• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.23-32
• /
• 2023

Container-based virtualization has attracted many attentions as an alternative to virtual machine technology because it can be used more lightly by sharing the host operating system instead of individual guest operating systems. However, this advantage may owe some vulnerabilities. In particular, excessive resource use of some containers can affect other containers, which is known as the noisy neighbor problem, so that the important property of isolation may not be guaranteed. The noisy neighbor problem can threat the availability of containers, so we need to consider the noisy neighbor problem as a security problem. In this paper, we investigate vulnerabilities on guarantee of isolation incurred by the noisy neighbor problem in container-based virtualization. For this we first analyze the structure of container-based virtualization environments. Then we present vulnerabilities in 3 functional layers and general directions for solutions with limitations.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.1-9
• /
• 2015

Recently, with smart device proliferation and providing the various services using this, they have interested in mobile and Smart TV security. Smartphone users are enjoying various service, such as cloud, game, banking. But today's mobile security solutions and Study of Smart TV Security simply stays at the level of malicious code detection, mobile device management, security system itself. Accordingly, there is a need for technology for preventing hacking and leakage of sensitive information, such as certificates, legal documents, individual credit card number. To solve this problem, a variety of security technologies(mobile virtualization, ARM TrustZone, GlobalPlatform, MDM) in mobile devices have been studied. In this paper, we propose an efficient method to implement security technology based on TYPE-I virtualization using ARM TrustZone technology.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.3-9
• /
• 2017

NFV is a technology that allows network services to be controlled and managed in software by separating various net work functions (NFs) from hardware devices in dedicated network equipment and implementing them in a high-performance general-purpose server. Therefore, standardized virtualization of network functions is one of the most important factors. However, until the introduction of NFV to provide commercial services, there are many technical issues to be solved such as guaranteeing performance, stability, support for multi-vendor environment, ensuring perfect interoperability, and linking existing virtual and non-virtual resources. In this paper, we propose a method to provide an end-to-end network virtualization service based on OSM R2 in KREONET.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.159-165
• /
• 2016

Through the NFV (Network Function Virtualization), companies such as network service providers and carriers have sought to dramatically reduce CAPEX / OPEX by improving the speed of new service provisioning and flexibility of network construction through the S/W-based devices provided by NFV. One of the most important considerations for establishing an NFV network to provide dynamic services is to determine how to dynamically allocate resources (VNFs), the basic building blocks of network services, in the right place. In this paper, we analyzed the latest research trends on VNF node, link allocation, and scheduling in nodes that are required to provide arbitrary NS in NFV framework. In this paper, we also propose VNF scheduling problems that should be studied further in RA (Resource Allocation).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4902-4932
• /
• 2016

The popularity of network virtualization has recently regained considerable momentum because of the emergence of OpenFlow technology. It is essentially decouples a data plane from a control plane and promotes hardware programmability. Subsequently, OpenFlow facilitates the implementation of network virtualization. This study aims to provide an overview of different approaches to create a virtual network using OpenFlow technology. The paper also presents the OpenFlow components to compare conventional network architecture with OpenFlow network architecture, particularly in terms of the virtualization. A thematic OpenFlow network virtualization taxonomy is devised to categorize network virtualization approaches. Several testbeds that support OpenFlow network virtualization are discussed with case studies to show the capabilities of OpenFlow virtualization. Moreover, the advantages of popular OpenFlow controllers that are designed to enhance network virtualization is compared and analyzed. Finally, we present key research challenges that mainly focus on security, scalability, reliability, isolation, and monitoring in the OpenFlow virtual environment. Numerous potential directions to tackle the problems related to OpenFlow network virtualization are likewise discussed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.7
• /
• pp.526-534
• /
• 2013

With rapid rise of virtualization technology from diverse types of cloud computing service, security problems such as data safety and reliability are the issues at stake. Since damage in virtualization layer of cloud service can cause damage on all host (user) tasks, Hypervisor that provides an environment for multiple virtual operating systems can be a target of attackers. This paper propose a security structure for protecting Hypervisor from hacking and malware infection.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.83-84
• /
• 2013

클라우드 컴퓨팅을 이용하여 다양한 서비스가 생겨남에 따라 클라우드 컴퓨팅 환경에서의 보안이 더욱 중요해지고 있다. 이에 따라 클라우드 컴퓨팅을 구축하는 핵심 기술인 가상화 기술의 보안 또한 중요한 이슈가 되고 있다. 가상화 기술은 독립된 컴퓨팅 환경을 제공함으로써 기본적으로 안전한 컴퓨팅 환경을 제공하지만 가상화 기술의 보안 취약점을 이용하여 보안 공격하는 사례가 증가하고 있다. 이에 본 논문에서는 전가상화 기법과 운영체제 레벨 가상화 기법을 접목시켜 게스트 운영체제로부터 시작되는 보안 공격에 대해 대응할 수 있게 함으로써 보안성을 강화시키는 기법을 제안한다. 또한, 벤치마킹을 통해 이러한 접근방법이 기존의 컴퓨팅 성능에 거의 영향을 미치지 않음을 확인하였다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.1-7
• /
• 2015

As recent smartphone is used around the world, all of the subscribers of the mobile communication is up to 47.7% about 24 million people. Smartphone has a vulnerability to security, and security-related incidents are increased in damage with the smartphone. However, precautions have been made, rather than analysis of the infection of most of the damage occurs after the damaged except for the case of the expert by way of conventional post-countermeasure. In this paper, we implement a mobile-based malware analysis systems apply a virtualization technology. It is designed to analyze the behavior through it. Virtualization is a technique that provides a logical resources to the guest by abstracting the physical characteristics of computing resources. The virtualization technology can improve the efficiency of resources by integrating with cloud computing services to servers, networks, storage, and computing resources to provide a flexible. In addition, we propose a system that can be prepared in advance to buy a security from a user perspective.

• ETRI Journal
• /
• v.43 no.5
• /
• pp.932-940
• /
• 2021

Currently, research on network functions virtualization focuses on using microservices in cloud environments. Previous studies primarily focused on communication between nodes in physical infrastructure. Until now, there is no sufficient research on group key management in virtual environments. The service is composed of microservices that change dynamically according to the virtual service. There are dependencies for microservices on changing the group membership of the service. There is also a high possibility that various security threats, such as data leakage, communication surveillance, and privacy exposure, may occur in interactive communication with microservices. In this study, we propose an ID-based group key exchange (idGKE) mechanism between microservices as one group. idGKE defines the microservices' schemes: group key gen, join group, leave group, and multiple group join. We experiment in a real environment to evaluate the performance of the proposed mechanism. The proposed mechanism ensures an essential requirement for group key management such as secrecy, sustainability, and performance, improving virtual environment security.

• Journal of Convergence Society for SMB
• /
• v.5 no.1
• /
• pp.31-35
• /
• 2015

Cloud computing is internet-based computing technology. This is a form for exchanging service focused on the Internet. Because Cost is saved and use is easy there's a tendency that many companies are using. Cloud is in the form of a public cloud and private cloud and hybrid cloud. The service model is SaaS, PaaS, IaaS. Cloud computing use is simple but it has a security vulnerability. In particular, there is a vulnerability in virtualization and centralized information. In order to overcome this new security technology is to be developed. In particular, network security technology and authentication technology should be developed. Another way to overcome security responsibilities must be clearly and policies should be unified.