• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.75-86
• /
• 2017

Docker, which is one of the various virtualization technology in server systems, is getting popular as it provides more lightweight environment for service operation than existing virtualization technology. It supports easy way of establishment, update, and migration of server environment with the help of image and container concept. As the adoption of docker technology increases, the attack motive for the server for the distribution of docker images and the incident case of attacking docker-based hosts would also increase. Therefore, the method and procedure of digital forensic investigation of docker-based host including the way to extract the filesystem of containers when docker daemon is inactive are presented in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.637-645
• /
• 2022

Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.25 no.4
• /
• pp.372-380
• /
• 2022

This study proposes a distributed parallel processing system, called the Fast Analysis System for remote sensing daTa(FAST), for large-scale satellite image processing and analysis. FAST is a system that designs jobs in vertices and sequences, and distributes and processes them simultaneously. FAST manages data based on the Hadoop Distributed File System, controls entire jobs based on Apache Spark, and performs tasks in parallel in multiple slave nodes based on a docker container design. FAST enables the high-performance processing of progressively accumulated large-volume satellite images. Because the unit task is performed based on Docker, it is possible to reuse existing source codes for designing and implementing unit tasks. Additionally, the system is robust against software/hardware faults. To prove the capability of the proposed system, we performed an experiment to generate the original satellite images as ortho-images, which is a pre-processing step for all image analyses. In the experiment, when FAST was configured with eight slave nodes, it was found that the processing of a satellite image took less than 30 sec. Through these results, we proved the suitability and practical applicability of the FAST design.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.2
• /
• pp.8-14
• /
• 2016

When Open Source Projects are processed by multiple developers, the Version Control Systems, which control the different versions of the same file being used, is a very useful tool. On the other hand, because most of conventional VCS(SVN, Git, etc.) mainly control the history of the modifications of the source codes or documents, there is an inconvenience that each developer should modify the development environment whenever the development environment is modified. To overcome this inconvenience, this paper suggests a scheme of VC for OSP. The basic concept of the suggested scheme is that an image, including the development environment and controls, is created as a new version using the Docker, virtualization tool of the container method. To review the functional appropriateness of the suggested scheme, after establishing the Docker on the hosts that use the different OS( Ubuntu12.0.4, CentOS7), this study tested a VC that could control the different versions including the history of modifications of the development environment and evaluated them by a comparison with the conventional VCS. The results show that the suggested scheme is a convenient scheme of VC for the OSP.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.10
• /
• pp.415-420
• /
• 2017

Virtualization technique of OS-level is a new paradigm for deploying applications, and is attracting attention as a technology to replace traditional virtualization technique, VM (Virtual Machine). Especially, docker containers are capable of distributing application images faster and more efficient than before by applying layered image structures and union mount point to existing linux container. These characteristics of containers can only be used in layered file systems that support snapshot functionality, so it is required to select appropriate layered file systems according to the characteristics of the containerized application. We examine the characteristics of representative layered file systems and conduct write performance evaluations of each layered file systems according to the operating principles of the layered file system, Allocate-on-Demand and Copy-up. We also suggest the method of determining a appropriate layered file system principle for unknown containerized application by learning block I/O usage history of each layered file system principles in artificial neural network. Finally we validate effectiveness of artificial neural network created from block I/O history of each layered file system principles.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.913-915
• /
• 2022

본 논문은 클라우드 환경에 적합한 IAM(Identity and Access Management) 솔루션을 제안한다. 오픈소스 라이브러리인 Keycloak[1]을 이용하여 그룹 별 권한 관리 및 권한에 따른 리소스 관리가 가능하도록 하며, 솔루션을 쉽게 도입하여 사용할 수 있도록 컨테이너 기술을 통해 신속하게 환경을 구축하고 배포할 수 있게 도와주는 플랫폼인 Docker 를 사용해 Docker image 형식으로 제공한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.89-92
• /
• 2023

최근에 Serverless 컴퓨팅은 많은 관심을 받는 기술로, 서버 프로비저닝 없이 코드를 배포하고 실행할 수 있으며 요청량에 따라 동적으로 컴퓨팅 리소스를 확장하여 애플리케이션을 안정적으로 운영할 수 있는 환경을 제공한다. Serverless 컴퓨팅의 주요 이슈 중 하나인 cold start 는 함수를 실행하기 위한 컨테이너 초기화 및 구동하는 단계이며, 해당 과정에서는 이미지 풀링이 수행될 수 있다. 이미지 풀링은 cold start 지연의 대부분을 차지하고 함수의 응답시간을 증가 시켜서 사용자 경험에 부정적인 영향을 줄 수 있다. 따라서, 본 논문에서는 cold start 지연을 줄이기 위해 도커를 활용해서 이미지 레이어 동시 풀링 개수를 조절함으로써 이미지 풀링 속도를 개선시킬 수 있는지 분석하였다. 이와 같은 분석을 통해 풀링 개수가 풀링 속도에 영향을 줄 수 있음을 확인하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.3
• /
• pp.396-402
• /
• 2022

User interactions are being developed in various forms, and in particular, interactions using human gestures are being actively studied. Among them, hand gesture recognition is used as a human interface in the field of realistic media based on the 3D Hand Model. The use of interfaces based on hand gesture recognition helps users access media media more easily and conveniently. User interaction using hand gesture recognition should be able to view images by applying fast and accurate hand gesture recognition technology without restrictions on the computer environment. This paper developed a fast and accurate user hand gesture recognition algorithm using the open source media pipe framework and machine learning's k-NN (K-Nearest Neighbor). In addition, in order to minimize the restriction of the computer environment, a stereoscopic image control system based on user hand gesture recognition was designed and implemented using a web service environment capable of Internet service and a docker container, a virtual environment.

• Journal of Internet of Things and Convergence
• /
• v.8 no.6
• /
• pp.85-92
• /
• 2022

Demand for big data analysis and AI developers is increasing, but there is a lack of an education base to supply them. In this paper, by developing a cloud-based artificial intelligence education platform, the goal was to establish an environment in which practical practical training can be efficiently learned at low cost at educational institutions and IT companies. The development of the education platform was carried out by planning scenarios for each user, architecture design, screen design, implementation of development functions, and hardware construction. This training platform consists of a containerized workload, service management platform, lecture and development platform for instructors and students, and secured cloud stability through real-time alarm system and age test, CI/CD development environment, and reliability through docker image distribution. The development of this education platform is expected to expand opportunities to enter new businesses in the education field and contribute to fostering working-level human resources in the AI and big data fields.