• Title/Summary/Keyword: 서비스 기반 아키텍처

Search Result 448, Processing Time 0.023 seconds

A Study on the Improvement of Security Enhancement for ZTNA (보안성 강화를 위한 ZTNA운영 개선방안 연구)

  • Seung Jae Yoo
    • Convergence Security Journal
    • /
    • v.24 no.1
    • /
    • pp.21-26
    • /
    • 2024
  • The security model in the previous network environment has a vulnerability in which resource access control for trusted users is not properly achieved using the Perimeter model based on trust. The Zero Trust is an absolute principle to assume that the users and devices accessing internal data have nothing to trust. Applying the Zero Trust principle is very successful in reducing the attack surface of an organization, and by using the Zero Trust, it is possible to minimize damage when an attack occurs by limiting the intrusion to one small area through segmentation. ZTNA is a major technology that enables organizations to implement Zero Trust security, and similar to Software Defined Boundary (SDP), ZTNA hides most of its infrastructure and services, establishing one-to-one encrypted connections between devices and the resources they need. In this study, we review the functions and requirements that become the principles of the ZTNA architecture, and also study the security requirements and additional considerations according to the construction and operation of the ZTNA solution.

Variability Dependency Analysis for Generating Business Process Models based on Variability Decisions (가변성 결정기반 BPM 생성을 위한 가변성 의존관계 분석)

  • Moon, Mi-Kyeong
    • The KIPS Transactions:PartD
    • /
    • v.16D no.5
    • /
    • pp.791-800
    • /
    • 2009
  • Recently, the business process family model (BPFM), which is new approachfor assuring businessflexibility and enhancing reuse in application development with service oriented architecture (SOA), was proposed. The BPFM is a model which can explicitly represent the variabilities in business process family by using the variability analysis method of software product line. Many business process models (BPM) can be generated automatically through decision and pruning processes from BPFM. At this time, the variabilities tend to have inclusive or exclusive dependencies between them. This affects the decision and pruning processes. So far, little attention has been given to the binding information of variability dependency in the BPFM. In this paper, we propose an approach for analyzing various types of dependency relationships between variabilities and representing the variability and their relationships as a dependency analysis model. Additionally, a method which can trace the variabilities affected by a decision on the dependency analysis model is presented. The case study shows that the proposed approach helps to reduce the number of variability decision and to solve a disagreement of functions in BPM produced by incorrectly deciding the variability.

An Interoperable Mapping Model between SEP 2.0 & OpenADR 2.0b for ICT Grid Convergence (ICT 전력 융합을 위한 SEP 2.0과 OpenADR 2.0b간의 상호운용 매핑 모델)

  • Choi, Min-Young;Lee, June-Kyoung;Lee, Kyoung-Hak
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.8
    • /
    • pp.41-49
    • /
    • 2017
  • The 'NIST Framework and Road Map for Smart Grid Interoperability Standards' proposes an architecture framework to secure the direction of development and standard interoperability of smart grid and provides a list of identified standard, standard cyber security strategies, and certification framework. In particular, SEP 2.0 and OpenADR 2.0 are the examples. SEP 2.0 and OpenADR 2.0 can functionally link HEMS and Smart Grid, but interoperability standards between the two protocols are not planned in above document. The OpenADR Alliance also announced that work is underway to define mapping tables for interoperability between OpenADR 2.0 and SEP 2.0, but no information is yet available. Therefore, In this paper, in developing energy efficiency improvement HEMS, we propose a mapping model that supports syntactic and semantic founded interoperability between SEP 2.0 and OpenADR 2.0b for ICT grid convergence based on the standard specification document of each protocol and confirmed through an example of the semantic mapping function based on the demand response service scenario.

Automated-Database Tuning System With Knowledge-based Reasoning Engine (지식 기반 추론 엔진을 이용한 자동화된 데이터베이스 튜닝 시스템)

  • Gang, Seung-Seok;Lee, Dong-Joo;Jeong, Ok-Ran;Lee, Sang-Goo
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2007.06a
    • /
    • pp.17-18
    • /
    • 2007
  • 데이터베이스 튜닝은 일반적으로 데이터베이스 어플리케이션을 "좀 더 빠르게" 실행하게 하는 일련의 활동을 뜻한다[1]. 데이터베이스 관리자가 튜닝에 필요한 주먹구구식 룰(Rule of thumb)들을 모두 파악 하고 상황에 맞추어 적용하는 것은 비싼 비용과 오랜 시간을 요구한다. 그렇게 때문에 서로 다른 어플 리케이션들이 맞물려 있는 복잡한 서비스는 필수적으로 자동화된 데이터베이스 성능 관리와 튜닝을 필 요로 한다. 본 논문에서는 이를 해결하기 위하여 지식 도매인(Knowledge Domain)을 기초로 한 자동화 된 데이터베이스 튜닝 원칙(Tuning Principle)을 제시하는 시스템을 제안한다. 각각의 데이터베이스 튜닝 이론들은 지식 도매인의 지식으로 활용되며, 성능에 영향을 미치는 요소들을 개체(Object)와 콘셉트 (Concept)로 구성하고 추론 시스템을 통해 튜닝 원칙을 추론하여 쉽고 빠르게 현재 상황에 맞는 튜닝 방법론을 적용시킬 수 있다. 자동화된 데이터베이스 튜닝에 대해 여러 분야에 걸쳐 학문적인 연구가 이루어지고 있다. 그 예로써 Microsoft의 AutoAdmin Project[2], Oracle의 SQL 튜닝 아키텍처[3], COLT[4], DBA Companion[5], SQUASH[6] 등을 들 수 있다. 이러한 최적화 기법들을 각각의 기능적인 방법론에 따라 다시 분류하면 크게 Design Tuning, Logical Structure Tuning, Sentence Tuning, SQL Tuning, Server Tuning, System/Network Tuning으로 나누어 볼 수 있다. 이 중 SQL Tuning 등은 수치적으로 결정되어 이미 존재하는 정보를 이용하기 때문에 구조화된 모델로 표현하기 쉽고 사용자의 다양한 요구에 의해 변화하는 조건들을 수용하기 쉽기 때문에 이에 중점을 두고 성능 문제를 해결하는 데 초점을 맞추었다. 데이터베이스 시스템의 일련의 처리 과정에 따라 DBMS를 구성하는 개체들과 속성, 그리고 연관 관계들이 모델링된다. 데이터베이스 시스템은 Application / Query / DBMS Level의 3개 레벨에 따라 구조화되며, 본 논문에서는 개체, 속성, 연관 관계 및 데이터베이스 튜닝에 사용되는 Rule of thumb들을 분석하여 튜닝 원칙을 포함한 지식의 형태로 변환하였다. 튜닝 원칙은 데이터베이스 시스템에서 발생하는 문제를 해결할 수 있게 하는 일종의 황금률로써 지식 도매인의 바탕이 되는 사실(Fact)과 룰(Rule) 로써 표현된다. Fact는 모델링된 시스템을 지식 도매인의 하나의 지식 개체로 표현하는 방식이고, Rule 은 Fact에 기반을 두어 튜닝 원칙을 지식의 형태로 표현한 것이다. Rule은 다시 시스템 모델링을 통해 사전에 정의되는 Rule와 튜닝 원칙을 추론하기 위해 사용되는 Rule의 두 가지 타업으로 나뉘며, 대부분의 Rule은 입력되는 값에 따라 다른 솔루션을 취하게 하는 분기의 역할을 수행한다. 사용자는 제한적으로 자동 생성된 Fact와 Rule을 통해 튜닝 원칙을 추론하여 데이터베이스 시스템에 적용할 수 있으며, 요구나 필요에 따라 GUI를 통해 상황에 맞는 Fact와 Rule을 수동으로 추가할 수도 었다. 지식 도매인에서 튜닝 원칙을 추론하기 위해 JAVA 기반의 추론 엔진인 JESS가 사용된다. JESS는 스크립트 언어를 사용하는 전문가 시스템[7]으로 선언적 룰(Declarative Rule)을 이용하여 지식을 표현 하고 추론을 수행하는 추론 엔진의 한 종류이다. JESS의 지식 표현 방식은 튜닝 원칙을 쉽게 표현하고 수용할 수 있는 구조를 가지고 있으며 작은 크기와 빠른 추론 성능을 가지기 때문에 실시간으로 처리 되는 어플리케이션 튜닝에 적합하다. 지식 기반 모률의 가장 큰 역할은 주어진 데이터베이스 시스템의 모델을 통하여 필요한 새로운 지식을 생성하고 저장하는 것이다. 이를 위하여 Fact와 Rule은 지식 표현 의 기본 단위인 트리플(Triple)의 형태로 표현된다, 트리플은 Subject, Property, Object의 3가지 요소로 구성되며, 대부분의 Fact와 Rule들은 트리플의 기본 형태 또는 트리플의 조합으로 이루어진 C Condition과 Action의 두 부분의 결합으로 구성된다. 이와 같이 데이터베이스 시스템 모델의 개체들과 속성, 그리고 연관 관계들을 표현함으로써 지식들이 추론 엔진의 Fact와 Rule로 기능할 수 있다. 본 시스템에서는 이를 구현 및 실험하기 위하여 웹 기반 서버-클라이언트 시스템을 가정하였다. 서버는 Process Controller, Parser, Rule Database, JESS Reasoning Engine으로 구성 되 어 있으며, 클라이 언트는 Rule Manager Interface와 Result Viewer로 구성되어 었다. 실험을 통해 얻어지는 튜닝 원칙 적용 전후의 실행 시간 측정 등 데이터베이스 시스템 성능 척도를 비교함으로써 시스템의 효용을 판단하였으며, 실험 결과 적용 전에 비하여 튜닝 원칙을 적용한 경우 최대 1초 미만의 전처리에 따른 부하 시간 추가와 최소 약 1.5배에서 최대 약 3배까지의 처리 시간 개선을 확인하였다. 본 논문에서 제안하는 시스템은 튜닝 원칙을 자동으로 생성하고 지식 형태로 변형시킴으로써 새로운 튜닝 원칙을 파생하여 제공하고, 성능에 영향을 미치는 요소와 함께 직접 Fact과 Rule을 추가함으로써 커스터마이정된 튜닝을 수행할 수 있게 하는 장점을 가진다. 추후 쿼리 자체의 튜닝 및 인텍스 최적화 등의 프로세스 자동화와 Rule을 효율적으로 정의하고 추가하는 방법 그리고 시스템 모델링을 효과적으로 구성하는 방법에 대한 연구를 통해 본 연구를 더욱 개선시킬 수 있을 것이다.

  • PDF

Implementation of Uncertainty Processor for Tracking Vehicle Trajectory (차량 궤적 추적을 위한 불확실성 처리기 구현)

  • Kim, Jin-Suk;Kim, Dong-Ho;Ryu, Keun-Ho
    • The KIPS Transactions:PartD
    • /
    • v.11D no.5
    • /
    • pp.1167-1176
    • /
    • 2004
  • Along the advent of Internet technology, the computing environment has been considerably changed in many application domains. Especially, a lot of researches for e-Logistics have been done for the last 3 years. The e-Logistics means the virtual business activity and service architecture among the logistics companies based on the Internet technology. To construct effectively the e-Logistics framework, researches on the development of the Moving Object Technology(MOT) including GPS and GIS with spatiotemporal databases technique so far has been done The Moving Object Technology stands for the efficient management for the spatiotemporal objects such as vehicles, airplanes, and vessels which change continuously their spatial location along with time flows. However, most systems manage just only the location information detected lately by many reasons so that the uncertainty processing for the past and future location of the moving objects is still very hard. In this paper, we propose the moving object uncertainty model and system design for e-Logistics applications. The MOMS architecture in e-Logistics is suggested and the detailed explain of sub-systems including the uncertainty processor of moving objects is described. We also explain the comprehensive examples of MOMS and uncertainty processing in Delivery Parcel Application that is one of major application of e-Logistics domain.

Fine Grained Resource Scaling Approach for Virtualized Environment (가상화 환경에서 세밀한 자원 활용률 적용을 위한 스케일 기법)

  • Lee, Donhyuck;Oh, Sangyoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.7
    • /
    • pp.11-21
    • /
    • 2013
  • Recently operating a large scale computing resource like a data center becomes easier because of the virtualization technology that virtualize servers and enable flexible resource provision. The most of public cloud services provides automatic scaling in the form of scale-in or scale-out and these scaling approaches works well to satisfy the service level agreement (SLA) of users. However, a novel scaling approach is required to operate private clouds that has smaller amount of computing resources than vast resources of public clouds. In this paper, we propose a hybrid server scaling architecture and related algorithms using both scale-in and scale-out to achieve higher resource utilization rate for private clouds. We uses dynamic resource allocation and live migration to run our proposed algorithm. Our propose system aims to provide a fine-grain resource scaling by steps. Thus private cloud systems are able to keep stable service and to reduce server management cost by optimizing server utilization. The experiment results show that our proposed approach performs better in resource utilization than the scale-out approach based on the number of users.

A Structured Methodology with Device Collaboration Diagram for Evaluating Context-Aware Systems (장비협업도를 활용한 상황인식 시스템에 대한 구조적 평가 방법론)

  • Kwon, Oh-Byung;Lee, Nam-Yeon
    • Journal of Intelligence and Information Systems
    • /
    • v.13 no.2
    • /
    • pp.27-41
    • /
    • 2007
  • Nowadays the context-aware systems have been regarded as a promising opportunity to create differentiated e-marketplaces. Context-aware system aims to provide personalized services by understanding the user's current situation which is automatically acquired from the context data. This aim naturally leads us to a motivation to evaluate to what extent a system is context-aware. Even though lots of endeavors have stated about the level of context-aware system, a structured evaluation has been so far very rare. Hence, the purpose of this paper is to propose a two-phased methodology for assessing context-aware systems. In the first phase, we perform a requisite analysis to discriminate a context-aware system from general or context-based systems. Once an information system is recognized as context-aware system, then level of collaboration, mobility and embeddedness is derived to determine the level of context-aware system in the second phase. To do so, device collaboration diagram (DCD) is proposed to visualize the system architecture. Moreover, readiness and level of system are Jointly considered in the phase to provide a development strategy for each context-aware system development project. To show the feasibility of the idea proposed in this paper, legacy context-aware systems are actually analyzed and evaluated.

  • PDF

An Analysis of Big Video Data with Cloud Computing in Ubiquitous City (클라우드 컴퓨팅을 이용한 유시티 비디오 빅데이터 분석)

  • Lee, Hak Geon;Yun, Chang Ho;Park, Jong Won;Lee, Yong Woo
    • Journal of Internet Computing and Services
    • /
    • v.15 no.3
    • /
    • pp.45-52
    • /
    • 2014
  • The Ubiquitous-City (U-City) is a smart or intelligent city to satisfy human beings' desire to enjoy IT services with any device, anytime, anywhere. It is a future city model based on Internet of everything or things (IoE or IoT). It includes a lot of video cameras which are networked together. The networked video cameras support a lot of U-City services as one of the main input data together with sensors. They generate huge amount of video information, real big data for the U-City all the time. It is usually required that the U-City manipulates the big data in real-time. And it is not easy at all. Also, many times, it is required that the accumulated video data are analyzed to detect an event or find a figure among them. It requires a lot of computational power and usually takes a lot of time. Currently we can find researches which try to reduce the processing time of the big video data. Cloud computing can be a good solution to address this matter. There are many cloud computing methodologies which can be used to address the matter. MapReduce is an interesting and attractive methodology for it. It has many advantages and is getting popularity in many areas. Video cameras evolve day by day so that the resolution improves sharply. It leads to the exponential growth of the produced data by the networked video cameras. We are coping with real big data when we have to deal with video image data which are produced by the good quality video cameras. A video surveillance system was not useful until we find the cloud computing. But it is now being widely spread in U-Cities since we find some useful methodologies. Video data are unstructured data thus it is not easy to find a good research result of analyzing the data with MapReduce. This paper presents an analyzing system for the video surveillance system, which is a cloud-computing based video data management system. It is easy to deploy, flexible and reliable. It consists of the video manager, the video monitors, the storage for the video images, the storage client and streaming IN component. The "video monitor" for the video images consists of "video translater" and "protocol manager". The "storage" contains MapReduce analyzer. All components were designed according to the functional requirement of video surveillance system. The "streaming IN" component receives the video data from the networked video cameras and delivers them to the "storage client". It also manages the bottleneck of the network to smooth the data stream. The "storage client" receives the video data from the "streaming IN" component and stores them to the storage. It also helps other components to access the storage. The "video monitor" component transfers the video data by smoothly streaming and manages the protocol. The "video translator" sub-component enables users to manage the resolution, the codec and the frame rate of the video image. The "protocol" sub-component manages the Real Time Streaming Protocol (RTSP) and Real Time Messaging Protocol (RTMP). We use Hadoop Distributed File System(HDFS) for the storage of cloud computing. Hadoop stores the data in HDFS and provides the platform that can process data with simple MapReduce programming model. We suggest our own methodology to analyze the video images using MapReduce in this paper. That is, the workflow of video analysis is presented and detailed explanation is given in this paper. The performance evaluation was experiment and we found that our proposed system worked well. The performance evaluation results are presented in this paper with analysis. With our cluster system, we used compressed $1920{\times}1080(FHD)$ resolution video data, H.264 codec and HDFS as video storage. We measured the processing time according to the number of frame per mapper. Tracing the optimal splitting size of input data and the processing time according to the number of node, we found the linearity of the system performance.