• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.37-43
• /
• 2013

In 2010, the Ministry of National Defense decided to build a MegaCenter including the cloud computing technology by 2014, as part of the '2012 Information Service Plan', which is now underway. The Cloud computing system environment should be designed applying cloud computing technology and policy for an efficient infrastructure that many IT resources are available in the data center as a concentrated form. That is, the system should be designed in such a way that clouding services will be efficiently provided to meet the needs of users and there will not be unnecessary waste of resources. However, in order to build an optimal system, it should be possible to predict the service performance and the resource availability at the initial phase of system design. In this paper, using the CloudAnalyst simulator to predict availability of the K-defence cloud computing system service, conducts cloud modeling and analysis of the 'Facebook', one of the most famous social network service applications with most users in the world. An Optimal K-Defense cloud computing design model is proposed through simulation results.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.159-167
• /
• 2020

The Korean government has pursued various policies to revitalize the cloud industry since 2009. In particular, the government enacted the 'Cloud Computing and Privacy Security Act' for the first time in the world in 2015, creating institutions and support programs to boost the cloud industry. As a result, the volume of the cloud industry has increased significantly, and the number of companies and professionals have increased. In this paper, the researches analyzed the situation of Korean cloud market, usage of cloud computing in enterprises, effects and problems of cloud-enabled companies based on the industrial survey conducted from 2016 to 2019, In this study, the results showed concerns of security, uncertainty about cost savings, and IT capabilities of enterprises as problems in revitalizing the cloud industry. The researches also propose strategies, perception changes, and development processes for companies to resolve the problems.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.35-41
• /
• 2012

The rapid development of cloud computing and mobile internet service changes to an mobile cloud service environment that can serve and pay computing source that users want anywhere and anytime. But when user misses mobile device, the respond to any threat like user's personal information exposal is insufficient. This paper proposes cloud service access control model to provide secure service for mobile cloud users to other level users. The proposed role-based model performs access authority when performs user certification to adapt various access security policy. Also, the proposed model uses user's attribute information and processes before user certification therefore it lowers communication overhead and service delay. As a result, packet certification delay time is increased 3.7% and throughput of certification server is increased 10.5%.

• Journal of Digital Convergence
• /
• v.11 no.7
• /
• pp.215-223
• /
• 2013

As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.9-17
• /
• 2023

Due to COVID-19, the concept of Zero Trust, a safe security in a non-face-to-face environment due to telecomm uting, is drawing attention. U.S. President Biden emphasized the introduction of Zero Trust in an executive order to improve national cybersecurity in May 2021, and Zero Trust is a global trend. However, the most difficulty in introd ucing new technologies such as Zero Trust in Korea is excessive regulation of cloud and network separation, which is based on the boundary security model, but is limited to not reflecting all new information protection controls due to non-face-to-face environments. In particular, in order for the government's policy to ease network separation to b ecome an effective policy, the zero trust name culture is essential. Therefore, this paper aims to study legal improve ments that reflect the concept of zero trust under the Electronic Financial Transactions Act.

• Journal of Convergence for Information Technology
• /
• v.10 no.10
• /
• pp.32-39
• /
• 2020

In the large-scale infrastructure of cloud environment, illegal access rights are frequently caused by sharing applications and devices, so in order to actively respond to such attacks, a strengthened access control system is required to prepare for each situation. We proposed an entity attribute-based access control(EABAC) model based on security level and relation concept. This model has enhanced access control characteristics that give integrity and confidentiality to subjects and objects, and can provide different services to the same role. It has flexibility in authority management by assigning roles and rights to contexts, which are relations and context related to services. In addition, we have shown application cases of this model in multi service environment such as university.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.345-353
• /
• 2021

Cloud computing represent a new era of computing that's forms through the combination of service-oriented architecture (SOA), Internet and grid computing with virtualization technology. Virtualization is a concept through which every cloud is enable to provide on-demand services to the users. Most IT service provider adopt cloud based services for their users to meet the high demand of computation, as it is most flexible, reliable and scalable technology. Energy based performance tradeoff become the main challenge in cloud computing, as its acceptance and popularity increases day by day. Cloud data centers required a huge amount of power supply to the virtualization of servers for maintain on- demand high computing. High power demand increase the energy cost of service providers as well as it also harm the environment through the emission of CO₂. An optimization of cloud computing based on energy-performance tradeoff is required to obtain the balance between energy saving and QoS (quality of services) policies of cloud. A study about power usage of resources in cloud data centers based on workload assign to them, says that an idle server consume near about 50% of its peak utilization power [1]. Therefore, more number of underutilized servers in any cloud data center is responsible to reduce the energy performance tradeoff. To handle this issue, a lots of research proposed as energy efficient algorithms for minimize the consumption of energy and also maintain the SLA (service level agreement) at a satisfactory level. VM (virtual machine) consolidation is one such technique that ensured about the balance of energy based SLA. In the scope of this paper, we explore reinforcement with fuzzy logic (RFL) for VM consolidation to achieve energy based SLA. In this proposed RFL based active VM consolidation, the primary objective is to manage physical server (PS) nodes in order to avoid over-utilized and under-utilized, and to optimize the placement of VMs. A dynamic threshold (based on RFL) is proposed for over-utilized PS detection. For over-utilized PS, a VM selection policy based on fuzzy logic is proposed, which selects VM for migration to maintain the balance of SLA. Additionally, it incorporate VM placement policy through categorization of non-overutilized servers as- balanced, under-utilized and critical. CloudSim toolkit is used to simulate the proposed work on real-world work load traces of CoMon Project define by PlanetLab. Simulation results shows that the proposed policies is most energy efficient compared to others in terms of reduction in both electricity usage and SLA violation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.71-77
• /
• 2023

In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.961-973
• /
• 2023

With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.