• Journal of Computing Science and Engineering
• /
• v.5 no.4
• /
• pp.331-337
• /
• 2011

Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect security-sensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.6 no.4
• /
• pp.249-254
• /
• 2011

A user desktop service can be made available on internet or local area network with the help of virtualization and cloud technologies. The service is usually called a virtual desktop or a desktop cloud. However, a user interface is limited to I/O capabilities of a user's mobile terminal. In order to enhance a user interface on a remote virtual desktop, it is important to connect full-featured I/O devices which are founded locally. Our previous work called SoD (System-on- Demand) has proposed a technique to associate local full-featured I/O devices with a remote virtual desktop in Xen. On the technique, it is required to install a SoD client agent in a user's mobile terminal for connecting a remote virtual desktop. In this paper, we propose a new framework called Web-SoD that does not require any explicit installation to make SoD service available. The SoD client agent is provided by the web technology so that the agent can be installed transparently, and the platform independency is also achieved. Due to insufficient network socket performance of current web technologies, we extend Native Client (NaCl) proposed by Google to support a network functionality by modifying a NaCl library and a service runtime. With conducted experiment, we show that the network extension supports a full socket functionality over the compromised overhead on the web environment.

• Journal of Internet Computing and Services
• /
• v.10 no.3
• /
• pp.103-112
• /
• 2009

This paper proposes an efficient storage virtualization system which allows users to view hard disk resources of numerous nodes as a large logical space using distributed hash tables of P2P techniques. The proposed system is developed at device level of Windows operating system and is suitable for users in Intranet environments. This system is developed to be recognized as one hard disk at the Windows explorer for user conveniences and does not need a supplementary client program at the application layer. In addition, it enhances security via cutting off breaches from external networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.8
• /
• pp.1825-1842
• /
• 2013

Rapid growth of the IT industry has led to significant energy consumption in the last decade. Data centers swallow an enormous amount of electrical energy and have high operating costs and carbon dioxide excretions. In response to this, the dynamic consolidation of virtual machines (VMs) allows for efficient resource management and reduces power consumption through the live migration of VMs in the hosts. Moreover, each client typically has a service level agreement (SLA), this leads to stipulations in dealing with energy-performance trade-offs, as aggressive consolidation may lead to performance degradation beyond the negotiation. In this paper we propose a heuristic based resource allocation of VM selection and a VM allocation approach that aims to minimize the total energy consumption and operating costs while meeting the client-level SLA. Our experiment results demonstrate significant enhancements in cloud providers' profit and energy savings while improving the SLA at a certain level.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.6
• /
• pp.1321-1326
• /
• 2015

The amount of smart phones has increased exponentially. Due to the periodic release of high-performance smart phones and upgraded operating system, new smart phones become out-dated over 1 or 2 years. In order to solve environmental constraints of these smart phones, virtualization technology using Thin-Client terminal has been developed. However, in the case of Virtual Machine(VM), the applications associated with sensors and a GPS device can not run because they are not included. In this paper, by implementing the device driver for Android running in a virtual machine in the x86-based systems, it is to provide Android virtualization capabilities such as using the latest smart phones in the virtual machine environment. It would like to propose a method that the virtual device driver receives sensors and GPS information from the old Android smart phones(Thin-Client) that actually work and run as if the real device exists.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.27-32
• /
• 2014

Utilization of web application has been widely spread and complication in recent years by the rapid development of network technologies and changes in the computing environment. The attack being target of this is increasing and the means is diverse and intelligent while these web applications are using to a lot of important services. In this paper, we proposed security model using virtualization technology to prevent attacks using vulnerabilities of web application. The request information for query in a database server also can be recognized by conveying to the virtual web server after ID is given to created session by the client request and the type of the query is analyzed in this request. VM-Master module is constructed in order to monitor traffic between the virtual web servers and prevent the waste of resources of Host OS. The performance of attack detection and resource utilization of the proposed method is experimentally confirmed.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.296-298
• /
• 2012

최근 컴퓨터 가상화 기술이 발전됨에 따라 소프트웨어를 서비스 형태로 사용하는 소프트웨어 서비스(Software as a Service SaaS)가 많은 응용분야에서 사용되고 있다. 본 논문은 이러한 소프트웨어 서비스 기술을 이용하여 가상 3D 콘텐츠의 실시간 방송 서비스를 하고자 한다. 그러나 이러한 서비스를 위하여 기존 소프트웨어 서비스형 솔루션을 이용하면 사용자가 증가함에 따라 급속히 서버 성능이 저하되거나 여러 가지 제한사항들이 많은 문제점들을 가지고 있다. 그래서 본 논문은 성능 개선을 위하여 클라이언트 장치 및 소프트웨어 가상화하고 데이터 집중적인 작업들은 서버에서 직접 실행하고 그래픽 집중적인 작업들은 네트워크 전송을 통하여 클라이언트에서 처리되는 분할 실행 방식을 제안한다.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.91-100
• /
• 2020

This paper presents an evaluation framework for prototyping multimedia streaming services including audio and video in a distributed and/or decentralized storage that can evaluate service quality and performance under various network conditions. The evaluation framework focuses on important indicators which measure and improve service quality by applying decentralized storage to multimedia streaming services that can mimic the scalability of the existing server-client software architecture and the issue of a single point of failure. The integrated framework not only measures performance indicators for evaluating the quality and performance of multimedia streaming on open source based multimedia content streaming services, but also adjusts network quality using network virtualization technology for comprehensive evaluations. The experimental results show that the integrated framework has low overhead in building and operating a decentralized storage with multimedia streaming services on a single host computer which validates the scalability of the developed framework.

• The Journal of the Korea Contents Association
• /
• v.6 no.10
• /
• pp.126-133
• /
• 2006

Application software streaming is a virtualization technology that enables users to use applications without installation on her/his computer. With application streaming service, a client immediately starts and uses the application as if it were installed. The application can be executed while executable codes for the application may still be streamed. Since the software streaming is based on networks, its service is affected by network failures. Network failures may cause the streamed application to stop, and to make it worse, also the system may crash because executable codes for the application can't be streamed from the streaming server. Using the Pareto principle (80 vs. 20 rule), users can be served continuously with the minimum functions that are frequently used, pre-fetched and cached if we provide a more intelligent and fault-tolerant streaming technique. This paper proposes the concept and technique named Evergreen. Using the Evergreen technique, users can continue using the streamed application while a network failure occurs, although user can access only the streamed code. We also discuss the implementation of Evergreen technique in details.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.2
• /
• pp.7-17
• /
• 2017

In this paper, we propose the TPS (TPM-enhanced Privacy Protection System) which is an automated privacy protection system enhanced with a TPM (Trusted Platform Module). The TPS detects documents including personal information by periodic scanning the disk of clients at regular intervals and encrypts them. Hence, system manages the encrypted documents in the server. In particular, the security of TPS was greatly enhanced by limiting the access of documents including the personal information with regard to the client in an abnormal state through the TPM-based platform verification mechanism of the client system. In addition, we proposed and implemented a VTF (Virtual Trusted File) interface to provide users with the almost identical user interface as general document access even though documents containing personal information are encrypted and stored on the remote server. Consequently, the TPS automates the compliance of the personal information protection acts without additional users' interventions.