• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.4
• /
• pp.64-72
• /
• 2008

Recently security is being an important issue in almost every field of industry. This situation has affected port logistics industry deeply. Ports are now leaving operational methods that only focus on productivity, and shifting to new ones which focus on safety and customer services on the basis of it. Thus a lot of companies and institutions have offered various solutions as this issue becomes more and more intense. Among them, most typical solutions involve installing special devices to ordinary containers to improve its security, such as CSD (Container Security Device) of GE (General Electric) and eSeal of Savi Networks. On the other hand, these devices focus only on international standards or technical implementation, and this causes inconvenience to actual users like cargo owners, sea carriers, or stevedoring companies. This is considered to be due to lack of sufficient consideration on user demands. This research uses QFD (Quality Function Deployment) method for deducting system requirements in order to solve the problems of previous security devices and to develop a security system that can not only reflect the demands of the users but also considers real-world conditions. According to the QFD results, a total of 21 system CTO's were deducted under 5 categories.

• Proceedings of the Korea Port Economic Association Conference
• /
• 2006.08a
• /
• pp.1-12
• /
• 2006

As national economies globalize, demand for intercontinental container shipping services is growing rapidly, providing a potential economic boon for the countries and communities that provide port services. On the promise of profits, many governments are investing heavily in port infrastructure, leading to a possible glut in port capacity, driving down prices for port services and eliminating profits as ports compete for business. Further, existing ports are making strategic investments to protect their market share, increasing the chance new ports will be overcapitalized and unprofitable. Governments and port researchers need a tool for understanding how local competition in their region will affect demand for port services at their location, and thus better assess the profitability of a prospective port. We propose to develop such a tool by extending our existing simulation model of global container traffic to incorporate demand-side shipper preferences and supply-side strategic responses by incumbent ports to changes in the global port network, including building new ports, scaling up existing ports, and unexpected port closures. We will estimate shipper preferences over routes, port attributes and port services based on US and international shipping data, and redesign the simulation model to maximize the shipper's revealed preference functions rather than simply minimize costs. As demand shifts, competing ports will adjust their pricing (short term) and infrastructure (long term) to remain competitive or defend market share, a reaction we will capture with a game theoretic model of local monopoly that will predict changes in port characteristics. The model's hypotheses will be tested in a controlled laboratory experiment tailored to local port competition in Asia, which will also serve to demonstrate the subtle game theoretic concepts of imperfect competition to a policy and industry audience. We will apply the simulation model to analyze changes in global container traffic in three scenarios: addition of a new large port in the US, extended closure of an existing large port in the US, and cooperative and competitive port infrastructure development among Korean partner countries in Asia.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.9 no.6
• /
• pp.757-772
• /
• 2019

The purpose of this paper is to measure the clustering change and analyze empirical results, and choose the clustering ports for Busan, Incheon, and Gwangyang ports by using Artificial Neural Network, Social Network, and Tabu Search models on 38 Asian container ports over the period 2007-2016. The models consider number of cranes, depth, birth length, and total area as inputs and container throughput as output. Followings are the main empirical results. First, the variables ranking order which affects the clustering according to artificial neural network are TEU, birth length, depth, total area, and number of cranes. Second, social network analysis shows the same clustering in the benevolent and aggressive models. Third, the efficiency of domestic ports are worsened after clustering using social network analysis and tabu search models. Forth, social network and tabu search models can increase the efficiency by 37% compared to that of the general CCR model. Fifth, according to the social network analysis and tabu search models, 3 Korean ports could be clustered with Asian ports like Busan Port(Kobe, Osaka, Port Klang, Tanjung Pelepas, and Manila), Incheon Port(Shahid Rajaee, and Gwangyang), and Gwangyang Port(Aqaba, Port Sulatan Qaboos, Dammam, Khor Fakkan, and Incheon). Korean seaport authority should introduce port improvement plans by using the methods used in this paper.

• The Transactions of the Korea Information Processing Society
• /
• v.13 no.2
• /
• pp.48-59
• /
• 2024

As functions that support virtualization on their own in hardware are developed, user applications having various workloads are operating efficiently in the virtualization system. SR-IOV is a virtualization support function that takes direct access to PCI devices, thus giving a high I/O performance by minimizing the need for hypervisor or operating system interventions. With SR-IOV, network I/O acceleration can be realized in virtualization systems that have relatively long I/O paths compared to bare-metal systems and frequent context switches between the user area and kernel area. To take performance advantages of SR-IOV, network resource management policies that can derive optimal network performance when SR-IOV is applied to an instance such as a virtual machine(VM) or container are being actively studied.This paper evaluates and analyzes the network performance of SR-IOV implementing I/O acceleration is compared with Virtio in terms of 1) network delay, 2) network throughput, 3) network fairness, 4) performance interference, and 5) multi-network. The contributions of this paper are as follows. First, the network I/O process of Virtio and SR-IOV was clearly explained in the virtualization system, and second, the evaluation results of the network performance of Virtio and SR-IOV were analyzed based on various performance metrics. Third, the system overhead and the possibility of optimization for the SR-IOV network in a virtualization system with high VM density were experimentally confirmed. The experimental results and analysis of the paper are expected to be referenced in the network resource management policy for virtualization systems that operate network-intensive services such as smart factories, connected cars, deep learning inference models, and crowdsourcing.

• Journal of the Economic Geographical Society of Korea
• /
• v.23 no.1
• /
• pp.93-109
• /
• 2020

The purpose of this study is to examine the effects of industrialization and urbanization of Gwangyang Bay Region on the change of urban system and spatial structure between triangle-cities located in Gwangyang Bay, Yeosu City, Suncheon City, and Gwangyang City, one of the famous industrial zones in Korea. Large-scale development projects carried out by the central government in the Gwangyang Bay Region such as construction of the Second Oil Refinery in the mid-1960s, completion of the POSCO Gwangyang Steelworks in the mid-1980s, construction of the Gwangyang Port Container Terminal in 1987 and designation of the Gwangyang Bay Area Free Economic Zone in 2003, and EXPO 2012 Yeosu Korea, affected to changes of the urban system and spatial structure between triangle-cities in Gwangyang Bay Region. The above four-development projects transformed the urban and spatial structures between the three cities in the Gwangyang Bay Region from a mononuclear urban system centered on Suncheon to a network city system. Historically, Suncheon has served as an exclusive center in the eastern region of Jeonnam, including the Gwangyang Bay Region. However, the hosting of the 2012 Yeosu Expo Korea is reorganizing the three cities into a network-type spatial structure with the strengthening of connectivity and integration in the region. And this trend is expected to intensify in the future.

• Journal of Korea Port Economic Association
• /
• v.37 no.4
• /
• pp.33-40
• /
• 2021

Currently, the shipping and port industries are implementing strategies to improve port processing capabilities through the expansion and efficient operation of port logistics resources to survive fierce competition with rapidly changing trends. The calculation of the port's processing capacity is determined by the loading and unloading equipment installed at the dock, and the port's processing capacity can be improved through various methods, such as additional deployment of logistics resources or efficient operation of resources in use. However, it is difficult to expect an improvement effect in a short period of time because the additional deployment of logistics resources is clearly limited in time is clear. Therefore, it is a feasible way to find an efficient operation method for resources being used to improve processing capacity. Domestic ports are also actively promoting informatization and digitalization with the development of the 4th industrial revolution technology. However, the calculation of the number of Y/T (Yard Tractor) assignments in the current unloading process depends on expert experience, and related previous studies also focus on the allocations of Y/T or Calculation of the total number of Y/T required. Therefore, this study analyzed the factors affecting the number of Y/T allocations using the loading and unloading information of incoming ships, and based on this, cluster analysis, regression analysis, and deep neural network(DNN) model were used.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.392-395
• /
• 2003

In the maritime container terminal, LMTT (Linear Motor-based Transfer Technology) is horizontal transfer system for the yard automation, which has been proposed to take the place of AGV (Automated Guided Vehicle). The system is based on PMLSM (Permanent Magnetic Linear Synchronous Motor) that is consists of stator modules on the rail and shuttle car (mover). Because of large variant of mover's weight by loading and unloading containers, the difference of each characteristic of stator modules, and a stator module's trouble etc., LMCPS (Linear Motor Conveyance Positioning System) is considered as that the system is changed its model suddenly and variously. In this paper, we will introduce the soft-computing method of a multi-step prediction control for LMCPS using DR-FNN (Dynamically-constructed Recurrent Fuzzy Neural Network). The proposed control system is used two networks for multi-step prediction. Consequently, the system has an ability to adapt for external disturbance, cogging force, force ripple, and sudden changes of itself.

• Journal of Institute of Control, Robotics and Systems
• /
• v.21 no.4
• /
• pp.385-390
• /
• 2015

Quay cranes are considered core equipment for container terminal operation. However, unmanned operation systems have not as yet been announced due to the technological difficulties of implementation. In this paper, we developed a wireless controller to control a quay crane simulator remotely and conducted its performance test, a first step toward unmanned operation of quay cranes. The communication delay of a developed wireless controller was about 9.4ms on average while that of existing wired controllers was about 5.6ms. The same functions were implemented and tested on a smart phone where the average communication delay was 7.3ms. In addition, to apply the developed system into a real environment, we proposed a network architecture based on IEEE 802.11ac and carried out its performance evaluation. When the distance between two nodes was 50m apart, the throughputs of the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) were 57Mbps and 189Mbps, respectively. The communication delay of the control data was 9.1ms through the TCP channel. These results reveal the proper working of remote quay crane operation if we adopt the IEEE 802.11ac network.

• Journal of Advanced Marine Engineering and Technology
• /
• v.39 no.3
• /
• pp.206-210
• /
• 2015

The most important thing for NOVEC gas fire extinguishing equipment is to release NOVEC gas, which contained in the extinguishing container, to the safety section by the time appointed. For this matter, it is significant to decide arrangement and size of the proper piping equipment. This study has developed the design methodology of NOVEC gas fire extinguishing equipment in use of pipe network analysis techniques. Based on the design methodology, each design coefficient is chosen. It is found that the calculated result, which is 6.498 seconds, has been counted within the 10 seconds limit, which is fairly satisfied with extinguishing releasing time based on the developed methodology. At that time, the pressure loss is 21.09bar.