• Journal of the Korea Society of Computer and Information
• /
• v.21 no.1
• /
• pp.65-72
• /
• 2016

Network virtualization is an emerging technology for solving the rigidity of the physical network infrastructure. The innovative technique virtualizes all resources in the network, including the network links and nodes, and provides a number of virtual networks on a single network infrastructure. In order to realize a virtual network, a thorough and complete monitoring of all resources in the network should be performed firstly. OpenFlow is an open source stack for network virtualization. However, it is impossible to apply OpenFlow to AP-based legacy wireless LAN environment because OpenFlow targets ethernet-based LAN environment. In this paper, we implement an adaptor-styled virtual switch for AP-based wireless LAN through customizing the Open vSwitch which is a virtual switch of OpenFlow. The evaluation test results show that the implemented OpenFlow stack operates successfully. The implemented OpenFlow stack can now be plugged immediately in existing AP-based wireless LAN environment and plays network resource monitoring. In the future, we can develop wireless LAN virtualization applications on the wireless OpenFlow stack.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.21-27
• /
• 2023

In the cloud computing environment, servers and applications can be set up within minutes, and recovery in case of fail ures has also become easier. Particularly, using virtual servers in the cloud is not only convenient but also cost-effective compared to the traditional approach of setting up physical servers just for temporary services. However, most of the und erlying networks and security systems that serve as the foundation for such servers and applications are primarily hardwa re-based, posing challenges when it comes to implementing cloud virtualization. Even within the cloud, there is a growing need for virtualization-based security and protection measures for elements like networks and security infrastructure. This paper discusses research on enhancing the security of cloud networks using network virtualization technology. I configured a secure network by leveraging virtualization technology, creating virtual servers and networks to provide various security benefits. Link virtualization and router virtualization were implemented to enhance security, utilizing the capabilities of virt ualization technology. The application of virtual firewall functionality to the configured network allowed for the isolation of the network. It is expected that based on these results, there will be a contribution towards overcoming security vulnerabil ities in the virtualized environment and proposing a management strategy for establishing a secure network.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.823-826
• /
• 2012

In this paper, we propose an efficient network virtualization model in cloud computing environments. Virtualization is a key technology for the implementation of service-oriented architecture. It is a standardized framework that can be reused or integrated with changing business priorities through a IT infrastructure. Network virtualization has emerged as an important technical issues of the future virtualization technology in Internet. The concept of network virtualization and related technologies stay in ambiguous status since network virtualization is in its early stage. Thus, we propose a network virtualization model for cloud environment by analyzing the existing network virtualization technologies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4902-4932
• /
• 2016

The popularity of network virtualization has recently regained considerable momentum because of the emergence of OpenFlow technology. It is essentially decouples a data plane from a control plane and promotes hardware programmability. Subsequently, OpenFlow facilitates the implementation of network virtualization. This study aims to provide an overview of different approaches to create a virtual network using OpenFlow technology. The paper also presents the OpenFlow components to compare conventional network architecture with OpenFlow network architecture, particularly in terms of the virtualization. A thematic OpenFlow network virtualization taxonomy is devised to categorize network virtualization approaches. Several testbeds that support OpenFlow network virtualization are discussed with case studies to show the capabilities of OpenFlow virtualization. Moreover, the advantages of popular OpenFlow controllers that are designed to enhance network virtualization is compared and analyzed. Finally, we present key research challenges that mainly focus on security, scalability, reliability, isolation, and monitoring in the OpenFlow virtual environment. Numerous potential directions to tackle the problems related to OpenFlow network virtualization are likewise discussed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1198-1212
• /
• 2013

Network virtualization enables autonomous and heterogeneous Virtual Networks (VNs) to co-exist on a shared physical substrate. In a Network Virtualization Environment (NVE), the fact that individual VNs are underpinned by diverse naming mechanisms brings about an obvious challenge for transparent communication across multiple VN domains due to the complexity of uniquely identifying users. Existing solutions were mainly proposed compatible to Internet paradigm with little consideration of their applications in a virtualized environment. This calls for a scalable and efficient naming framework to enable consistent communication across a large user population (fixed or mobile) hosted by multiple VNs. This paper highlights the underlying technical requirements and presents a scalable Global Naming Framework (GNF), which (1) enables transparent communication across multiple VNs owned by the same or different SPs; (2) supports communication in the presence of dynamics induced from both VN and end users; and (3) greatly reduces the network operational complexity (space and time). The suggested approach is assessed through extensive simulation experiments for a range of network scenarios. The numerical result clearly verifies its effectiveness and scalability which enables its application in a large-scale NVE without significant deployment and management hurdles.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.3-11
• /
• 2016

With repid development of optical networking technology, Software-Defined Network (SDN) and Network Function Virtualization (NFV), high performance networking service, collaboration platform that enables collaborative research globally, drastically National Research Network (NRN) including Internet Service has changed. Therefore we compared and analyzed several world-class NRNs and took a view of future development strategy of the NRN. Also we suggest high speed security environment in super high bandwidth network with 40Gbps and 100Gbps optical transmission technology, network separation of NRN with Science DMZ to support high performance network transmission for science big data, building security environment for last-mile in campus network that supports programmability of IDS using BRO framework.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.6 no.4
• /
• pp.231-241
• /
• 2011

Recently, system virtualization has been applied to consumer electronics (CE) such as smart mobile phones. Although multi-core processors have become a viable solution for complex applications of consumer electronics, the issue of utilizing multi-core resources in the virtualization layer has not been researched sufficiently. In this paper, we present a new hypervisor design and implementation for multi-core CE devices. We concretely describe virtualization methods for a multi-core processor and multi-core-related subsystems. We also analyze bottlenecks of network performance in a virtualization environment that supports multimedia applications and propose an efficient virtual interrupt distributor. Our new multi-core hypervisor improves network performance by 5.5 times as compared to a hypervisor without the virtual interrupt distributor.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1071-1076
• /
• 2020

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.2892-2913
• /
• 2016

Network virtualization promises to play a dominant role in shaping the future Internet by overcoming the Internet ossification problem. However, due to the injecting of additional virtualization layers into the network architecture, several new security risks are introduced by the network virtualization. Although traditional protection mechanisms can help in virtualized environment, they are not guaranteed to be successful and may incur high security overheads. By performing the virtual network (VN) embedding in a security-aware way, the risks exposed to both the virtual and substrate networks can be minimized, and the additional techniques adopted to enhance the security of the networks can be reduced. Unfortunately, existing embedding algorithms largely ignore the widespread security risks, making their applicability in a realistic environment rather doubtful. In this paper, we attempt to address the security risks by integrating the security factors into the VN embedding. We first abstract the security requirements and the protection mechanisms as numerical concept of security demands and security levels, and the corresponding security constraints are introduced into the VN embedding. Based on the abstraction, we develop three security-risky modes to model various levels of risky conditions in the virtualized environment, aiming at enabling a more flexible VN embedding. Then, we present a mixed integer linear programming formulation for the VN embedding problem in different security-risky modes. Moreover, we design three heuristic embedding algorithms to solve this problem, which are all based on the same proposed node-ranking approach to quantify the embedding potential of each substrate node and adopt the k-shortest path algorithm to map virtual links. Simulation results demonstrate the effectiveness and efficiency of our algorithms.