• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.168-170
• /
• 2011

본 논문에서는 Xen 하이퍼바이저에서 연성 실시간 작업을 지원하기 위한 실시간 스케줄링 알고리즘을 제안하고 있다. 제안하는 기법은 하이퍼바이저에서 제공하는 Credit 스케줄러를 개선하여 실시간 게스트 운영체제의 VCPU를 우선적으로 처리하도록 하였다. 또한 실시간 VCPU가 실시간 처리를 위해 요구하는 프로세서 용량을 제외한 부분 내에서 비실시간 VCPU가 수행 될 수 있도록 프로세서 용량을 제한하였다. 실험을 통하여 제안하는 실시간 스케줄러가 실시간 태스크의 데드라인 실패율을 크게 줄임을 알 수 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.103-105
• /
• 2011

그림자 페이지테이블(shadow page table)은 MMU 를 가상화 함으로써 게스트 운영체제들이 하드웨어에서 제공하는 물리 메모리를 실제로 사용하는 것처럼 보이도록 하는 기술로 전가상화 지원 ARM 기반 가상머신 모니터인 ViMo 역시 게스트 운영체제간의 메모리 격리를 위해서 그림자 페이지 테이블을 사용한다. 본 논문에서는 그림자 페이지테이블의 성능을 향상시키기 위하여 ViMo에서 사용하는 그림자테이블에 지연 동기화 기법을 추가하는 방법에 대해 설명하고 성능상의 이점을 보인다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.01a
• /
• pp.1-3
• /
• 2021

서버 가상화 기술은 초기 하이퍼바이저 방식에서 비즈니스 민첩성을 높일 수 있는 컨테이너 기술로 진화하고 있다. 하지만, 컨테이너 기술은 운영체제를 공유하고 잦은 빌드와 배포로 보안과 안정성에 대한 문제가 제기되고 있다. 이에 따라 본 논문에서는 서버 가상화 기술인 하이퍼바이저와 컨테이너 기술을 비교분석하고 애플리케이션 특성을 분석한다. 하이퍼바이저 기술은 하드웨어 가상화를 통해 안정성이 높은 반면 복잡하고 무거우며 속도가 느린 단점이 있다. 컨테이너 기술은 하이퍼바이저에 비해 가볍고 성능이 향상되는 반면 보안 및 안정성에 문제가 발생할 수 있다는 단점이 있다. 이를 통해 미션 크리티컬 워크로드를 가진 애플리케이션은 안정성이 우수한 하이퍼바이저 기술이 적합하고, 자원 사용이 가변적인 애플리케이션은 서버 확장이 유연하고 성능이 우수한 컨테이너 기술이 적합하다고 제안한다.

• Journal of KIISE
• /
• v.43 no.12
• /
• pp.1404-1411
• /
• 2016

Network virtualization is a technique that abstracts the physical network to provide multiple virtual networks to users. Virtualized network has the advantage to offer flexible services and improve resource utilization. In SDN architecture, network hypervisor serves to virtualize the network through address virtualization, topology virtualization and policy virtualization. Among them, address virtualization refers to the technique that provides an independent address space for each virtual network. Previous work divided the physical address space, and assigned an individual division to each virtual network. Each virtual address is then mapped one-to-one to a physical address. However, this approach requires a lot of flow entries, thus making it disadvantageous. Since SDN switches use TCAM (Ternary Contents Addressable Memory) for the flow table, it is very important to reduce the number of flow entries in the aspect of cost and scalability. In this paper, we propose a LISP based address virtualization, which separates address spaces for the physical and virtual addresses and transmits packet through tunneling, in order to resolve the limitation of the previous studies. By implementing a prototype, we show that the proposed scheme provides better scalability.

• The Transactions of the Korea Information Processing Society
• /
• v.13 no.2
• /
• pp.48-59
• /
• 2024

As functions that support virtualization on their own in hardware are developed, user applications having various workloads are operating efficiently in the virtualization system. SR-IOV is a virtualization support function that takes direct access to PCI devices, thus giving a high I/O performance by minimizing the need for hypervisor or operating system interventions. With SR-IOV, network I/O acceleration can be realized in virtualization systems that have relatively long I/O paths compared to bare-metal systems and frequent context switches between the user area and kernel area. To take performance advantages of SR-IOV, network resource management policies that can derive optimal network performance when SR-IOV is applied to an instance such as a virtual machine(VM) or container are being actively studied.This paper evaluates and analyzes the network performance of SR-IOV implementing I/O acceleration is compared with Virtio in terms of 1) network delay, 2) network throughput, 3) network fairness, 4) performance interference, and 5) multi-network. The contributions of this paper are as follows. First, the network I/O process of Virtio and SR-IOV was clearly explained in the virtualization system, and second, the evaluation results of the network performance of Virtio and SR-IOV were analyzed based on various performance metrics. Third, the system overhead and the possibility of optimization for the SR-IOV network in a virtualization system with high VM density were experimentally confirmed. The experimental results and analysis of the paper are expected to be referenced in the network resource management policy for virtualization systems that operate network-intensive services such as smart factories, connected cars, deep learning inference models, and crowdsourcing.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06b
• /
• pp.409-412
• /
• 2011

본 논문에서는 Xen-ARM 기반의 가상화 환경에서 실시간 게스트 운영체제의 I/O를 지원하기 위한 방법을 제안한다. Xen-ARM 하이퍼바이저는 서버 환경에서 주로 사용되는 Xen 가상화 기법을 모바일 구조인 ARM에서 구현한 것으로, 분할 드라이버 모델과 크레딧 스케줄러를 지원한다. 하지만, 이러한 두 가지 특성은 I/O 처리 지연의 주요 원인이 된다. 특히, 장치 드라이버와 사용자 태스크의 실행 중에 하이퍼바이저의 도메인 간 스위칭이 필요하므로, 특정 시간으로 I/O 처리 지연을 제한하기 대단히 어렵다. 본 논문에서는 게스트 운영체제의 수정을 통해 I/O 처리 지연을 제한하는 기법을 제안한다. 게스트 운영체제는 현재 실행되는 태스크의 특성을 Xen-ARM 하이퍼바이저에게 간접적으로 전달하여, 전체 시스템의 모든 태스크에 대하여 우선순위를 부여하며, 하이퍼바이저의 스케줄러에서 인터럽트 처리를 위해 가장 응급한 태스크 실행을 스케줄링 할 수 있도록 한다. 제안하는 기법은 실험을 통해, I/O를 처리하는 도메인의 1ms 이상의 처리시간이 84%에서 99%까지 줄어들 수 있음을 보인다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.9
• /
• pp.1910-1917
• /
• 2011

In this paper, a cloud computing platform is designed and implemented based on an open source cloud platform, OpenNebula, and Xen hypervisor on each node for efficient computer lab system. For the purpose of convenient management, a web-based user interface has been developed for the cloud virtualization system. Once individual virtual machine is allocated to a user based upon class schedule, each user can access the virtual machine remotely and use appropriate operating system and application programs. The developed system can reduce computer lab upgrade cost, management cost, and administration time considerably.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.15 no.4
• /
• pp.177-187
• /
• 2020

Virtualization with hypervisors is one of emerging topics in multicore processors for space. Hypervisors are software layers to make several independent virtualized environments on one processor. Since all hardware resources are virtualized and distributed only by hypervisors, overall performance of processors can be improved by fully utilizing the resources. However at the same time, there are overheads for virtualizing and distributing hardware resources. Satellites are one of hard real time systems, and performance degradation with overheads should be analyzed thoroughly. Previous research on the overheads focused on single core systems. Even the overheads were analyzed in multicore systems, SMP environment was not fully included. This paper builds SMP environment with XtratuM, one of hypervisors for space missions, and analyzes performance degradation with overheads. Two boards of GR712RC with 2 LEON3FT CPUs and GR740 with 4 LEON4 CPUs are used in experiments. On each board, SMP benchmark functions are executed on SMP environment with XtratuM and on that without XtratuM respectively. Results are analyzed to find timing characteristics including overheads. Finally, applicability of the XtratuM to flight software in SMP is also reviewed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.579-589
• /
• 2017

The cloud environment is hypervisor-based, and many virtual machines are interconnected, which makes propagation of malicious code easier than other environments. Accordingly, this paper proposes a malicious traffic dynamic analysis system for secure cloud environment. The proposed system continuously monitors and analyzes malicious activity in an isolated virtual network environment by distinguishing malicious traffic that occurs in a cloud environment. In addition, the analyzed results are reflected in the distinguishment and analysis of malicious traffic that occurs in the future. The goal of this research is secure and efficient malicious traffic dynamic analysis by constructing the malicious traffic analysis environment in the cloud environment for detecting and responding to the new and variant malicious traffic generated in the cloud environment.