• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.9
• /
• pp.315-320
• /
• 2015

In cloud computing, server virtualization supports one or more virtual machines loaded on multiple operating systems on a single physical host server. Migration of a VM is moving the VM running on a source host to another physical machine called target host. A VM live migration is essential to support task performance optimization, energy efficiency and energy saving, fault tolerance and load balancing. In this paper, we propose open source based adaptive VM live migration technique. For this, we design VM monitoring module to decide VM live migration and open source based full-virtualization hypervisor.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.1
• /
• pp.23-30
• /
• 2014

In this paper, we propose an efficient agent framework for host-based vulnerability assessment system by analyzing the operational concept of traditional vulnerability assessment framework and proposed vulnerability assessment agent framework in virtualization environment. A proposed agent framework have concept by using the features of virtualization technology, it copy and execute checking agent in targeted virtual machines. In order to embody a propose agent framework, we design function block of checking agent and describe a vulnerability checking scenario of proposed agent framework. Also we develop pilot system for vulnerability checking scenario. We improve the shortcomings of the traditional vulnerability assessment system, such as unnecessary system load of the agent, inefficiency due to duplication agent installation. Moreover, the proposed agent framework is maximizing the scalability of the system because there is no agent installation when adding a targeted system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.330-334
• /
• 2017

Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.21-27
• /
• 2023

In the cloud computing environment, servers and applications can be set up within minutes, and recovery in case of fail ures has also become easier. Particularly, using virtual servers in the cloud is not only convenient but also cost-effective compared to the traditional approach of setting up physical servers just for temporary services. However, most of the und erlying networks and security systems that serve as the foundation for such servers and applications are primarily hardwa re-based, posing challenges when it comes to implementing cloud virtualization. Even within the cloud, there is a growing need for virtualization-based security and protection measures for elements like networks and security infrastructure. This paper discusses research on enhancing the security of cloud networks using network virtualization technology. I configured a secure network by leveraging virtualization technology, creating virtual servers and networks to provide various security benefits. Link virtualization and router virtualization were implemented to enhance security, utilizing the capabilities of virt ualization technology. The application of virtual firewall functionality to the configured network allowed for the isolation of the network. It is expected that based on these results, there will be a contribution towards overcoming security vulnerabil ities in the virtualized environment and proposing a management strategy for establishing a secure network.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.3
• /
• pp.31-39
• /
• 2019

Virtualization technology is one of the technologies that have been attracting attention as cloud computing spreads recently. When a system is constructed using virtualization technology, mutiple operation systems can be operated in a single host operating system, thereby facilitating efficient management of computing resources. As more and more operating systems are running on the hypervisor, it is important to measure the overall performance of the virtualization system and this is becoming an important technology. In this paper, we analyze the main functions of the existing profiling tools to measure the performance of the virtualization system, and measure and classify the profiling coverage that the monitoring tools can perform for events that may occur in the virtualization system. In addition, we have studied a framework that enables performance measurement by loading appropriate profiling tools into the guest system when performance measurement is required for the virtualization system according to the information received from the remote system performing the monitoring.

• KIISE Transactions on Computing Practices
• /
• v.22 no.6
• /
• pp.278-283
• /
• 2016

Due to explosive increase in the amount of data produced recently, cloud storage system is required to offer high and stable performance. However, VM (Virtual Machine) migration may result in lowered storage service performance. Especially, in an environment where the host-side flash cache is used in a cloud system, the existing warmed up cache is lost and the problematic cold start begins at a new cache due to a VM migration. In this paper, we first demonstrate and analyze the cold start problem and then propose Cachemior (Cache migrator) which enables efficient hot start of the flash cache.

• Journal of Digital Contents Society
• /
• v.18 no.1
• /
• pp.167-173
• /
• 2017

As the increasing use of the cloud computing, virtualization technology have been combined and applied a variety of requirements. Cloud computing has the advantage that the support computing resource by a flexible and scalable to users as they want and it utilized in a variety of distributed computing. To do this, it is especially important to ensure the stability of the cloud computing. In this paper, we analyzed a variety of component measurement using open-source tools for ensuring the performance of the system on the education system to build cloud testbed environment. And we extract the performance that may affect the virtualization environment from processor, memory, cache, network, etc on each of the host machine(Host Machine) and a virtual machine (Virtual Machine). Using this result, we can clearly grasp the state of the system and also it is possible to quickly diagnose the problem. Furthermore, the cloud computing can be guaranteed the SLA(Service Level Agreement).

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.26-33
• /
• 2017

Recently container technologies have been receiving attention for efficient use of the cloud platform. Container virtualization technology has the advantage of a highly portable, high density when compared with the existing hypervisor. Container virtualization technology, however, uses a virtualization technology at the operating system level, which is shared by a single kernel to run multiple instances. For this reason, the feature of container is that the attacker can obtain the root privilege of the host operating system internal the container. Due to the characteristics of the container, the attacker can attack the root privilege of the host operating system in the container utilizing the vulnerability of the kernel. In this paper, we propose a framework for efficiently detecting and responding to root privilege attacks of a host operating system in a container. This framework uses a memory trap technique to detect changes in a specific memory area of a container and to suspend the operation of the container when it is detected.

• ETRI Journal
• /
• v.35 no.2
• /
• pp.348-351
• /
• 2013

Cloud computing has recently become a significant technology trend in the IT field. Among the related technologies, desktop virtualization has been applied to various commercial applications since it provides many advantages, such as lower maintenance and operation costs and higher utilization. However, the existing solutions offer a very limited performance for 3D graphics applications. Therefore, we propose a novel method in which rendering commands are not executed at the host server but rather are delivered to the client through the network and are executed by the client's graphics device. This method prominently reduces server overhead and makes it possible to provide a stable service at low cost. The results of various experiments prove that the proposed method outperforms all existing solutions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.12
• /
• pp.5375-5400
• /
• 2016

IOMMU is a hardware unit that is indispensable for DMA. Besides address translation and remapping, it also provides I/O virtual address space isolation among devices and memory access control on DMA transactions. However, currently commodity virtualization platforms lack of IOMMU virtualization, so that the virtual machines are vulnerable to DMA security threats. Previous works focus only on DMA security problem of directly assigned devices. Moreover, these solutions either introduce significant overhead or require modifications on the guest OS to optimize performance, and none can achieve high I/O efficiency and good compatibility with the guest OS simultaneously, which are both necessary for production environments. However, for simulated virtual devices the DMA security problem also exists, and previous works cannot solve this problem. The reason behind that is IOMMU circuits on the host do not work for this kind of devices as DMA operations of which are simulated by memory copy of CPU. Motivated by the above observations, we propose an IOMMU para-virtualization solution called PVIOMMU, which provides general functionalities especially DMA security guarantees for both directly assigned devices and simulated devices. The prototype of PVIOMMU is implemented in Qemu/KVM based on the virtio framework and can be dynamically loaded into guest kernel as a module, As a result, modifying and rebuilding guest kernel are not required. In addition, the device model of Qemu is revised to implement DMA access control by separating the device simulator from the address space of the guest virtual machine. Experimental evaluations on three kinds of network devices including Intel I210 (1Gbps), simulated E1000 (1Gbps) and IB ConnectX-3 (40Gbps) show that, PVIOMMU introduces little overhead on DMA transactions, and in general the network I/O performance is close to that in the native KVM implementation without IOMMU virtualization.