• IEMEK Journal of Embedded Systems and Applications
• /
• v.15 no.4
• /
• pp.177-187
• /
• 2020

Virtualization with hypervisors is one of emerging topics in multicore processors for space. Hypervisors are software layers to make several independent virtualized environments on one processor. Since all hardware resources are virtualized and distributed only by hypervisors, overall performance of processors can be improved by fully utilizing the resources. However at the same time, there are overheads for virtualizing and distributing hardware resources. Satellites are one of hard real time systems, and performance degradation with overheads should be analyzed thoroughly. Previous research on the overheads focused on single core systems. Even the overheads were analyzed in multicore systems, SMP environment was not fully included. This paper builds SMP environment with XtratuM, one of hypervisors for space missions, and analyzes performance degradation with overheads. Two boards of GR712RC with 2 LEON3FT CPUs and GR740 with 4 LEON4 CPUs are used in experiments. On each board, SMP benchmark functions are executed on SMP environment with XtratuM and on that without XtratuM respectively. Results are analyzed to find timing characteristics including overheads. Finally, applicability of the XtratuM to flight software in SMP is also reviewed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.579-589
• /
• 2017

The cloud environment is hypervisor-based, and many virtual machines are interconnected, which makes propagation of malicious code easier than other environments. Accordingly, this paper proposes a malicious traffic dynamic analysis system for secure cloud environment. The proposed system continuously monitors and analyzes malicious activity in an isolated virtual network environment by distinguishing malicious traffic that occurs in a cloud environment. In addition, the analyzed results are reflected in the distinguishment and analysis of malicious traffic that occurs in the future. The goal of this research is secure and efficient malicious traffic dynamic analysis by constructing the malicious traffic analysis environment in the cloud environment for detecting and responding to the new and variant malicious traffic generated in the cloud environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.961-971
• /
• 2019

Isolation between virtual machines in a cloud computing environment is an important security factor. The violation of isolation between virtual machines leads to interferences of shared resources and the implementation of covert channels. In this paper, the structure of Hyper-V hypervisor is analyzed to implement covert channels between virtual machines. Hyper-V uses a mutex technique for mutual exclusion between virtual machines. It indicates that isolation of virtual machines is violated and covert channels can be implemented due to mutex. We implemented several covert channels by designing a method for searching mutex resources applicable to Hyper-V with complex architectures. The mutex-based covert channel is not hardware dependent. If the covert channel is detected or defended, the defensive technique can be avoided by using the other covert channel among several covert channels.

• Annual Conference of KIPS
• /
• 2013.11a
• /
• pp.61-64
• /
• 2013

가상화는 가상의 자원이 물리적 자원에 접근할 수 있게 해주는 기술이며 VM(가상머신)을 다수 설치하여 VM의 수만큼 운영체제들을 이용할 수 있다. 이러한 가상화는 자원의 낭비를 막고 관리비용을 줄이기 위해 사용한다. 가상화 기술은 CPU, 메모리, I/O 가상화로 구분 지을 수 있으며 이 중 메모리 가상화 기술은 메모리 자원의 효율적인 사용을 가능하게 해준다. 여러 VM들이 실제 머신의 메모리보다 많은 메모리를 할당받아 사용하는 것이 가능한데 이것을 오버커밋 상태라고 한다. 중첩 가상화는 VM에 하드웨어 가상화 기법의 사용을 허용하게 하여 VM 위에 또 다른 VM이 동작할 수 있는 환경을 제공해준다. 이와 같은 (중첩) 가상화 환경에서의 메모리 접근은 일반적으로 하드웨어 지원을 통한 중첩 페이징 기법을 이용하여 메모리의 접근이 이루어진다. 본 논문에서는 오버커밋 발생 시 중첩 VM과 하이퍼바이저 VM의 성능 차이를 실험을 통하여 보여주고자 한다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.61-70
• /
• 2024

Cloud Computing is internet-based computing, where the users are provided with whatever service they need from the resources, software, and information. Recently, the security of cloud computing is considered as one of the major issues for both cloud service providers CSP and end-users. Privacy and highly confidential data make many users refuse to store their data within cloud computing, since data on cloud computing is not dully secured. The cryptographic algorithm is a technique which is used to maintain the security and privacy of the data on the cloud. In this research, we applied eight different cryptographic algorithms on Xen and KVM as hypervisors on cloud computing, to be able to measure and compare the performance of the two hypervisors. Response time and CPU utilization while encryption and decryption have been our aspects to measure the performance. In terms of response time and CPU utilization, results show that KVM is more efficient than Xen on average at 11.5% and 11% respectively. While TripleDES cryptographic algorithm shows a more efficient time response at Xen hypervisor than KVM.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.33-42
• /
• 2016

Recently, the investment and study competition regarding machine running is accelerating mainly with Google, Amazon, Microsoft and other leading companies in the field of artificial intelligence. The security weakness of virtualization technology security structure have been a serious issue continuously. Also, in most cases, the internal data security depend on the virtualization security technology of platform provider. This is because the existing software, hardware security technology is hard to access to the field of virtualization and the efficiency of data analysis and processing in security function is relatively low. This thesis have applied user significant information to machine learning algorithm, created security authentication vector able to learn to provide with a method which the security authentication can be conducted in the field of virtualization. As the result of performance analysis, the interior transmission efficiency of authentication vector in virtualization environment, high efficiency of operation method, and safety regarding the major formation parameter were demonstrated.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.83-94
• /
• 2016

Recent cloud, big data, there is a problem for the architectural security vulnerability to the server platforms of various fields such as artificial intelligence occurs consistently, but using the virtualization technology. In addition, most secure virtualization technology is known to be dependent on the type is limited and the platform provider. This paper presents a method for mutual authentication for secure data between multiple instances of a shared virtualized environment. The proposed method was designing a security architecture in consideration of the mutual authentication between multiple independent instances, and enhance the safety of a security protocol for sharing data by applying a key chain techniques. Performance analysis results and the existing security architecture demonstrated that protect each virtualized instances of the session and the other way, a compliance effectiveness for each instance of the mutual authentication process.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.1
• /
• pp.35-42
• /
• 2010

Guest operating systems running over the virtual machines share a variety of resources. Since CPU is allocated in a time division manner it consequently leads them to having the unknown physical time. It is not regarded as a serious problem in the server virtualization fields. However, it becomes critical in embedded systems because it prevents guest OS from executing real time tasks when it does not occupy CPU. In this paper we propose a hypercall to register a timer service to notify the timer request related real time. It enables hypervisor to schedule a virtual machine which has real time tasks to execute, and allows guest OS to take CPU on time to support real time. The following experiment shows its implementation on Xen-Arm and para-virtualized Linux. We also analyze the real time performance with response time of test application and frames per second of Mplayer.

• KIISE Transactions on Computing Practices
• /
• v.24 no.3
• /
• pp.129-137
• /
• 2018

NVMe(Non-Volatile Memory Express) SSD(Solid State Drive) is a high-performance storage that makes use of flash memory as a storage cell, PCIe as an interface and NVMe as a protocol on the interface. It supports multiple I/O queues which makes it feasible to process parallel-I/Os on multi-core environments and to provide higher bandwidth than SATA SSDs. Hence, NVMe SSD is considered as a next generation-storage for data-center and cloud computing system. However, in the virtualization system, the performance of NVMe SSD is not fully utilized due to the bottleneck of the software I/O stack. Especially, when it uses I/O stack of the hypervisor or the host operating system like Xen and KVM, I/O performance degrades seriously due to doubled-I/O stack between host and virtual machine. In this paper, we propose a new I/O engine, called Direct-AIO (Direct-Asynchronous I/O) engine, that can access NVMe SSD directly for I/O performance improvements on QEMU emulator. We develop our proposed I/O engine and analyze I/O performance differences between the existed I/O engine and Direct-AIO engine.

• Journal of information and communication convergence engineering
• /
• v.10 no.1
• /
• pp.61-65
• /
• 2012

Many public organizations have been adopting and operating various servers. These servers run on Windows, Unix, and Linux operating systems that generally use less than 10% of their capacity. For migrating a public organization to cloud computing, we must first virtualize the server environment. This article proposes a strategy for server virtualization that the National IT Industry Promotion Agency (NIPA) has done and describes the effects of a public organization migrating to cloud computing. The NIPA Computer Center planned an effective virtualization migration on various servers. This project of virtualization migration was conducted with the existing policy of separate x86 servers and Unix servers. There are three popular approaches to server virtualization: a virtual machine model, a paravirtual machine model, and virtualization at the operating system layer. We selected a VMware solution that uses the virtual machine model. We selected servers for virtualization in the following manner. Servers were chosen that had the highest rate of service usage and CPU usage and had been operating for five years or more. However, we excluded servers that require 80% or greater rates of CPU usage. After adopting the server virtualization technique, we consolidated 32 servers into 3 servers. Virtualization is a technology that can provide benefits in these areas: server consolidation and optimization, infrastructure cost reduction and improved operational flexibility, and implementation of a dual computing environment.