• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.11
• /
• pp.1741-1748
• /
• 2013

In this paper, we proposed new virtualization technology that is more convenient and stable in local computing environment, then found technique elements need to desktop virtualization which is based on clients in various virtualization technologies. After running excution of process explorer utility in user level virtualization and VMWare, we found memory capacity that is used 30.1MB in VMWare and 16.6MB in user level virtualization respectively to compare private bytes each of process. We found no significant difference of CPU utilization which is executed application program in local computing environment and user domain with user level virtualization. In this result, proposed virtualization technology is able to minimize performance degradation of local computing environment.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.8 no.3
• /
• pp.145-153
• /
• 2013

Virtualization technology has been applied in IA-32 based server or desktop systems. Recently it has been applied in ARM based mobile systems. Virtualization technology provides many useful features that are not possible in operating system level such as isolation, interposition, encapsulation and portability. In this research, we implement an ARM based VMM(Virtual Machine Monitor) by using the following techniques. First, we use "emulation" to virtualize the processor. Second, we use "shadow page tables" to virtualize the memory. Finally, we use a simple "pass-through I/O" to virtualize the device. Currently the VMM runs ARM Linux kernel 3.4.4 on a BeagleBoard-xM, and we evaluated the performance of the VMM using lmbench and dhrystone. The result of the evaluation shows that our VMM is slower than Xen on ARM that is implemented using paravirtualization but has good performance among the VMMs using full-virtualization.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.26-33
• /
• 2017

Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

• KIISE Transactions on Computing Practices
• /
• v.21 no.12
• /
• pp.792-797
• /
• 2015

Effective profiling diagnoses the failure of the system and informs risk. If a failure in the target system occurs, it is impossible to diagnose more than one of the exiting tools. In this respect, monitoring of the system based on virtualization is useful. We present in this paper a monitoring framework that uses the characteristics of hardware virtualization to prevent side-effects from a target guest, and uses dynamic binary instrumentation with instruction-level trapping based on hardware virtualization to achieve efficiency and flexibility. We also present examples of some applications that use this framework. The framework provides tracing of guest kernel function, memory dump, and debugging that uses GDB stub with GDB remote protocol. The experimental evaluation of our prototype shows that the monitoring framework incurs at most 2% write memory performance overhead for end users.

• Proceedings of the Korea Contents Association Conference
• /
• 2007.11a
• /
• pp.807-811
• /
• 2007

In this paper, we introduce an application virtualization method that could be supported without changing and modifying any resources and execution environment on host system, using non-installable portable software format that could be executed by one-click on any host without installing process. For the purpose of designing and implementing an application virtualization method, we construct virtual supporting system that includes virtual file system and virtual registry hive on kernel level of Windows operating system. Also, when users execute portable software on any hosts to provide consistency on using portable software, we describe method of processing information of appending and modifying files and registry datum on virtual file system and virtual registry hive through Copy-on-Write scheme.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.5
• /
• pp.103-112
• /
• 2007

In this paper, we implement a hypervisor that runs multiple uC/OS-II real-time kernels on one microprocessor. The hypervisor virtualizes microprocessor and memory that are main resources managed by uC/OS-II kernel. Microprocessor is virtualized by controlling interrupts that uC/OS-II real-time kernel handles and memory is virtualized by partitioning physical memory. The hypervisor consists of three components: interrupt control routines that virtualize timer interrupt and software interrupt, a startup code that initializes the hypervisor and uC/OS-II kernels, and an API that provides communication between two kernels. The original uC/OS-II kernel needs to be modified slightly in source-code level to run on the hypervisor. We performed a real-time test and an independent computation test on Jupiter 32-bit EISC microprocessor and showed that the virtualized kernels run without problem. The result of our research can reduce the hardware cost, the system space and weight, and system power consumption when the hypervisor is applied in embedded applications that require many embedded microprocessors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5642-5670
• /
• 2017

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.