• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.171-178
• /
• 2003

Differentiated Services (DiffServ) is a technique to provide Quality of Service (QoS) in an efficient and scalable way. However, current DiffServ specifications have limitations in providing the complete QoS management framework and its implementation model. This paper proposes a policy-based QoS management model that supports DiffServ policies for managing QoS of DiffServ networks. The management model conforms to Model-View-Controller (MVC) architecture, and is based on Enterprise JavaBeans (EJBs) technologies. In our model, high-level DiffServ QoS policies are represented as valid XML documents with an XML Schema and are translated to low-level EJB policy beans in the EJB-based policy server. The routing topology and role information required to define QoS policies is discovered by using SNMP MIB-II, and the QoS policy distribution and monitoring is accomplished by using SNMP DiffServ MIB.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.307-319
• /
• 2017

SELinux is known as a secure operating system that is easily accessible to users due to the popularization of Linux, and is applied to various security operating system references deployed on systems such as embedded systems and servers. However, if SELinux is applied without considering the performance overhead of activating the SELinux kernel module, the performance of the entire system may be degraded. In this paper, we describe the factors directly affecting the performance inside the SELinux kernel and show that it is possible to improve performance by simply reorganizing the policy without changing the SELinux kernel. This can be used as a reference when security administrators or developers apply SELinux.

• The Journal of the Korea Contents Association
• /
• v.3 no.3
• /
• pp.63-73
• /
• 2003

Today, in exponential growth of internet, the importance of file caching which could reduce the sun load, the volume of network traffic, and the latency of response has emerged. Actually, in one network, the traffic has reduced by using the cache and this means that file caching can improve the internet environment by cost a fraction of link upgrades. In this paper, we address a dynamic cache group configuration policy, to solve the scalable problem. The simulation result shows that the cache group using our proposal policy reduces the latency of response time and it means that out cache group configuration is more scalable than the static cache configuration.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1762-1767
• /
• 2005

PKI provides good resolutions for the authentication of user in the situation not to meet each other, but it is not enough to provide the resolution of authorization in distributed computing environments. Especially, we offer a variety forms of the user Authentication, the Integrity and a security service of the Non-Repudiation, but an authorization Policy, because of the complexity with a lot of information, using m understandable XML, makes a simple and easy certificate to read, and we get the information from DOM fee and do a XML analysis and stardardized-method usage easily In this paper, we provide the AAS model being able to use with the solution of the distributed users' authorization, and we implement an authorization policy module, using XML. in the Linux-based Apache Web server.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.7_8
• /
• pp.426-433
• /
• 2003

Management policies of Web Proxy Cache, for the QoS of Web users, are mainly focused on the page replacement and the data consistency policy. But the two subjects have been studied independently to each other regardless of its possibility of cooperation. In this paper, we introduce the performance improvement obtained by adapting the characteristic of LMF used in data consistency policy to LRU, thus taking the better performance synergy as a result of complementary cooperation. Various policies for the management of Web Proxy Cache are in progress, this study can be a way of performance guide to increase cache hit ratio and reduce the transmission overhead of Web Server.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.791-800
• /
• 2022

CCN, which has emerged to overcome the limitations of existing network structures, enables efficient networking by changing the IP Address-based network method to the Content-based network method. At this time, the contents are stored on each node(router) rather than on the top server, and considering the limitation of storage capacity, it is very important to determine which contents to store and release through the cache policy, and there are several cache policies that have been studied so far. In this paper, two of the existing cache policies, producer popularity-based and distance-based, were mixed. In addition, the mixing ratio was set differently to experiment, and we proved which experiement was the most efficient one.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.111-114
• /
• 2021

기업은 IT 를 일종의 자산으로 판단하여 IT 센터를 직접 구축하고 온프레미스 형태의 시스템을 운영했다. 그러나 경영 환경의 변화가 빨라지면서 IT 부문의 비용 효율성에 대한 압박도 커지고 있다. 클라우드 컴퓨팅을 도입하면 IT 자원을 효율적으로 활용하고 사용한 만큼 비용을 지불할 수 있어 IT 자원의 효율화가 가능하다. 하지만 무작정 클라우드로 옮기는 방식으로 인해 시스템 복잡성이 오히려 증가하고, 관리포인트 증가로 시스템 안전성을 해치는 상황이 벌어지고 있는 것도 현실이다. 신규 서비스 제공 시 기존 시스템 안전성을 해치지 않으면서 IT 자원의 효율적인 활용도 고려하는 방안으로 서비스 단위별 클라우드 컴퓨팅 도입을 검토하였다. 이 방법은 클라우드의 우수한 시스템을 사용하며, 실시간 오케스트레이션이 가능하고, 보안도 우수하다고 볼 수 있다. 기존 인프라를 유지하면서 클라우드 컴퓨팅을 구현한 하이브리드 방식으로 시스템 구축 결과 중단 없는 시스템 운영이 가능하였으며, 보안도 보다 강화된 결과를 얻었다. 향후 시스템 구축 시 온프레미스의 경우 서비스 단위로 클라우드 서버를 병행 운영한다면 운영효율성 뿐 아니라 기능성까지 만족시킬 수 있을 것으로 기대한다.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.455-468
• /
• 2008

In this paper, we propose FAS model for establishing trust based on digital certificates in Grid security framework. The existing RBAC(Role Based Access Control) model is extended to provide permissions depending on the users‘ roles. The FAS model is designed for a system independent integrated Grid security by detailing and extending the fundamental architecture of user, role, and permission. FAS decides each user’s role, allocates access right, and publishes attribute certificate. FAS is composed of three modules: RDM, PCM, and CCM. The RDM decides roles of the user during trust negotiation process and improves the existing low level Grid security in which every single user maps a single shared local name. Both PCM and CCM confirm the capability of the user based on various policies that can restrict priority of the different user groups and roles. We have analyzed the FAS strategy with the complexity of the policy graph-based strategy. In particular, we focused on the algorithm for constructing the policy graph. As a result, the total running time was significantly reduced.

• Journal of Korea Society of Industrial Information Systems
• /
• v.25 no.1
• /
• pp.89-99
• /
• 2020

In this paper, we consider a dyadic server control policy that combines workload control and single vacation. Customer arrives at the system with Bernoulli process, waits until his or her turn, and then receives service on FCFS(First come first served) discipline. If there is no customer to serve in the system, the idle single server spends a vacation of discrete random variable V. If the total service times of the waiting customers at the end of vacation exceeds predetermined workload threshold D, the server starts service immediately, and if the total workload of the system at the end of the vacation is less than or equal to D, the server stands by until the workload exceeds threshold and becomes busy. For the discrete-time Geo/G/1 queueing system operated under this dyadic server control policy, an idle period is analyzed and the steady-state queue length distribution is derived in a form of generating function.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.369-378
• /
• 2011

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server. And we construct the model of access privilege management using AONT based XOR threshold Secret Sharing, In addition, our scheme enable to grant weight for access privilege using XOR Share. In chapter 4, we differentiate existing scheme and proposed scheme.