• Journal of the Korean Society of Systems Engineering
• /
• v.15 no.2
• /
• pp.66-71
• /
• 2019

In digital pathology, an electronic system in the biomedical domain storage of the files is a big constrain and because all the analysis and annotation takes place at every user-end manually, it becomes even harder to manage the data that is being shared inside an enterprise. Therefore, we need such a storage system which is not only big enough to store all the data but also manage it and making communication of that data much easier without losing its true from. A virtual server setup is one of those techniques which can solve this issue. We set a main server which is the main storage for all the virtual machines(that are being used at user-end) and that main server is controlled through a hypervisor so that if we want to make changes in storage overall or the main server in itself, it could be reached remotely from anywhere by just using the server's IP address. The server in our case includes XML-RPC based API which are transmitted between computers using HTTP protocol. JAVA API connects to HTTP/HTTPS protocol through JAVA Runtime Environment and exists on top of other SDK web services for the productivity boost of the running application. To manage the server easily, we use Tkinter library to develop the GUI and pmw magawidgets library which is also utilized through Tkinter. For managing, monitoring and performing operations on virtual machines, we use Python binding to XML-RPC based API. After all these settings, we approach to make the system user friendly by making GUI of the main server. Using that GUI, user can perform administrative functions like restart, suspend or resume a virtual machine. They can also logon to the slave host of the pool in case of emergency and if needed, they can also filter virtual machine by the host. Network monitoring can be performed on multiple virtual machines at same time in order to detect any loss of network connectivity.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.5
• /
• pp.913-921
• /
• 2012

The current PC-based desktop environment is being converted into server-based virtual desktop environment due to security, mobility, and low upgrade cost. In this paper, a desktop virtualization system is implemented using an open source-based cloud computing platform and hypervisor. The implemented system is applied to the virtualziation of computer in university. In order to reduce the image transfer time, we propose a solution using HDFS. In addition, an image management structure needed for desktop virtualization is designed and implemented, and applied to a real computer lab which accommodates 30 PCs. The performance of the proposed system is evaluated in various aspects including implementation cost, power saving rate, reduction rate of license cost, and management cost. The experimental results showed that the proposed system considerably reduced the image transfer time for desktop service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.5
• /
• pp.993-1006
• /
• 2024

The recent increase in public cloud usage has led to various security issues. In response, CPU manufacturers have introduced Trusted Execution Environment (TEE) technology, allowing secure service usage even with potentially untrustworthy cloud service providers. For instance, AMD offers VM-level TEE through SEV(Secure Encrypted Virtualization). However, it has been raised that confidential information can be leaked via page fault-based side-channel attacks on VMs protected by SEV. To address this, this paper proposes a method for real-time detection of such attacks in SEV environments. Nonetheless, since attackers can have hypervisor-level privileges under the SEV threat model, realizing this is challenging. To overcome this, we propose two approaches. First, using VMPL(Virtual Machine Privileged Level) to protect the detection program from untrusted hypervisors. Second, utilizing vPMU(virtual Performance Monitoring Unit) to derive new features for detecting page side-channel attacks. The designed and implemented detection program achieved a 95.38% accuracy in detecting page fault side-channel attacks.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.10 no.4
• /
• pp.233-239
• /
• 2015

This paper describes a method that is integrated trace for real-time virtualization environment. This method has solved the problem that the performance trace may not be able to analyze integrated method between heterogeneous operating systems which is consists of real-time operating systems and general-purpose operating system. In order to solve this problem, we have attempted to reuse the performance analysis function in general-purpose operating system, thereby real-time operating systems can be analyzed along with general-operating system. Furthermore, we have implemented a prototype based on ARM Cortex-A15 dual-core processor. By using this integrated trace method, real-time system developers can be improved productivity and reliability of results on real-time virtualization environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06b
• /
• pp.381-384
• /
• 2011

오늘날의 높은 효율성을 가진 현대적인 가상화 솔루션의 가용성으로 인해, 서버와 클라우딩 컴퓨팅 분야와 같은 다양한 분야에서 주목받고 있다. Xen은 다양한 가상화 시스템 중 폭 넓게 사용되는 기술이기는 하나 스케줄링에 있어 약간의 약점이 노출되고 있다. 이는 Xen 하이퍼바이져 스케줄러가 유저 레벨의 쓰레드와 물리적 CPU 사이의 스케줄러들 가운데 가장 아래에 존재하기 때문에, 유저 레벌의 워크로드에 대한 정보를 얻는데 제약사항이 있기 때문이다. 이러한 특성은 시스템의 전체적인 처리량을 떨어뜨리고 리소스의 활용률을 저하시킬 수 있다. 본 연구는 게스트 운영체제에서 동작하는 동적인 워크로드에 대한 정보를 활용하는 유저 레벨의 스케줄링을 제안하고자 한다. 이를 위해 새로운 하이퍼콜과 모니터링 데몬을 가지는 유저레벨 스케줄링을 구현한다. 유저레벨 스케줄링이 동작하는 Xen 하이퍼바이져 기반에 Linux를 게스트 운영체제로 환경을 구축하여 다양한 유저레벨 워크로드를 동작시켜 시스템의 처리량 증가와 CPU 리소스의 활용률을 높일 수 있음을 보인다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.83-84
• /
• 2013

클라우드 컴퓨팅을 이용하여 다양한 서비스가 생겨남에 따라 클라우드 컴퓨팅 환경에서의 보안이 더욱 중요해지고 있다. 이에 따라 클라우드 컴퓨팅을 구축하는 핵심 기술인 가상화 기술의 보안 또한 중요한 이슈가 되고 있다. 가상화 기술은 독립된 컴퓨팅 환경을 제공함으로써 기본적으로 안전한 컴퓨팅 환경을 제공하지만 가상화 기술의 보안 취약점을 이용하여 보안 공격하는 사례가 증가하고 있다. 이에 본 논문에서는 전가상화 기법과 운영체제 레벨 가상화 기법을 접목시켜 게스트 운영체제로부터 시작되는 보안 공격에 대해 대응할 수 있게 함으로써 보안성을 강화시키는 기법을 제안한다. 또한, 벤치마킹을 통해 이러한 접근방법이 기존의 컴퓨팅 성능에 거의 영향을 미치지 않음을 확인하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1239-1246
• /
• 2013

Recently, The cloud computing technology is emerging as an important issue in the world, and In technology and services, has attracted much attention. However, the positive aspects of cloud computing unlike the includes several vulnerabilities. For this reason, the Hacking techniques according to the evolution of a variety of attacks and damages is expected. Therefore, this paper will be analyzed management models through case studies and experiments to the threats and vulnerabilities of the cloud computing. and In the future, this is expected to be utilized as a basis for the security design and performance improvement.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.7
• /
• pp.49-56
• /
• 2015

In this paper, we introduce recent cloud system security technologies categorizing them according to Reliability, Availability, Serviceability, Integrity, and Security (RASIS), terms that evaluate robustness of the computer system. Then we describe examples of security attacks and corresponding security technologies for each of them. We introduce security technologies based on Software Defined Network (SDN) for Reliability, security technologies based on hypervisor and virtualization for Availability, disaster restoration systems for Serviceability, authorization and access control technologies for Integrity, and encryption algorithms for Security. We believe that this paper provide wise view and necessary information for recent cloud system security technologies.

• Annual Conference of KIPS
• /
• 2014.11a
• /
• pp.523-526
• /
• 2014

최근 컴퓨터 시스템에 탑재되는 프로세서에는 하드웨어적으로 가상화를 지원하기 위하여 커널 보다 상위의 권한을 가진 특별한 모드를 도입하고 있다. 그러나, 가상화를 요하지 않는 시스템이 대다수인 상황에서 해당 모드가 가진 특별한 권한은 시스템 로깅 및 보안에 유용하에 활용될 여지가 있다. 본 논문은 이를 위해 Sorvisor 라는 마이크로 하이퍼바이저를 개발함으로써 해당 모드를 활용할 수 있는 환경을 제공할 수 있도록 하고 있다.

• Annual Conference of KIPS
• /
• 2014.04a
• /
• pp.395-397
• /
• 2014

국내에서 가장 폭넓게 사용되는 모바일 운영체제인 안드로이드는 수 많은 악성코드에 대한 위협 속에 있다. 그 중에서 가장 위협적인 공격은 루트 권한을 획득하는 악성코드이다. 따라서 본 연구는 가상화 환경을 통해 안드로이드 시스템에서 실존하는 루트 권한 획득을 탐지하는 시스템을 소개 하고 있다. 이를 위해 CPU 제조사에서 제공하는 가상화 기반 기술을 활용하였으며 결과적으로 시스템 상에서 루트 권한으로 동작하는 프로세스를 감지할 수 있었다.