• KIISE Transactions on Computing Practices
• /
• v.20 no.10
• /
• pp.555-560
• /
• 2014

This paper proposes the data security technology for the desktop virtualization environment using the separated software execution method. In the virtual environment where allocates separate VMs to the users, there is a benefit that the programs in one guest machine are isolated from the programs running in another guest machine, whereas in the separated execution environment that supports application virtualization, the isolation is not offered and it causes the data security problem because the applications are executed by the one root privilege in the server. To solve this problem, we provides the data security method using the server storage filter, the viewer filter, and the file mapping table in this paper.

• Smart Media Journal
• /
• v.5 no.4
• /
• pp.116-123
• /
• 2016

Recently, important information related with smart work such as office and video conference are handled in smart device quite a lot compare with before. Also, execution environment of smart devices is getting developed as open software environment. It brought convenience to download and use any kind of application software. By that, security side of smart devices became vulnerable. This paper will discuss characteristics of smart device security technology based on virtualization that is a mobile device platform with isolated secure execution area based on TEE (Trusted Execution Environment). Also, this paper will suggest an implementation method about safe smart device security platform based on domain separation for application software which can be executed in smart devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.137-147
• /
• 2011

Because of the convergence between Internet and broadcast communication, users are able to use multimedia contents anytime. In addition, with the change of existing one-way service to two-way service, the provider can offer efficient and useful broadcast communication. However, As multimedia contents is provided by STB, it can validate only end-node STB. Thus, this method is limiting possibilities of individual service. Also, providers' STB are different, so problem of compatibility is emerging as an issue. Therefore, in this paper we proposed STB virtualization based enhanced IPTV user authentication system to improve individual authentication and compatibility of services.

• Journal of Digital Contents Society
• /
• v.19 no.3
• /
• pp.453-460
• /
• 2018

Virtualization technology is characterized by the ability to isolate the user's system environment and to support the computing resources flexibly and extensively on demand. However, virtualization technology of cloud computing, which is already well known, must overload the guest OS and the hypervisor to manage it. Container technology is emerging to solve such OS-based virtualization problems. This technology can isolate the processes under which the application is running, thus creating a virtualization-like environment with minimal overhead. In this work, we construct a container-based education practice system using Docker instead of the existing cloud-based environment. To do this, we analyze the requirements for the establishment of the training practice environment. We also analyze the functions of the container and study the method to meet the requirements. This can take advantage of the existing flexible and scalable cloud computing. Also, it maximizes the availability of limited resources by minimizing the performance load.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1198-1212
• /
• 2013

Network virtualization enables autonomous and heterogeneous Virtual Networks (VNs) to co-exist on a shared physical substrate. In a Network Virtualization Environment (NVE), the fact that individual VNs are underpinned by diverse naming mechanisms brings about an obvious challenge for transparent communication across multiple VN domains due to the complexity of uniquely identifying users. Existing solutions were mainly proposed compatible to Internet paradigm with little consideration of their applications in a virtualized environment. This calls for a scalable and efficient naming framework to enable consistent communication across a large user population (fixed or mobile) hosted by multiple VNs. This paper highlights the underlying technical requirements and presents a scalable Global Naming Framework (GNF), which (1) enables transparent communication across multiple VNs owned by the same or different SPs; (2) supports communication in the presence of dynamics induced from both VN and end users; and (3) greatly reduces the network operational complexity (space and time). The suggested approach is assessed through extensive simulation experiments for a range of network scenarios. The numerical result clearly verifies its effectiveness and scalability which enables its application in a large-scale NVE without significant deployment and management hurdles.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2084-2100
• /
• 2020

Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• The Journal of the Korea Contents Association
• /
• v.13 no.9
• /
• pp.1-9
• /
• 2013

In recent, the cloud computing makes it possible to provide the on-demand provision of software, hardware, and data as a service in various IT fields. This paper uses the cloud computing techniques for the real time broadcasting service of virtual 3D contents. However, the existing related solutions have many problems that the load of the server is rapidly increased or the cost of the server is very high when the number of service users is increased. Therefore, we propose a new application virtualization method to solve these problems. It promises their stable operations in multi-user services because the proposed method does not execute the rendering commands of the application at the host server but delivers and executes them to clients via the Internet. Our performance experiments show that our proposed method outperforms the existing methods.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.479-485
• /
• 2013

Virtualization is a promising approach to consolidating multiple online services onto a smaller number of computing resources. A virtualized server environment allows computing resources to be shared among multiple performance isolated platforms called virtual machines. Through server virtualization software, applications servers are encapsulated into VMs, and deployed with APIs on top generalized pools of CPU and memory resources. Networking and security have been moved to a software abstraction layer that transformed computing, network virtualization. And it paves the way for enterprise to rapidly deploy networking and security for any application by creating the virtual network. Stochastic reward net (SRN) is an extension of stochastic Petri nets which provides compact modeling facilities for system analysis. In this paper, we develop SRN model of network virtualization based on virtual switch. Measures of interest such as switching delay and throughput are considered. These measures are expressed in terms of the expected values of reward rate functions for SRNs. Numerical results are obtained according to the virtual switch capacity and number of active VMs.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.3
• /
• pp.449-458
• /
• 2022

In a power plant, the utility operates controllers include safety program that has performed several stages verification to prevent accidents in preparation for accidents, or to stably operate in accident. This paper describes the virtualization technology so that the verified binary operating system and application program can operate on the controller processor used in the power plant safety control facility. The technology applied to this virtualization processor uses commercial tools to implement the essential components for the operation of the safety-grade controller processor module, such as command interpreters and analyzers, and the virtualization platform was developed in a Linux-based operating system using the Imperas Tool. In addition, it was checked whether the implemented virtual processor module can normally interpret and execute binary-type instructions.