• The Transactions of the Korea Information Processing Society
• /
• v.13 no.9
• /
• pp.404-412
• /
• 2024

The adoption of cloud environments has revolutionized application deployment and management, with microservices architecture and container technology serving as key enablers of this transformation. However, these advancements have introduced new challenges, particularly the necessity to precisely understand service interactions and conduct detailed analyses of internal processes within complex service environments such as microservices. Traditional monitoring techniques have proven inadequate in effectively analyzing these complex environments, leading to increased interest in eBPF (extended Berkeley Packet Filter) technology as a solution. eBPF is a powerful tool capable of real-time event collection and analysis within the Linux kernel, enabling the monitoring of various events, including file system activities within the kernel space. This paper proposes a container activity analysis system based on eBPF, which monitors events occurring in the kernel space of both containers and host systems in real-time and analyzes the collected data. Furthermore, this paper conducts a comparative analysis of prominent eBPF-based container monitoring systems (Tetragon, Falco, and Tracee), focusing on aspects such as event detection methods, default policy application, event type identification, and system call blocking and alert generation. Through this evaluation, the paper identifies the strengths and weaknesses of each system and determines the necessary features for effective container process monitoring and restriction. In addition, the proposed system is evaluated in terms of container metadata collection, internal activity monitoring, and system metadata integration, and the effectiveness and future potential of eBPF-based monitoring systems.

• Electronics and Telecommunications Trends
• /
• v.37 no.5
• /
• pp.62-69
• /
• 2022

In a situation where applications determine business competitiveness, they cannot respond to varying customer requirements without the cloud's flexibility and scalability. Companies have begun seeking ways to enjoy the advantages of the cloud fully, and the concept of "Cloud Native" is emerging as a solution to the problem. Cloud Native is now a target of interest in the market. Microservice and serverless functions can play a vital role in cloud-native architecture. Microservice arranges applications into various independent services, each offering certain functionality through mutual networking. eBPF is attracting attention as a cloud-native networking solution that quickly supports microservice features that repeat creation/deletion. This study identifies the characteristics of eBPF-based networking and evaluates cloud-native networking and secure networking using eBPF.

• Journal of Advanced Navigation Technology
• /
• v.22 no.1
• /
• pp.27-30
• /
• 2018

In this study, a 40 GHz band pass filter(BPF) employing a hair-pin structure has been designed, fabricated, and characterized for millimeter-wave wireless communication applications. Using the 3 dimensional(3-D) electromagnetic(EM) tool and design equations of the hairpin BPF, the BPF was desgned on the 5 mil-thick Duroid substrate(RT5880) with a relative dielectric constant (${\varepsilon}_r$) of 2.2. The tapping point (t) of the U-shape resonator in the input and output port has been determined using extracted an external Q-factor ($Q_e$). The coupling coefficients between the other resonators are calculated by adjusting the physical dimensions for the desired response of the BPF. The fabricated BPF was characterized using probing method on a probe station. Its measured center frequency(fc) and fractional BW are 41.6 GHz and 7.43 %, respectively. The measured return loss is below -10 dB at the pass band and the insertion loss is 3.87 dB. The fabricated BPF is as small as $9.1{\times}2.8mm^2$.

• Journal of Marine Life Science
• /
• v.6 no.2
• /
• pp.73-79
• /
• 2021

Bisphenol A is a representative endocrine disruptor and continuously detected in aquatic environment due to wide use, resulting in adverse effects on growth, development, and reproduction in diverse organisms as well as human. Structural analogs have been developed to substitute BPA are also suspected to have endocrine disrupting effects. In the present study, the time-dependent expression patterns of ecdysteroid synthesis (nvd, cyp314a1), receptors (EcRA, EcRB, USP, ERR), and downstream signaling pathway - related genes (HR3, E75, Vtg, VtgR) were investigated using quantitative real time reverse transcription polymerase chain reaction (qRT-PCR) in the brackish water flea Diaphanosoma celebensis exposed to Bisphenol analogs (BPs; BPA, BPF, and BPS) for 6, 12, and 24 h. As results, the expression of nvd, cyp314a1, EcRs, USP, ERR and E75 mRNA was upregulated at 6 h exposure to BPF, which is earlier than BPA and BPS (12 h). On the other hand, HR3, E75 and VtgR mRNA levels were elevated at 6 h earlier at BPS and BPF than at BPA (12 h), but Vtg mRNA level was slightly changed within 24 h. These findings suggest that like BPA, BPF and BPS can also modulate the transcription of ecdysteroid pathway - related genes with different mechanisms, and have a potential as endocrine disruptors. This study will provide a better understanding the molecular mode of action of bisphenols on ecdysteroid pathway in the brackish water flea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.213-225
• /
• 2022

Containerization, a lightweight virtualization technology, enables agile deployments of enterprise-scale microservices in modern cloud environments. However, containerization also opens a new window for adversaries who aim to disrupt the cloud environments. Since microservices are composed of multiple containers connected through a virtual network, a single compromised container can carry out network-level attacks to hijack its neighboring containers. While existing solutions protect containers against such attacks by using network access controls, they still have severe limitations in terms of performance. More specifically, they significantly degrade network performance when processing packet payloads for L7 access controls (e.g., HTTP). To address this problem, we present BPFast, an eBPF/XDP-based payload inspection system for containers. BPFast inspects headers and payloads of packets at a kernel-level without any user-level components. We evaluate a prototype of BPFast on a Kubernetes environment. Our results show that BPFast outperforms state-of-the-art solutions by up to 7x in network latency and throughput.

• KNOM Review
• /
• v.21 no.2
• /
• pp.26-34
• /
• 2018

With the proliferation of cloud computing and services, the internet traffic and the demand for better quality of service are increasing. For this reason, server virtualization and network virtualization technology, which uses the resources of internal servers in the data center more efficiently, is receiving increased attention. However, the existing hardware Test Access Port (TAP) equipment is unfit for deployment in the virtual datapaths configured for server virtualization. Virtual TAP (vTAP), which is a software version of the hardware TAP, overcomes this problem by duplicating packets in a virtual switch. However, implementation of vTAP in a virtual switch has a performance problem because it shares the computing resources of the host machines with virtual switch and other VMs. We propose a vTAP implementation technique based on the extended Berkeley Packet Filter (eBPF), which is a high-speed packet processing technology, and compare its performance with that of the existing vTAP.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.93-94
• /
• 2024

컨테이너는 현대 클라우드 환경에서 핵심적인 역할을 수행하며, 이에 따라 많은 기업이 접근성과 확장성을 위해 이를 채택하고 있다. 그러나 컨테이너는 호스트 리눅스 커널과 컴퓨팅 자원을 공유하는 특징을 가지고 있어서, 한 컨테이너가 오작동하면 호스트 환경 전체에 악영향을 끼칠 수 있다. 따라서 실시간으로 컨테이너의 상태를 감시하고 이를 효과적으로 관리하는 것이 필요하다. 본 논문에서는 이러한 문제에 대응하기 위해 호스트에서 동작하는 모든 컨테이너의 활동을 실시간으로 통합 감시하고자 한다. 이를 위해, 본 논문에서는 Linux Namespace를 활용하는 컨테이너의 특징을 이용하여 호스트에서 실행되는 여러 프로세스 중 컨테이너 프로세스를 식별하고, 이후 eBPF (Extended Berkeley Packet Filter) 기술을 활용하여 컨테이너로부터 호출되는 시스템 콜을 kprobe와 kretprobe를 통해 모니터링하여 컨테이너의 활동을 실시간으로 감시할 수 있는 시스템을 제안하고자 한다.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.42 no.4
• /
• pp.69-76
• /
• 2005

In this paper, a 2 stage 6-pole bandpass filter(BPF) is designed and implemented by using triple-mode cavity for satellite payload system. The BPF has a 100MHz bandwidth at the center frequency of 14.5GHz(Ku-band) and the response of the filter is the Chebyshev function. The cavity filter uses two orthogonal $TM_{113}$ modes and one $TM_{012}$ mode. The coupling between the adjacent cavityes(intercavity coupling) results in a Chebyshev response and is accomplished by only H-filed component of If modes. The size and location of intercavity slot is determined by the coupling equation from E-and H-field of TE and TM resonant modes in circular cavity. The 2-stage 6-pole triple-mode cavity BPF has the insertion loss of 2.4dB and the reflection loss of 15dB in the passband. The triple-mode BPF proposed in this thesis can be used as channel filters for satellite payload system and can minimize filter assembly in general wireless communication system.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.6
• /
• pp.39-51
• /
• 2024

This paper proposes a novel approach to enhance the security of container-based systems by analyzing system calls to dynamically detect race conditions without modifying the kernel. Container escape attacks allow attackers to break out of a container's isolation and access other systems, utilizing vulnerabilities such as race conditions that can occur in parallel computing environments. To effectively detect and defend against such attacks, this study utilizes eBPF to observe system call patterns during attack attempts and employs a AdaBoost model to detect them. For this purpose, system calls invoked during the attacks such as Dirty COW and Dirty Cred from popular applications such as MongoDB, PostgreSQL, and Redis, were used as training data. The experimental results show that this method achieved a precision of 99.55%, a recall of 99.68%, and an F1-score of 99.62%, with the system overhead of 8%.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1273-1278
• /
• 2005

In this thesis, a 2 stage 6-pole bandpass filter(BPF) is designed and implemented by using triple-mode cavity for satellite payload system. The BPF has a 100MHz bandwidth at the center frequency of 14.5GHz(Ku-band) and the response of the filter is the Chebyshev function. The cavity filter uses two orthogonal $TE_{113}$ modes and one $TM_{012}$ mode. The coupling between the adjacent cavityes(intercavity coupling) results in a Chebyshev response and is accomplished by only H-filed component of TE modes. The size and location of intercavity slot is determined by the coupling equation from E- and H-field of TE and TM resonant modes in circular cavity. The 2-stage 6-pole triple-mode cavity BPF has the insertion loss of 2.4dB and the reflection loss of 15dB in the passband. The triple-mode BPF proposed in this thesis can be used as channel filters for satellite payload system and can minimize filter assembly in general wireless communication system.