• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.1
• /
• pp.125-129
• /
• 2010

Stateless computing supports a mobility of computing environment easily. It is becoming a major technology for securing personal user's information on shared computing environment. With the advance of virtualization technology and cloud computing, stateless computing is an essential part of personal computing environment connectivity (user's setting and data is stored in remote server or some storage, and it can be restored at any computing environment) In this paper, we propose uPC player that supports stateless computing execution environment on Windows. uPC player provides Windows operating system to user by using an uPC OS virtualization module. In this paper, we leverage how uPC player is designed and implemented for supporting a stateless computing execution environment. uPC player provides a desktop switch between host-system execution environment and uPC virtual execution environment. And it needs just one second for loading uPC virtual execution environment by using OS virtualization-based technique.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5588-5613
• /
• 2018

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.83-84
• /
• 2013

클라우드 컴퓨팅을 이용하여 다양한 서비스가 생겨남에 따라 클라우드 컴퓨팅 환경에서의 보안이 더욱 중요해지고 있다. 이에 따라 클라우드 컴퓨팅을 구축하는 핵심 기술인 가상화 기술의 보안 또한 중요한 이슈가 되고 있다. 가상화 기술은 독립된 컴퓨팅 환경을 제공함으로써 기본적으로 안전한 컴퓨팅 환경을 제공하지만 가상화 기술의 보안 취약점을 이용하여 보안 공격하는 사례가 증가하고 있다. 이에 본 논문에서는 전가상화 기법과 운영체제 레벨 가상화 기법을 접목시켜 게스트 운영체제로부터 시작되는 보안 공격에 대해 대응할 수 있게 함으로써 보안성을 강화시키는 기법을 제안한다. 또한, 벤치마킹을 통해 이러한 접근방법이 기존의 컴퓨팅 성능에 거의 영향을 미치지 않음을 확인하였다.

• Journal of KIISE
• /
• v.44 no.5
• /
• pp.439-448
• /
• 2017

The workloads of large high-performance computing (HPC) scientific applications are steadily becoming "bursty" due to variable resource demands throughout their execution life-cycles. However, the over-provisioning of virtual resources for optimal performance during execution remains a key challenge in the scheduling of scientific HPC applications. While over-provisioning of virtual resources guarantees peak performance of scientific application in virtualized environments, it results in increased amounts of idle resources that are unavailable for use by other applications. Herein, we proposed a memory resource reconfiguration approach that allows the quick release of idle memory resources for new applications in OS-level virtualized systems, based on the applications resource-usage pattern profile data. We deployed a scientific workflow application in Docker, a light-weight OS-level virtualized system. In the proposed approach, memory allocation is fine-tuned to containers at each stage of the workflows execution life-cycle. Thus, overall memory resource utilization is improved.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.10
• /
• pp.415-420
• /
• 2017

Virtualization technique of OS-level is a new paradigm for deploying applications, and is attracting attention as a technology to replace traditional virtualization technique, VM (Virtual Machine). Especially, docker containers are capable of distributing application images faster and more efficient than before by applying layered image structures and union mount point to existing linux container. These characteristics of containers can only be used in layered file systems that support snapshot functionality, so it is required to select appropriate layered file systems according to the characteristics of the containerized application. We examine the characteristics of representative layered file systems and conduct write performance evaluations of each layered file systems according to the operating principles of the layered file system, Allocate-on-Demand and Copy-up. We also suggest the method of determining a appropriate layered file system principle for unknown containerized application by learning block I/O usage history of each layered file system principles in artificial neural network. Finally we validate effectiveness of artificial neural network created from block I/O history of each layered file system principles.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.9
• /
• pp.916-920
• /
• 2008

The personal workspace consists of user- specified computing environment such as user profile, applications and their configurations, and user data. Mobile computing devices (i.e., cellular phones, PDAs, laptop computers, and Ultra Mobile PC) are getting smaller and lighter to provide personal work-space ubiquitously. However, various personal work-space mobility solutions (c.f. VMWare Pocket ACE[1], Mojopac[2], u-PC[3], etc.) are appeared with the advance of virtualization technology and portable storage technology. The personal workspace can be loaded at public PC using above solutions. Especially, we proposed a framework called ubiquitous personal computing environment (u-PC) that supports mobility of personal workspace based on wireless iSCSI network storage in our previous work. However, previous u-PC could support limited applications, because it uses IRP (I/O Request Packet) forwarding technique at filter driver level on Windows operating system. In this paper, we implement OS-level virtualization technology using system call hooking on Windows operating system. It supports personal workspace mobility and covers previous u-PC limitation. Also, it overcomes personal workspace loading overhead that is limitation of other solutions (i.e., VMWare Pocket ACE, Mojopac, etc). We implement a prototype consisting of Windows XP-based host PC and Linux-based mobile device connected via WiNET protocol of UWB. We leverage several use~case models of our framework for proving its usability.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.5
• /
• pp.103-112
• /
• 2007

In this paper, we implement a hypervisor that runs multiple uC/OS-II real-time kernels on one microprocessor. The hypervisor virtualizes microprocessor and memory that are main resources managed by uC/OS-II kernel. Microprocessor is virtualized by controlling interrupts that uC/OS-II real-time kernel handles and memory is virtualized by partitioning physical memory. The hypervisor consists of three components: interrupt control routines that virtualize timer interrupt and software interrupt, a startup code that initializes the hypervisor and uC/OS-II kernels, and an API that provides communication between two kernels. The original uC/OS-II kernel needs to be modified slightly in source-code level to run on the hypervisor. We performed a real-time test and an independent computation test on Jupiter 32-bit EISC microprocessor and showed that the virtualized kernels run without problem. The result of our research can reduce the hardware cost, the system space and weight, and system power consumption when the hypervisor is applied in embedded applications that require many embedded microprocessors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5642-5670
• /
• 2017

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.