• Journal of the Korea Society of Computer and Information
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2013

In this paper, for this open system-based virtual resource monitoring system was designed. Virtual resources, CPU, memory, disk, network, each subdivided into parts, each modular implementation. Implementation results in real time CPU, memory, disk, network information, confirmed the results of monitoring. System designed to implement the Windows, Linux, Xen was used for the operating system, implementation language, C++ was used, the structure of the system, such as the ability to upgrade and add scalability and modularity by taking into account the features available in cloud computing environments applicable to cloud computing, virtual resource monitoring system has been implemented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.579-589
• /
• 2017

The cloud environment is hypervisor-based, and many virtual machines are interconnected, which makes propagation of malicious code easier than other environments. Accordingly, this paper proposes a malicious traffic dynamic analysis system for secure cloud environment. The proposed system continuously monitors and analyzes malicious activity in an isolated virtual network environment by distinguishing malicious traffic that occurs in a cloud environment. In addition, the analyzed results are reflected in the distinguishment and analysis of malicious traffic that occurs in the future. The goal of this research is secure and efficient malicious traffic dynamic analysis by constructing the malicious traffic analysis environment in the cloud environment for detecting and responding to the new and variant malicious traffic generated in the cloud environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06b
• /
• pp.333-338
• /
• 2007

시스템 가상머신 환경은 높은 하드웨어 효율성과 높은 보안을 요구하는 시스템에서 그 사용이 점차 늘어나고 있다. 최근 많이 알려진 하이퍼바이저 가상머신 시스템은 높은 아이솔레이션과 보안성을 보장하나 각 게스트 운영체제 별로 운영체제 이미지를 가지기 때문에 하드웨어 효율성이 떨어지는 반면, 컨테이너 기반 가상머신 시스템은 운영체제 이미지의 공유로 인하여 높은 자원 효율성과 확장성을 가진다. 그러나 메모리 자원의 아이솔레이션에 대하여 취약점을 갖는 문제점을 안고 있다. 본 논문에서는 컨테이너 기반 가상머신 시스템에서 동적으로 각 가상머신별로 메모리 사용량 증가에 따른 페이지 히트율-곡선(Hit-Ratio-Curve)을 측정하였다. 이 곡선을 관찰해 보면 각 가상머신의 메모리 필요량을 알 수 있으며 이를 기반으로 메모리 자원을 할당하게 될 경우 효과적으로 메모리 자원의 아이솔레이션을 제공할 수 있게 된다. 본 논문에서는 대표적인 컨테이너 기반 가상머신인 리눅스 VServer가 적용되어 있는 리눅스 2.6.17 커널에 직접 구현하였으며, Lmbench 및 리눅스 커널 컴파일 등을 통하여 오버헤드를 측정하였고 $1.6{\sim}7.2%$의 적은 오버헤드로 이를 측정할 수 있음을 확인하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.199-201
• /
• 2015

국방 분야에서 전술작전센터를 구성하는 전술작전통제 플랫폼은 다양한 내/외부 체계 시험 장치를 연동하여 교전/작전 통제를 수행하는 플랫폼이다. 기존의 전술작전통제 플랫폼은 서로 다른 환경에서 개발된 시험 장치 소프트웨어를 통합 구축하는데 어려움이 있으며, 플랫폼을 구성하는 서버 자원의 탄력적 분배가 불가능하다. 본 연구는 전술작전센터를 구성하는 전술작전통제 플랫폼을 오픈스택 클라우드 및 KVM 하이퍼바이저를 기반으로 구축하여 내/외부 체계 시험 장치 소프트웨어의 실행 환경을 가상 머신으로 제공하였으며, 가상 머신 간 고속 데이터 통신을 위해 데이터 분산 서비스 및 10Gbps 이더넷, QDR 인피니밴드 네트워크를 활용하였다. 또한 오픈스택 클라우드 기반 전술작전통제 플랫폼의 네트워크를 구성하는 10Gbps 이더넷 및 QDR 인피니밴드 네트워크상에서 데이터 분산 서비스의 성능 평가를 수행하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.140-143
• /
• 2015

클라우드 컴퓨팅에서 가상화 기술은 단일 물리 자원을 논리적인 자원으로 분할해 다수의 시스템이 병행적으로 운용될 수 있는 환경을 구축하여 준다. 이에 컨테이너 기술 또한 프로세스의 격리를 이용해서 가상화와 같은 병행 수행 환경을 제공한다. 게다가 컨테이너 기술은 하드웨어를 추상화하는 절차가 없기 때문에 기존의 가상화 기술에 비해 오버헤드가 현저히 작다. 따라서 기존의 하이퍼바이저 자리를 대체하기 위한 수단으로 컨테이너 기술의 가능성이 점쳐지고 있다. 본 논문에서는 상용화 된 컨테이너 기술인 도커를 기존의 클라우드-가상화 환경에 도입하였을 때 발생되는 문제를 분석하여 해결 방안을 제안하고 실험을 통해 그 효과를 비교하였다. 기존의 도커는 정적 자원 할당만을 지원하며 이는 클라우드 환경에서 급격한 변화에 유연하게 대처하지 못한다는 단점을 가지고 있다. 따라서 도커에 동적 자원 할당 기술을 적용하여 기존의 단점을 보완하고 클라우드 환경에서 컨테이너 기술의 운영 효율성을 제고한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.961-971
• /
• 2019

Isolation between virtual machines in a cloud computing environment is an important security factor. The violation of isolation between virtual machines leads to interferences of shared resources and the implementation of covert channels. In this paper, the structure of Hyper-V hypervisor is analyzed to implement covert channels between virtual machines. Hyper-V uses a mutex technique for mutual exclusion between virtual machines. It indicates that isolation of virtual machines is violated and covert channels can be implemented due to mutex. We implemented several covert channels by designing a method for searching mutex resources applicable to Hyper-V with complex architectures. The mutex-based covert channel is not hardware dependent. If the covert channel is detected or defended, the defensive technique can be avoided by using the other covert channel among several covert channels.

• KIISE Transactions on Computing Practices
• /
• v.21 no.12
• /
• pp.792-797
• /
• 2015

Effective profiling diagnoses the failure of the system and informs risk. If a failure in the target system occurs, it is impossible to diagnose more than one of the exiting tools. In this respect, monitoring of the system based on virtualization is useful. We present in this paper a monitoring framework that uses the characteristics of hardware virtualization to prevent side-effects from a target guest, and uses dynamic binary instrumentation with instruction-level trapping based on hardware virtualization to achieve efficiency and flexibility. We also present examples of some applications that use this framework. The framework provides tracing of guest kernel function, memory dump, and debugging that uses GDB stub with GDB remote protocol. The experimental evaluation of our prototype shows that the monitoring framework incurs at most 2% write memory performance overhead for end users.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.1
• /
• pp.69-78
• /
• 2015

Recently, due to the development of next-generation computing devices and high-performance network, VDI (Virtual Desktop Infrastructure) is receiving a great deal of attention from IT market as an essential part of cloud computing. VDI enables to host multiple, individual virtual machines that are provisioned from servers located at the data center by using hypervisor. One of the critical issues related to VDI is to reduce the performance difference between virtual machines and physical ones. In this paper, we present a real-time VM monitoring system, called SETMOV, that is able to collect the real-time resource usage information. We also present the performance results using iozone to verify SETMOV.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.9
• /
• pp.103-108
• /
• 2014

In the virtualized server systems, a scheduler in a hypervisor is responsible to assign physical resources for virtual machines. However, the traditional scheduler is hard to provide optimized resource allocation considering the amount of I/O requests. Especially, the drawback hinders performance of software load balancer which runs on virtual machines to distribute I/O requests from the clients. In this paper, we propose a new architecture to improve the performance of software load balancer using multiprocess. Our architecture aims to improve hardware resource utilization and overall performance of the server systems which utilize virtualization technology. Experimental results show the effectiveness of the proposed architecture for the various cases.

• Journal of Digital Contents Society
• /
• v.19 no.3
• /
• pp.453-460
• /
• 2018

Virtualization technology is characterized by the ability to isolate the user's system environment and to support the computing resources flexibly and extensively on demand. However, virtualization technology of cloud computing, which is already well known, must overload the guest OS and the hypervisor to manage it. Container technology is emerging to solve such OS-based virtualization problems. This technology can isolate the processes under which the application is running, thus creating a virtualization-like environment with minimal overhead. In this work, we construct a container-based education practice system using Docker instead of the existing cloud-based environment. To do this, we analyze the requirements for the establishment of the training practice environment. We also analyze the functions of the container and study the method to meet the requirements. This can take advantage of the existing flexible and scalable cloud computing. Also, it maximizes the availability of limited resources by minimizing the performance load.