• The KIPS Transactions:PartA
• /
• v.15A no.4
• /
• pp.199-210
• /
• 2008

A Clustering based wireless internet proxy server needs a layer-7 load balancer with URL hashing methods to reduce the total storage space for servers. Layer-4 load balancer located in front of server cluster is to distribute client requests to the servers with the same contents at transport layer, such as TCP or UDP, without looking at the content of the request. Layer-7 load balancer located in front of server cluster is to parse client requests in application layer and distribute them to servers based on different types of request contents. Layer 7 load balancer allows servers to have different contents in an exclusive way so that it can minimize the total storage space for servers and improve overall cluster performance. However, its scalability is limited due to the high overhead of parsing requests in application layer as different from layer-4 load balancer. In order to overcome its scalability limitation, in this paper, we propose a distributed layer-7 load balancer by replacing a single layer-7 load balancer in the conventional scheme by a single layer-4 load balancer located in front of server cluster and a set of layer-7 load balancers located at server cluster. In a clustering based wireless internet proxy server, we implemented the conventional scheme by using KTCPVS(Kernel TCP Virtual Server), a linux based layer-7 load balancer. Also, we implemented the proposed scheme by using IPVS(IP Virtual Server), a linux-based layer-4 load balancer, installing KTCPVS in each server, and making them work together. We performed experiments using 16 PCs. Experimental results show scalability and high performance of the proposed scheme, as the number of servers grows, compared to the conventional scheme.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.391-398
• /
• 2001

To design and develop secure operating systems, the BLP (Bell-La Padula) model that represents the MLP (Multi-Level Policy) has been widely adopted. However, user\`s security level in the most developed systems based on the BLP model is inherited to a process that is actual subject on behalf of the user, regardless whatever the process behavior is. So, there could be information disclosure threat or modification threat by malicious or unreliable processes even though the user is authorized in the system. These problems can be solved by defining the subject as (user, process) ordered pair and by defining the process reliability. Moreover, when the leveled programs which exist as objects in a disk are executed by a process and have different level from the process level, the security level decision problem occurs. This paper presents an extended BLP (E-BLP) model in which process reliability is considered and solves the security level decision problem. And this model is implemented into the Linux kernel 2.4.7.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.129-140
• /
• 2003

Recently viruses and various hacking tools that threat hosts on a network becomes more intelligent and cleverer, and so the various security mechanisms against them have ken developed during last decades. To detect these network attacks, many NIPSs(Network-based Intrusion Prevention Systems) that are more functional than traditional NIDSs are developed by several companies and organizations. But, many previous NIPSS are hewn to have some weakness in protecting important hosts from network attacks because of its incorrectness and post-management aspects. The aspect of incorrectness means that many NIPSs incorrectly discriminate between normal and attack network traffic in real time. The aspect of post-management means that they generally respond to attacks after the intrusions are already performed to a large extent. Therefore, to detect network attacks in realtime and to increase the capability of analyzing packets, faster and more active responding capabilities are required for NIPS frameworks. In this paper, we propose a framework for real-time intrusion prevention. This framework consists of packet filtering component that works on netfilter in Linux kernel and traffic control component that have a capability of step-by-step control over abnormal network traffic with the CBQ mechanism.

• Journal of Advanced Navigation Technology
• /
• v.16 no.6
• /
• pp.910-919
• /
• 2012

In this paper, we described development of on-board image processing system and its process and verified its performance through flight experiment. The image processing board has single ARM(Advanced Risk Machine) processor. We performed Embedded Linux Porting. Algorithm to be applied for object tracking is color-based image processing algorithm, it can be designed to track the object that has specific color on ground in real-time. To verify performance of the on-board image processing system, we performed flight test using the PNUAV, UAV developed by LAB. Also, we performed optimization of the image processing algorithm and kernel to improve real-time performance. Finally we confirmed that proposed system can track the blue-color object within four pixels error range consistently in the experiment.

• Journal of Advanced Navigation Technology
• /
• v.9 no.1
• /
• pp.61-69
• /
• 2005

TCP and UDP is a transport layer protocol of Internet. TCP is a connection oriented protocol which supports a reliable data transfer by offering error and flow control, but it bring a transmission delay. On the other hand, the UDP is a connectionless protocol which does not carry out error and flow control, but it guarantees a realtime transmission. There are hardly any protocols which supports not only realtime functions but also data reliability. In this paper, we have designed and implemented a new TCP mode option which supports reliable realtime transmission. Our designed TCP performs an error recovery process during a fixed amount of time. This time is negotiated during the connection establishment phase. Our designed TCP is tested in real environments, and we find that it is relatively faster than the standard TCP and more reliable than the UDP. It can be used for the reliable transfer of realtime multimedia data.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.10
• /
• pp.125-133
• /
• 2020

In this paper, we design 4-layer TCP/IP that utilizes minimal memory and processor resources in Internet of Things(IoT) systems. The TCP/IP designed in this paper has the following characteristics. First, memory resource is minimized by using minimal memory allocation. Second, processor resource is minimized by using minimal memory copy. Third, the execution time of the TCP/IP can be completed in a deterministic time. Fourth, there is no memory leak problem. The standard in minimal resources for memory and processor derived in this paper can be used to check whether the network subsystems of the already implemented IoT systems are efficiently implemented. As the result of measuring the amount of memory allocation and copy of the network subsystem of Zephyr, an open source IoT kernel recently released by the Linux Foundation, we found that it was bigger than the standard in minimal resources derived in this paper. The network subsystem of Zephyr was improved according to the design proposed in this paper, confirming that the amount of memory allocation and copy were decreased by about 39% and 67%, respectively, and the execution time was also reduced by about 28%.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.5 s.335
• /
• pp.63-72
• /
• 2005

This paper describes a new approach for the operating system level power management to reduce the energy consumed in the IO devices in a robot platform, which provides various functions such as navigation, multimedia application, and wireless communication. The policy proposed in the paper, which was named the Energy-Aware Job Schedule (EAJS), rearranges the jobs scattered so that the idle periods of the devices are clustered into a time period and the devices are shut down during their idle period. The EAJS selects a schedule that consumes the minimum energyamong the schedules that satisfy the buffer and time constraints. Note that the burst job execution needs a larger memory buffer and causes a longer time delay from generating the job request until to finishing it. A prototype of the EAJS is implemented on the Linux kernel that manages the robot system. The experiment results show that a maximum $44\%$ power saving on a DSP and a wireless LAN card can be obtained with the EAJS.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.6
• /
• pp.1127-1136
• /
• 2017

In wireless networks, the packet loss due to the bit error is misinterpreted as loss due to the congestion state, so TCP congestion control occurs frequently and performance degradation occurs. This degradation also occurs in MPTCP(Multipath TCP), which is an extension protocol of original TCP. In MPTCP, the overall performance of the multipath is degraded. In this paper, we propose a congestion control scheme which measures the bandwidth on each path of MPTCP and reduces the congestion window size by the measured bandwidth when packet loss occurs, in order to solve the MPTCP performance degradation in the wireless environment. We also implemented the proposed congestion control in the Linux kernel and compared it with the original MPTCP in the testbed and real wireless networks. Experimental results show that the proposed congestion control has better throughput performance than original MPTCP congestion control in the wireless environment.

• Journal of KIISE
• /
• v.44 no.5
• /
• pp.469-475
• /
• 2017

The emerging NVMe-based multi-queue SSDs provides a high bandwidth by parallel I/O, i.e., each core performs I/O through its dedicated queue in parallel with other cores. To provide a bandwidth share for each application with I/O, a fair-share scheduler that provides a bandwidth share to each core is required. In this study, we proposed a multi-core scalable fair-queuing algorithm for multi-queue SSDs. The algorithm adopts randomization to minimize the inter-core synchronization overheads and provides a weight-proportional bandwidth share to each core. The results of our experiments indicated that the proposed algorithm gives accurate bandwidth partitioning and outperforms the existing FlashFQ scheduler, regardless of the number of cores for a Linux kernel with block-mq.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.10
• /
• pp.5168-5181
• /
• 2017

The popularity of augmented reality (AR) applications and games are in high demand. Currently, the best common platform to implement AR services is on a smartphone, as online games, navigators, personal assistants, travel guides are among the most popular applications of smartphones. However, the power consumption of an AR application is extremely high, and therefore, highly adaptable and dynamic low power control schemes must be used. Dynamic voltage and frequency scaling (DVFS) schemes are widely used in smartphones to minimize the energy consumption by controlling the device's operational frequency and voltage. DVFS schemes can sometimes lead to longer response times, which can result in a significant problem for AR applications. In this paper, an AR response time monitor is used to observe the time interval between the AR image input and device's reaction time, in order to enable improved operational frequency and AR application process priority control. Based on the proposed response time monitor and the characteristics of the Linux kernel's completely fair scheduler (CFS) (which is the default scheduler of Android based smartphones), a response time step control (RSC) scheme is proposed which adaptively adjusts the CPU frequency and interactive application's priority. The experimental results show that RSC can reduce the energy consumption up to 10.41% compared to the ondemand governor while reliably satisfying the response time performance limit of interactive applications on a smartphone.