• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.823-826
• /
• 2012

In this paper, we propose an efficient network virtualization model in cloud computing environments. Virtualization is a key technology for the implementation of service-oriented architecture. It is a standardized framework that can be reused or integrated with changing business priorities through a IT infrastructure. Network virtualization has emerged as an important technical issues of the future virtualization technology in Internet. The concept of network virtualization and related technologies stay in ambiguous status since network virtualization is in its early stage. Thus, we propose a network virtualization model for cloud environment by analyzing the existing network virtualization technologies.

• Journal of Information Processing Systems
• /
• v.14 no.6
• /
• pp.1398-1404
• /
• 2018

High-performance computing (HPC) provides to researchers a powerful ability to resolve problems with intensive computations, such as those in the math and medical fields. When an HPC platform is provided as a service, users may suffer from unexpected obstacles in developing and running applications due to restricted development environments and dependencies. In this context, operating system level virtualization can be a solution for HPC service to ensure lightweight virtualization and consistency in Dev-Ops environments. Therefore, this paper proposes three types of typical HPC structure for container environments built with HPC container and Docker. The three structures focus on smooth integration with existing HPC job framework, message passing interface (MPI). Lastly, the performance of the structures is analyzed with High Performance Linpack benchmark from the aspect of performance degradation in network communications under Docker.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.11
• /
• pp.2764-2783
• /
• 2012

Network virtualization supports future Internet environments and cloud computing. Virtualization can mitigate many hardware restrictions and provide variable network topologies to support variable cloud services. Owing to several advantages such as low cost, high flexibility, and better manageability, virtualization has been widely adopted for use in network virtualization platforms. Among the many issues related to cloud computing, to achieve a suitable cloud service quality we specifically focus on network and performance isolation schemes, which ensure the integrity and QoS of each virtual cloud network. In this study, we suggest a virtual network platform that uses Xen-based virtualization, and implement multiple virtualized networks to provide variable cloud services on a physical network. In addition, we describe the isolation of virtual networks by assigning a different virtualized network ID (VLAN ID) to each network to ensure the integrity of the service contents. We also provide a method for efficiently isolating the performance of each virtual network in terms of network bandwidth. Our performance isolation method supports multiple virtual networks with different levels of service quality.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.2
• /
• pp.73-79
• /
• 2013

Cloud computing is a form which provides IT resources through network and pays the cost as much as you used. And it has advantages that it doesn't need to construct infrastructure and can be offered a variety of environments. The main core of these computing is virtualization technology. Security mechanism about attacks using vulnerabilities of virtualization technology isn't provided right and existing security tools can't be applied as it is. In this paper, we proposed honeyVM structure that can cope actively by collecting the information about attacks using virtualization vulnerability. Mamdani fuzzy inference is used to adjust dynamically the number of formed honeyVM depending on the load of system. Security structure to protect actual virtual machine from attacks and threats is proposed. The performance of the proposed structure in this paper measured occurred attack detection rate and resource utilization rate.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.93-99
• /
• 2014

Cloud computing refers to borrow IT resources as needed by leveraging Internet technology and pay as much as you used by supporting real-time scalability depending on the service load. Virtualization which is the main technology of cloud computing is a technology that server, storage and hardware are regarded as not separate system but one system area and are allocated as needed. However, the security mechanisms provided by virtualized environments are difficult to cope with the traditional security mechanisms, having basic levels of visibility, control and audit function, on which the server is designed to monitor the traffic between the servers. In this paper, the security vulnerabilities of virtualization are analysed in the cloud computing environment and cloud virtualization security recommendations are proposed.

• ETRI Journal
• /
• v.43 no.5
• /
• pp.932-940
• /
• 2021

Currently, research on network functions virtualization focuses on using microservices in cloud environments. Previous studies primarily focused on communication between nodes in physical infrastructure. Until now, there is no sufficient research on group key management in virtual environments. The service is composed of microservices that change dynamically according to the virtual service. There are dependencies for microservices on changing the group membership of the service. There is also a high possibility that various security threats, such as data leakage, communication surveillance, and privacy exposure, may occur in interactive communication with microservices. In this study, we propose an ID-based group key exchange (idGKE) mechanism between microservices as one group. idGKE defines the microservices' schemes: group key gen, join group, leave group, and multiple group join. We experiment in a real environment to evaluate the performance of the proposed mechanism. The proposed mechanism ensures an essential requirement for group key management such as secrecy, sustainability, and performance, improving virtual environment security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1247-1257
• /
• 2013

The security vulnerabilities of cloud storage virtualization environments are different from those of the existing computer system and are difficult to be protected in the existing computer system environment. Therefore we need some technical measures to address this issue. First of all, the technology used in cloud storage virtualization environment needs to be thoroughly analyzed, and also, we should understand those security requirements of various stakeholders in the view of cloud storage service and perform the research on security guidelines of the research security requirements. In this paper, we propose security requirements based on layers and roles of cloud storage virtualization. The proposed security requirements can be a basement for development of solution of cloud storage virtualization security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.12
• /
• pp.5375-5400
• /
• 2016

IOMMU is a hardware unit that is indispensable for DMA. Besides address translation and remapping, it also provides I/O virtual address space isolation among devices and memory access control on DMA transactions. However, currently commodity virtualization platforms lack of IOMMU virtualization, so that the virtual machines are vulnerable to DMA security threats. Previous works focus only on DMA security problem of directly assigned devices. Moreover, these solutions either introduce significant overhead or require modifications on the guest OS to optimize performance, and none can achieve high I/O efficiency and good compatibility with the guest OS simultaneously, which are both necessary for production environments. However, for simulated virtual devices the DMA security problem also exists, and previous works cannot solve this problem. The reason behind that is IOMMU circuits on the host do not work for this kind of devices as DMA operations of which are simulated by memory copy of CPU. Motivated by the above observations, we propose an IOMMU para-virtualization solution called PVIOMMU, which provides general functionalities especially DMA security guarantees for both directly assigned devices and simulated devices. The prototype of PVIOMMU is implemented in Qemu/KVM based on the virtio framework and can be dynamically loaded into guest kernel as a module, As a result, modifying and rebuilding guest kernel are not required. In addition, the device model of Qemu is revised to implement DMA access control by separating the device simulator from the address space of the guest virtual machine. Experimental evaluations on three kinds of network devices including Intel I210 (1Gbps), simulated E1000 (1Gbps) and IB ConnectX-3 (40Gbps) show that, PVIOMMU introduces little overhead on DMA transactions, and in general the network I/O performance is close to that in the native KVM implementation without IOMMU virtualization.

• Journal of Digital Convergence
• /
• v.17 no.8
• /
• pp.221-228
• /
• 2019

The importance of security for virtualization products has been increased with the activation policy of cloud computing and it is necessary to analyze cyber security threats and develop security requirements for virtualization products to provide with more secure cloud environments. This paper is a preliminary study with the purpose of developing security functional requirements through analyzing security features and cyber security threats as well as comparison of foreign countries' cases for virtualization products. To do this, the paper compares evaluation schemes for virtualization products in US and UK foreign countries, and analyzes the cyber security threats, security objectives and security requirements in both countries. Furthermore, it proposes the essential checking items and processes for developing security functional requirements about security features of virtualization products to contribute to its more secure development and the establishment of related security evaluation standards.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.1
• /
• pp.91-101
• /
• 2023

Modeling and Simulation(M&S) technology has been widely used to solve constraints such as time, space, safety, and cost when we implement the same development and test environments as real warfare environments to develop, test, and evaluate weapon systems for the last several decades. The integration and test environments employed for development and test & evaluation are required to provide Live Virtual Construction(LVC) simulation environments for carrying out requirement analysis, design, integration, test and verification. Additionally, they are needed to provide computing environments which are possible to reconfigure computing resources and software components easily according to test configuration changes, and to run legacy software components independently on specific hardware and software environments. In this paper, an Integration Test and Simulation for Engagement Control(ITSEC) bed using a bare-metal virtualization mechanism is proposed to meet the above test and simulation requirements, and it is applied and implemented for an air missile defense system. The engagement simulation experiment results conducted on air and missile defense environments demonstrate that the proposed bed is a sufficiently cost-effective and feasible solution to reconfigure and expand application software and computing resources in accordance with various integration and test environments.