• Journal of the Korea Society of Computer and Information
• /
• v.18 no.10
• /
• pp.129-139
• /
• 2013

Java bytecodes are executed not on target machine but on the Java virtual machines. Since this bytecodes use a higher level representation than binary code, it is possible to decompile most bytecodes back to Java source. Obfuscation is the technique of obscuring code and it makes program difficult to understand. However, most of the obfuscation techniques make the code size and the performance of obfuscated program bigger and slower than original program. In this paper, we proposed an effective Java obfuscation techniques using assignment statements merging that make the source program difficult to understand. The basic approach is to merge assignments statements to append side effects of statement. An additional benefit is that the size of the bytecode is reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.563-577
• /
• 2017

Due to the Internet and computing capability, new and variant malware are discovered around 1 Million per day. Companies use dynamic analysis such as behavior analysis on virtual machines for unknown malware detection because attackers use unknown malware which is not detected by signature based AV effectively. But growing number of malware types are not only PE(Portable Executable) but also non-PE such as MS word or PDF therefore dynamic analysis must need more resources and computing powers to improve detection effectiveness. This study elicits the pre-filtering system evaluation factor to improve effective dynamic malware analysis system and presents and verifies the decision making model and the formula for solution selection using AHP(Analytics Hierarchy Process)

• KIISE Transactions on Computing Practices
• /
• v.21 no.7
• /
• pp.470-475
• /
• 2015

Openstack is an open source software that enables developers to build IaaS(Infrastructure as a Service) cloud platforms. Openstack can virtualize servers, networks and storages, and provide them to users. This paper proposes the structure of Openstack cloud storage system applying Infiniband to solve bottlenecking that may occur between server and storage nodes when the server performs an I/O operation. Furthermore, we implement all flash array based high-performance Cinder storage volumes which can be used at Nova virtual machines by applying distributed RAID-60 structures to three 8-bay SSD storages and show that Infiniband storage networks applied to Openstack is suitable for virtualizing high-performance storage.

• Journal of Internet Computing and Services
• /
• v.14 no.2
• /
• pp.61-71
• /
• 2013

Until now, there have been various studies against Internet worms. Most of intrusion detection and prevention systems against Internet worms use detection rules, but these systems cannot respond to new Internet worms. For this reason, a malicious process control system which uses the fact that Internet worms multicast malicious packets was proposed. However, the greater the number of servers to be protected increases the cost of the malicious process control system, and the probability of detecting Internet worms attacking only some predetermined IP addresses is low. This paper presents a security framework that can reduce the cost of the malicious process control system and increase the probability of detecting Internet worms attacking only some predetermined IP addresses. In the proposed security framework, virtual machines are used to reduce the cost of control servers and unused IP addresses are used to increase the probability of detecting Internet worms attacking only some predetermined IP addresses. Therefore the proposed security framework can effectively respond to a variety of new Internet worms at lower cost.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.1
• /
• pp.86-98
• /
• 2019

Recently, the trend of building container-based PaaS (Platform-as-a-Service) is expanding. Container-based platform technology has been a core technology for realizing a PaaS. Containers have lower operating overhead than virtual machines, so hundreds or thousands of containers can be run on a single physical machine. However, recording and monitoring the storage logs for a large number of containers running in cloud computing environment occurs significant overhead. This work has identified two problems that occur when detecting a file system change event of a container running in a cloud computing environment. This work also proposes a system for container file system event detection in the environment by solving the problem. In the performance evaluation, this work performed three experiments on the performance of the proposed system. It has been experimentally proved that the proposed monitoring system has only a very small effect on the CPU, memory read and write, and disk read and write speeds of the container.

• Journal of Korea Multimedia Society
• /
• v.24 no.1
• /
• pp.75-94
• /
• 2021

The 4th industrial revolution needs a fusion of artificial intelligence, robotics, the Internet of Things (IoT), edge computing, and other technologies. For the fusion of technologies, cloud computing technology can provide flexible and high-performance computing resources so that cloud computing can be the foundation technology of new emerging services. The emerging services become a global-scale, and require much higher performance, availability, and reliability. Public cloud providers already provide global-scale services. However, their services, costs, performance, and policies are different. Enterprises/ developers to come out with a new inter-operable service are experiencing vendor lock-in problems. Therefore, multi-cloud technology that federatively resolves the limitations of single cloud providers is required. We propose a software platform, denoted as Cloud-Barista. Cloud-Barista is a multi-cloud service common platform for federating multiple clouds. It makes multiple cloud services as a single service. We explain the functional architecture of the proposed platform that consists of several frameworks, and then discuss the main design and implementation issues of each framework. To verify the feasibility of our proposal, we show a demonstration which is to create 18 virtual machines on several cloud providers, combine them as a single resource, and manage it.

• International Journal of Contents
• /
• v.16 no.4
• /
• pp.16-25
• /
• 2020

The size of observation data in astronomy has been increasing exponentially with the advents of wide-field optical telescopes. This means the needs of changes to the way used for large-scale astronomy data analysis. The complexity of analysis tools and the lack of extensibility of computing environments, however, lead to the difficulty and inefficiency of dealing with the huge observation data. To address this problem, this paper proposes a workflow execution system for analyzing large-scale astronomy data efficiently. The proposed system is composed of two parts: 1) a workflow execution manager and its RESTful endpoints that can automate and control data analysis tasks based on workflow templates and 2) an elastic resource manager as an underlying mechanism that can dynamically add/remove virtualized computing resources (i.e., virtual machines) according to the analysis requests. To realize our workflow execution system, we implement it on a testbed using OpenStack IaaS (Infrastructure as a Service) toolkit and HTCondor workload manager. We also exhaustively perform a broad range of experiments with different resource allocation patterns, system loads, etc. to show the effectiveness of the proposed system. The results show that the resource allocation mechanism works properly according to the number of queued and running tasks, resulting in improving resource utilization, and the workflow execution manager can handle more than 1,000 concurrent requests within a second with reasonable average response times. We finally describe a case study of data reduction system as an example application of our workflow execution system.

• Journal of Internet of Things and Convergence
• /
• v.9 no.3
• /
• pp.21-26
• /
• 2023

The development and distribution approach of applications is transitioning from a monolithic architecture to microservices and containerization, a lightweight virtualization technology, is becoming a core IT technology. However, unlike traditional virtual machines based on hypervisors, container technology does not provide concrete security boundaries as it shares the same kernel. According to various preceding studies, there are many security vulnerabilities in most container images that are currently shared. Accordingly, attackers may attempt exploitation by using security vulnerabilities, which may seriously affect the system environment. Therefore, in this study, we propose an efficient automated deployment pipeline design to prevent the distribution of container images with security vulnerabilities, aiming to provide a secure container environment. Through this approach, we can ensure a safe container environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.87-97
• /
• 2023

Containers are an emerging virtualization technology that can build an isolated environment more lightweight and faster than existing virtual machines. For that reason, many organizations have recently adopted them for their services. Yet, the container architecture has also exposed many security problems since all containers share the same OS kernel. In this work, we focus on the fact that an attacker can abuse host resources to make them unavailable to benign containers-also known as host resource exhaustion attacks. Then, we analyze the impact of host resource exhaustion attacks through real attack scenarios exhausting critical host resources, such as CPU, memory, disk space, process ID, and sockets in Docker, the most popular container platform. We propose five attack scenarios performed in several different host environments and container images. The result shows that three of them put other containers in denial of service.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.34 no.5
• /
• pp.1609-1623
• /
• 2014

A number of studies have been conducted recently regarding the development of automation systems for the construction sector. Much of this attention has focused on earthwork because it is highly dependent on construction machines and is regarded as being basic for the construction of buildings and civil works. For example, technologies are being developed in order to enable earthwork planning based on construction site models that are constructed by automatic systems and to enable construction equipment to perform the work based on the plan and the environment. There are many problems that need to be solved in order to enable the use of automatic earthwork systems in construction sites. For example, technologies are needed for enabling collaborations between similar and different kinds of construction equipment. This study aims to develop a construction system that imitates collaborative systems and decision-making methods that are used by humans. The proposed system relies on the multi-agent concept from the field of artificial intelligence. In order to develop a multi-agent-based system, configurations and functions are proposed for the agents and a framework for collaboration and arbitration between agents is presented. Furthermore, methods are introduced for preventing duplicate work and minimizing interference effects during the collaboration process. Methods are also presented for performing advance planning for the excavators and compactors that are involved in the construction. The current study suggests a theoretical framework and evaluates the results using virtual simulations. However, in the future, an empirical study will be conducted in order to apply these concepts to actual construction sites through the development of a physical system.