• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.10
• /
• pp.533-543
• /
• 2003

With the increase of interests in cluster, there have been a number of research efforts to address the high availability issues on cluster. However, there are no kernel-level group communication systems to support the development of kernel-level application programs and it is not easy to use traditional user-level group communication systems for the kernel-level applications. This paper presents the design and implementation issues of KCGCS(Kernel-level Cluster Group Communication System), which is a kernel-level group communication module for linux cluster. Unlike traditional user-level group communication systems, the KCGCS uses light-weight heartbeat messages and a ring-based heartbeat mechanism, which allows users to implement scalable failure detection mechanisms. Moreover, the KCGCS improves the reliability by using distributed coordinators to maintain membership information.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.711-717
• /
• 2018

The breakthrough in computer and network has facilitated a variety of information exchange. However, at the same time, malicious users and groups are attacking vulnerable systems. Intrusion Detection System(IDS) detects malicious behaviors through network packet analysis. However, it has a burden of processing a large amount of packets in a short time. Therefore, in order to solve these problem, we propose a network intrusion detection system that operates at kernel level to improve detection performance at user level. In fact, we confirmed that the network intrusion detection system implemented at kernel level improves packet analysis and detection performance.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.3
• /
• pp.289-300
• /
• 2003

Traditional kernel-level communication systems for clusters are dependent upon computing platforms. Futhermore, they are not easy to use and do not provide various functions for clusters. This paper presents an architecture and various implementation issues of a kernel-level communication system, KCCM(Kernel level Cluster Communication Module), for linux cluster. The KCCM provides asynchronous communication services as well as standard synchronous communication services using send and receive. The KCCM also automatically detects and recovers connection failures at runtime. This allows programmers to use KCCM when they build mission critical applications over TCP-based connection-oriented communication environments. Having developed using standard socket interfaces, it can be easily ported to various platforms. The experimental results show that the KCCM provides good performance for asynchronous communication patterns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.33-43
• /
• 2001

This paper presents a secure Linux OS in which multi-level security functions are implemented at the kernel level. Current security efforts such as firewall or intrusion detection system provided in application-space without security features of the secure OS suffer from many vulnerabilities. However the development of the secure OS in Korea lies in just an initial state, and NSA has implemented a prototype of the secure Linux but published just some parts of the technologies. Thus our commercialized secure Linux OS with multi-level security kernel functions meets the minimum requirements for TCSEC B1 level as well kernel-mode encryption, real-time audit trail with DB, and restricted use of root privileges.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06a
• /
• pp.325-327
• /
• 2006

현재 사용되고 있는 운영체제들은 그들의 기능을 확장하거나 교체하기 위해서 kernel extension을 사용해 왔다. 일반적으로 이러한 kernel extension들은 커널과 같은 주소공간에서 실행하기 때문에, 그것에서 발생하는 오류(fault)로 인해 전체 시스템이 망가지는 결과를 초래할 위험이 있다. 그래서 kernel extension의 안전한 실행에 관한 연구들은 kernel extension에서 발생한 오류를 전체 시스템으로부터 고립시키는 것이 주목적이었다. 하지만 이러한 방법들은 kernel extension의 어셈블리어로 된 코드를 분석하거나 사용하고 있는 커널의 소스 코드를 수정을 필요로 한다. 본 논문은 Sentry라는 kernel extension을 감시하기 위한 인터포지션 서비스를 제안한다. Sentry를 사용하기 위해서 별도의 커널 코드를 수정할 필요도 없으며, 이미 사용하고 있는 리눅스와 호환될 수 있는 특징을 지니고 있다. 그리고 kernel extension의 소스코드 및 어셈블리 코드에 대한 분석 없이 바이너리 파일을 직접 수정하여 kernel extension을 모니터링 할 수 있도록 한다. 게다가 Sentry는 재구성이 가능하기 때문에 얼마든지 kernel extension에 대한 보호정책을 동적으로 바꿀 수 있다.

• Journal of the Korean Society of Industry Convergence
• /
• v.3 no.1
• /
• pp.17-27
• /
• 2000

A factorization is an extremely important part of multi-level logic synthesis. The number of literals in a factored form is a good estimate of the complexity of a logic function. and can be translated directly into the number of transistors required for implementation. Factored forms are described as either algebraic or Boolean, according to the trade-off between run-time and optimization. A Boolean factored form contains fewer number of literals than an algebraic factored form. In this paper, we present a new method for a Boolean factorization. The key idea is to build an extended co-kernel cube matrix using co-kernel/kernel pairs and kernel/kernel pairs together. The extended co-kernel cube matrix makes it possible to yield a Boolean factored form. We also propose a heuristic method for covering of the extended co-kernel cube matrix. Experimental results on various benchmark circuits show the improvements in literal counts over the algebraic factorization based on Brayton's co-kernel cube matrix.

• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.63-72
• /
• 2011

Binary translation is a kind of the emulation method which converts a binary code compiled on the particular instruction set architecture to the new binary code that can be run on another one. It has been mostly used for migrating legacy systems to new architecture. In recent, binary translation is used for instrumenting programs without modifying source code, because it enables inserting additional codes dynamically, For general application, there already exists some instrumentation software using binary translation, such as dynamic binary analyzers and virtual machine monitors. On the other hand, in order to be benefited from binary translation in kernel-level, a few issues, which include system performance, memory management, privileged instructions, and synchronization, should be treated. These matters are derived from the structure of the kernel, and the difference between the kernel and user-level application. In this paper, we present a scheme to apply binary translation and dynamic instrumentation on kernel. We implement it on Linux kernel and demonstrate that kernel-level binary translation adds an insignificant overhead to performance of the system.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.14 no.5
• /
• pp.249-258
• /
• 2019

In the cyber-physical system, big data collected from numerous sensors and IoT devices is transferred to the Cloud for processing and analysis. When transferring data to the Cloud, merging data into one single file is more efficient than using the data in the form of split files. However, current merging and splitting operations are performed at the user-level and require many I / O requests to memory and storage devices, which is very inefficient and time-consuming. To solve this problem, this paper proposes kernel-level partitioning and combining operations. At the kernel level, splitting and merging files can be done with very little overhead by modifying the file system metadata. We have designed the proposed algorithm in detail and implemented it in the Linux Ext4 file system. In our experiments with the real Cloud storage system, our technique has achieved a transfer time of up to only 17% compared to the case of transferring split files. It also confirmed that the time required can be reduced by up to 0.5% compared to the existing user-level method.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.14 no.3
• /
• pp.284-299
• /
• 2014

Coarse-grained reconfigurable architecture (CGRA)-based multi-core architecture aims at achieving high performance by kernel level parallelism (KLP). However, the existing CGRA-based multi-core architectures suffer from much energy and performance bottleneck when trying to exploit the KLP because of poor resource utilization caused by insufficient flexibility. In this work, we propose a new ring-based sharing fabric (RSF) to boost their flexibility level for the efficient resource utilization focusing on the kernel-stream type of the KLP. In addition, based on the RSF, we introduce a novel inter-CGRA reconfiguration technique for the efficient pipelining of kernel-stream on CGRA-based multi-core architectures. Experimental results show that the proposed approaches improve performance by up to 50.62 times and reduce energy by up to 50.16% when compared with the conventional CGRA-based multi-core architectures.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.