• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.21-26
• /
• 2023

The development and distribution approach of applications is transitioning from a monolithic architecture to microservices and containerization, a lightweight virtualization technology, is becoming a core IT technology. However, unlike traditional virtual machines based on hypervisors, container technology does not provide concrete security boundaries as it shares the same kernel. According to various preceding studies, there are many security vulnerabilities in most container images that are currently shared. Accordingly, attackers may attempt exploitation by using security vulnerabilities, which may seriously affect the system environment. Therefore, in this study, we propose an efficient automated deployment pipeline design to prevent the distribution of container images with security vulnerabilities, aiming to provide a secure container environment. Through this approach, we can ensure a safe container environment.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.71-79
• /
• 2022

The smart grid system has emerged to maximize energy efficiency through real-time information exchange between power providers and consumers by combining information technology and power supply systems. The authentication schemes using blockchain in a smart grid system have been proposed, which utilize an edge server's architecture to collect and store electric power-related information and process data between a central cloud server and smart grid-IoT devices. Although authentication schemes are being proposed to enhance security in the smart grid environment, many vulnerabilities are still reported. This paper presents a new mutual authentication scheme to guarantee users' privacy and anonymity in a smart grid based on edge computing using blockchain. In the proposed scheme, we use the smart contract for the key management's efficiency, such as updating and discarding key materials. Finally, we prove that the proposed scheme not only securely establishes a session key between the smart grid-IoT device of the user and the edge server but also guarantees anonymity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.87-97
• /
• 2023

Containers are an emerging virtualization technology that can build an isolated environment more lightweight and faster than existing virtual machines. For that reason, many organizations have recently adopted them for their services. Yet, the container architecture has also exposed many security problems since all containers share the same OS kernel. In this work, we focus on the fact that an attacker can abuse host resources to make them unavailable to benign containers-also known as host resource exhaustion attacks. Then, we analyze the impact of host resource exhaustion attacks through real attack scenarios exhausting critical host resources, such as CPU, memory, disk space, process ID, and sockets in Docker, the most popular container platform. We propose five attack scenarios performed in several different host environments and container images. The result shows that three of them put other containers in denial of service.

• Smart Media Journal
• /
• v.12 no.5
• /
• pp.73-80
• /
• 2023

Recently, intelligent control systems are developing rapidly in various application fields, and methods for utilizing technologies such as deep learning, IoT, and cloud computing for intelligent control systems are being studied. An important technology in an intelligent control system is recognizing and tracking objects in images. However, existing multi-object tracking technology has problems in accuracy and speed. In this paper, a real-time intelligent control system was implemented using YOLO v5 and YOLO v6 based on a one-shot architecture that increases the accuracy of object tracking and enables fast and accurate tracking even when objects overlap each other or when there are many objects belonging to the same class. The experiment was evaluated by comparing YOLO v5 and YOLO v6. As a result of the experiment, the YOLO v6 model shows performance suitable for the intelligent control system.

• International conference on construction engineering and project management
• /
• 2013.01a
• /
• pp.279-286
• /
• 2013

This paper introduces a new method for identification of building energy performance problems. The presented method is based on automated analysis and visualization of deviations between actual and expected energy performance of the building using EPAR (Energy Performance Augmented Reality) models. For generating EPAR models, during building inspections, energy auditors collect a large number of digital and thermal imagery using a consumer-level single thermal camera that has a built-in digital lens. Based on a pipeline of image-based 3D reconstruction algorithms built on GPU and multi-core CPU architecture, 3D geometrical and thermal point cloud models of the building under inspection are automatically generated and integrated. Then, the resulting actual 3D spatio-thermal model and the expected energy performance model simulated using computational fluid dynamics (CFD) analysis are superimposed within an augmented reality environment. Based on the resulting EPAR models which jointly visualize the actual and expected energy performance of the building under inspection, two new algorithms are introduced for quick and reliable identification of potential performance problems: 1) 3D thermal mesh modeling using k-d trees and nearest neighbor searching to automate calculation of temperature deviations; and 2) automated visualization of performance deviations using a metaphor based on traffic light colors. The proposed EPAR v2.0 modeling method is validated on several interior locations of a residential building and an instructional facility. Our empirical observations show that the automated energy performance analysis using EPAR models enables performance deviations to be rapidly and accurately identified. The visualization of performance deviations in 3D enables auditors to easily identify potential building performance problems. Rather than manually analyzing thermal imagery, auditors can focus on other important tasks such as evaluating possible remedial alternatives.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.961-973
• /
• 2023

With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.3-11
• /
• 2023

Zero Trust, characterized by the principle of "Never Trust, Always Verify," represents a novel security paradigm. The proliferation of remote work and the widespread use of cloud services have led to the establishment of Work From Anywhere (WFA) environments, where access to corporate systems is possible from any location. In such environments, the boundaries between internal and external networks have become increasingly ambiguous, rendering traditional perimeter security models inadequate to address the complex and diverse nature of cyber threats and attacks. This research paper introduces the implementation principles of Zero Trust and focuses on the Micro Segmentation approach, highlighting its relevance in mitigating the limitations of perimeter security. By leveraging the risk management framework provided by the National Institute of Standards and Technology (NIST), this paper proposes a comprehensive procedure for the adoption of Zero Trust. The aim is to empower organizations to enhance their security strategies.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.35-42
• /
• 2024

Multi-tenancy architecture plays a crucial role in cloud-based services and applications, and data isolation within such environments has emerged as a significant security challenge. This paper investigates various data isolation methods including schema-based isolation, logical isolation, and physical isolation, and compares their respective advantages and disadvantages. It evaluates the practical application and effectiveness of these data isolation methods, proposing security considerations and selection criteria for data isolation in the development of multi-tenant websites. This paper offers important guidance for developers, architects, and system administrators aiming to enhance data security in multi-tenancy environments. It suggests a foundational framework for the design and implementation of efficient and secure multi-tenant websites. Additionally, it provides insights into how the choice of data isolation methods impacts system performance, scalability, maintenance ease, and overall security, exploring ways to improve the security and stability of multi-tenant systems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.11
• /
• pp.1515-1527
• /
• 2016

With the growth of big data, machine learning, and cloud computing, the importance of storage that can store large amounts of unstructured data is growing recently. So the commodity hardware based distributed file systems such as MAHA-FS, GlusterFS, and Ceph file system have received a lot of attention because of their scale-out and low-cost property. For the data fault tolerance, most of these file systems uses replication in the beginning. But as storage size is growing to tens or hundreds of petabytes, the low space efficiency of the replication has been considered as a problem. This paper applied erasure coding data fault tolerance policy to MAHA-FS for high space efficiency and introduces VDelta technique to solve data consistency problem. In this paper, we compares the performance of two file systems, MAHA-FS and GlusterFS. They have different IO processing architecture, the former is server centric and the latter is client centric architecture. We found the erasure coding performance of MAHA-FS is better than GlusterFS.

• 한국태양에너지학회:학술대회논문집
• /
• 2008.11a
• /
• pp.202-207
• /
• 2008

Measures for coping with energy shortage are being sought all over the world. Following such a phenomenon, effort to use less energy in the design of buildings and equipment are being conducted. In particular, a program to evaluate the performance of a building comes into the spotlight. However. indispensable standard wether data to estimate the exact energy consumption of a building is currently unprepared. Thus, after appling standard weather data for four weather factors which were used in previous researches to Visual DOE 4.0, we compared it with the result of the existing data and evaluated them. For the monthly cooling and heating load of our target building, we used revised data for June, July, August, and September during which cooling load is applied. When not the existing data but the revised data was used, the research shows that an average of 14.9% increased in June, August, and September except for July. Also, in a case of heating load, the result by the revised data shows a reduction of an average of 11.9% from October to April during which heating load is applied. In particular, the heating loads of all months for which the revised data was used were more low than those of the existing data. In the maximum cooling and heating load according to load factors, the loads by residents and illumination for which the revised data was used were the same as those of the existing data, but the maximum cooling loads used by the two data have a difference in structures such as walls and roofs. Through the above results, the research cannot clearly grasp which weather data influences the cooling and heating load of a building. However, in the maximum loads by the change of weather data in four factors (dry-bulb temperature, web-bulb temperature, cloud amount, and wind speed) among 14 weather factors, the research shows that 5.95% in cooling load and 27.56% in heating load increased, and these results cannot be ignored. In order to make weather data for Performing energy performance evaluation for future buildings, the flow of weather data for the Present and past should be obviously grasped.