고 MapReduce를 통해서 데이터를 분석하기 쉽게 적절한 크기로 생성된 파일을 분할한다. 수집된 소셜 데이터의 의미 분석은 기존 TF-IDF 방식에 개선된 Weighted-MINMAX 적용한 알고리즘을 통해서 구현하였다. 개선된 알고리즘은 단어의 중요도를 평가하고, 중요도가 높은 단어로 구성된 의미정보 제공 서비스를 지원한다. 시스템의 성능 평가를 위해서 노드별 데이터 처리시간과 추출 키워드의 정확도를 측정하였다.

• Journal of Korean Society for Quality Management
• /
• v.43 no.4
• /
• pp.573-588
• /
• 2015

Purpose: For improving result of estimated remaining useful life in Prognostics and Health Management (PHM), a system which is able to consider a lot of environment and load data is required. Method: A load profile monitoring system was presented based on cloud computing for gathering and processing raw data which is included environment and load data. Result: Users can access results of load profile information on the Internet. The developed system provides information which consists of distribution of load data, basic statistics, etc. Conclusion: We developed the load profile monitoring system for considering much environment and load data. This system has advantages such as improving accessibility through smart device, reducing cost, and covering various conditions.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.2
• /
• pp.103-108
• /
• 2012

Recently, IT Governance has been applied to business management environment. In this paper, we study business model that can minimize information security risk using IT governance in cloud computing environment. Especially, we propose the interaction model that link risk management for subject of information security governance. In our model, synergy means the effective, strategic and secure business support. And interaction analysis of BMIS's 4 elements and 6 dynamic interconnections is required. Therefore we propose interaction model which can link risk management based on COSO ERM or COBIT Risk IT Framework.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.