I'm a Ph.D. student in Computer Science at University of California, Berkeley (UC Berkeley). I'm working at RISELab (Real-time Intelligent Secure Execution Lab), the successor of AMPLab (Algorithms, Machines, and People Lab), where interesting research projects in systems, security, and machine
learning areas are underway.
Previously, I received my B.S. in Computer Science from School of Computing of KAIST. I spent one year as an exchange student at UIUC. I was an undergraduate researcher/intern at ANLab (Advanced Networking Lab) of KAIST, Cloud and Mobile Research Group of Microsoft Research Asia, and CSAP (Computer Systems and Platforms Laboratory) of SNU.
My graduate study is supported in part by Kwanjeong Educational Foundation. I was previously supported by STX Foundation, Mirae Asset Park Hyeon Joo Foundation, and Samsung SDS.
Protego: Cloud-Scale Multitenant IPsec Gateway [pdf]
, Yongqiang Xiong, Kun Tan, Paul Wang, Ze Gan, and Sue Moon
USENIX Annual Technical Conference (ATC)
, Santa Clara, CA, USA, July 2017
Efficiently Restoring Virtual Machines [pdf] [code]
Bernhard Egger, Erik Gustafsson, Changyeon Jo, and Jeongseok Son
IFIP International Conference on Network and Parallel Computing (NPC)
, Guiyang, China, September 2013, and
Springer International Journal of Parallel Programming (IJPP)
, Volume 43, Issue 3, June 2015
Efficient Live Migration of Virtual Machines Using Shared Storage [pdf]
Changyeon Jo, Erik Gustafsson, Jeongseok Son
, and Bernhard Egger
ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE)
, Houston, TX, USA, March 2013
Cloud-Scale Multitenant IPsec Gateway
Cloud service providers dedicate an IPsec gateway VM to each tenant to provide VPN connections to their virtual networks. We found that this approach wastes a significant amount of resources due to over-provisioning and passive redundancy for high availability. Instead of assigining a monolithic gateway VM, we design a distributed IPsec gateway which can serve multiple tenants using shared resources.
| MSRA W&N Group | MSRA C&M Group | Protego Paper (USENIX ATC '17) |
Data Plane Verification of Networks Containing Middleboxes
We extend VeriFlow, which was designed to verify the correctness of SDN networks real-time, to check traditional networks. To model traditional networks, we collect vendor-specific data plane information of network devices, and parse those data to construct the vendor-agnostic abstraction of networks for verification. I survyed and studied various types of network devices and modeled one of them from scratch.
| VeriFlow Paper (NSDI '13) | Commercialization |
Efficient Virtual Machine Live Migration and Checkpointing
The high network bandwidth consumption and long migration time hinder the wide deployment of VM live migration in data centers. We reduced the amount of memory pages transferred by deduplicating data overlap between memory and disk. We modified Xen Hypervisor to track the page cache information, and to transfer the page-to-block mapping instead of memory contents. Based on this mapping, the target host directly fetches disk blocks from a network attached storage.
| Project Page | Migration Paper (VEE '13) | Checkpointing Paper (NPC '13, IJPP) |