• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.27-32
• /
• 2019

Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1031-1041
• /
• 2020

Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.

• ETRI Journal
• /
• v.39 no.4
• /
• pp.525-534
• /
• 2017

A hardware-acceleration architecture that separates virtual network functions (VNFs) and network control (called HSN) is proposed to solve the mismatch between the simple flow steering requirements and strong packet processing abilities of software-defined networking (SDN) forwarding elements (FEs) in SDN/network function virtualization (NFV) architecture, while improving the efficiency of NFV infrastructure and the performance of network-intensive functions. HSN makes full use of FEs and accelerates VNFs through two mechanisms: (1) separation of traffic steering and packet processing in the FEs; (2) separation of SDN and NFV control in the FEs. Our HSN prototype, built on NetFPGA-10G, demonstrates that the processing performance can be greatly improved with only a small modification of the traditional SDN/NFV architecture.

• Journal of Korea Multimedia Society
• /
• v.17 no.3
• /
• pp.353-363
• /
• 2014

Cloud computing is an internet-based technology, providing services to the virtualized IT environment, and allowing users to add or remove resources of hardware or software at their discretion. Since Cloud computing can construct virtually integrated environments out of multiple local computing environments, various information services can be provided by it. In addition, state organizations also strive to build the cloud computing environments due to the benefits of reduced costs to introduce the system and of reduced time to build and provide the IT services. This study suggests a web-based cloud computing system for the computing environments, to be applied for the Korean National Health and Nutrition Examination Survey (KNHANES) by the Ministry of Health and Welfare, Republic of Korea.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.5
• /
• pp.11-19
• /
• 2017

In this paper, we propose a hypervisor for embedded systems based on ARM microprocessor. The proposed hypervisor makes it possible to run several real-time kernels concurrently on a single embedded system by virtualizing its microprocessor. With assistance of MMU, it supports virtual memory which enables each guest operating system has its own address space. Exploiting the fact that most embedded systems use memory-mapped I/O device, it provides a mechanism to distribute an external interrupt to virtual machines properly. It also achieves load balancing through live migration which moves a running virtual machine to other embedded system. Unlike other para-virtualization techniques, minor modifications are needed to run it on the hypervisor. Extensive performance measurement studies are conducted to show that the proposed hypervisor has enough potentiality of its real-world application.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.351-354
• /
• 2012

The core of cloud computing is to provide efficient computing resource sharing. In this paper, we have designed and implemented a virtual computer lab system using open source cloud computing infrastructure. The proposed virtual computer lab system can be used to reduce computer upgrade and maintenance cost significantly.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.194-197
• /
• 2011

네트워크 가상화 기술은 하드웨어적인 제약사항을 완화시켜 다양한 서비스를 제공하는 네트워크 토폴로지를 구성할 수 있도록 하는 기술로써, 미래 인터넷 환경과 클라우드 컴퓨팅을 지원 할 수 있는 기술이다. 또한 가상화된 네트워크를 제공하기 위한 소프트웨어 기반의 라우터는 하드웨어의 라우터보다 상대적으로 비용이 저렴하고 높은 유연성과 유지 보수성을 갖는다. 소프트웨어 기반의 라우터를 통하여 물리적인 네트워크 위에서 각기 다른 서비스를 제공하는 다양한 가상 네트워크들을 공존하게 하고, 다양한 서비스를 효과적으로 제공하기 위해서는 각 네트워크의 독립성과 서비스의 품질 제어가 필요하다. 이 논문에서는 네트워크 가상화를 통하여 각 가상 네트워크들의 독립성을 보장하는 Network Isolation 기술과 QoS 보장을 위한 동적인 대역폭 조절을 제공하는 Performance Isolation 기술을 제안한다. 이를 통하여 기존 하드웨어 라우터에서는 제공되지 않은 높은 유연성 과 다양한 응용, 비용의 절감, 유지 보수의 용이성 등을 제공 할 수 있다.

• The Sea:JOURNAL OF THE KOREAN SOCIETY OF OCEANOGRAPHY
• /
• v.27 no.3
• /
• pp.127-143
• /
• 2022

Recently, many attempts to run numerical ocean models in cloud computing environments have been tried actively. A cloud computing environment can be an effective means to implement numerical ocean models requiring a large-scale resource or quickly preparing modeling environment for global or large-scale grids. Many commercial and private cloud computing systems provide technologies such as virtualization, high-performance CPUs and instances, ether-net based high-performance-networking, and remote direct memory access for High Performance Computing (HPC). These new features facilitate ocean modeling experimentation on commercial cloud computing systems. Many scientists and engineers expect cloud computing to become mainstream in the near future. Analysis of the performance and features of commercial cloud services for numerical modeling is essential in order to select appropriate systems as this can help to minimize execution time and the amount of resources utilized. The effect of cache memory is large in the processing structure of the ocean numerical model, which processes input/output of data in a multidimensional array structure, and the speed of the network is important due to the communication characteristics through which a large amount of data moves. In this study, the performance of the Regional Ocean Modeling System (ROMS), the High Performance Linpack (HPL) benchmarking software package, and STREAM, the memory benchmark were evaluated and compared on commercial cloud systems to provide information for the transition of other ocean models into cloud computing. Through analysis of actual performance data and configuration settings obtained from virtualization-based commercial clouds, we evaluated the efficiency of the computer resources for the various model grid sizes in the virtualization-based cloud systems. We found that cache hierarchy and capacity are crucial in the performance of ROMS using huge memory. The memory latency time is also important in the performance. Increasing the number of cores to reduce the running time for numerical modeling is more effective with large grid sizes than with small grid sizes. Our analysis results will be helpful as a reference for constructing the best computing system in the cloud to minimize time and cost for numerical ocean modeling.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.9
• /
• pp.2040-2048
• /
• 2010

In contemporary society, though convenience and efficiency of work using information system is growing high, adverse effect problems of malignant code, system hacking, information leak by insiders due to the development of the network are raising their head daily. Because of this, enormous work forces and expenses for the recovery and management of system is needed. The existing system can be divided into two aspects: security solution which surveils and treats virus and malignant codes, and network management solution which observes the system of computer, and practices maintenance and repair such as management, recovery, backup. This treatise applied Active Write Filter mechanism and the technology based on NFS and complemented the maintenance problems of user data of the existing system and designed the system which enables solving problems of intellectual property right such as information protection and illegal work.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.4
• /
• pp.107-113
• /
• 2012

Cloud computing has brought changes to the IT environment. Due to the spread of LTE, users of cloud services are growing more. This which provides IT resources to meet the needs of users of cloud services are noted as a core industry. But it is not activated because of the security of personal data and the safety of the service. In order to solve this, intrusion detection system is constructed as follows. This protects individual data safely which exists in the cloud and also protects information exhaustively from malicious attack. The cause of most attack risk which exists to cloud computing can find in distributed environment. In this study, we analyzed about necessary property of network-based intrusion detection system that process and analyze large amount of data which occur in cloud computing environment. Also, we studied functions which detect and correspond attack occurred in interior of virtualization.