[5] Web HTTP [6] [7] Linux OS TOMOYO Linux OS 2.1 (DAC: Discretionary Access Control) (MAC: Mandatory Access Control) 2 [8] DAC (identi
|
|
|
- うまじ にいだ
- 9 years ago
- Views:
Transcription
1 1,2,a) 3,b) 1,c) 1,d) , Linux TOMOYO Linux[1][2] Mandatory Access Control Method Based on Application Execution State Toshiharu Harada 1,2,a) Tetsuo Handa 3,b) Masaki Hashimoto 1,c) Hidehiko Tanaka 1,d) Received: December 2, 2011, Accepted: June 4, 2012 Abstract: Existing access control methods grant access requests based on the combinations of applications as subject and files as objects. Therefore intents of applications and the possible effects caused by granting the access requests have not been taken into consideration. In this paper, we propose a new access control method based on application history and intents. With our access control method, system administrators can reduce the risks caused by malicious access attempts and wrong operations. In this paper, the concept and implementation design will be explained as well as the brief evaluation report of TOMOYO Linux, our implementation of the new access control method to Linux INSTITUTE of INFORMATION SECURITY 2 NTT NTT DATA CORPORATION 3 NTT NTT DATA INTELLILINK CORPORATION a) [email protected] b) [email protected] c) [email protected] d) [email protected] [3][4] c 2012 Information Processing Society of Japan 1
2 [5] Web HTTP [6] [7] Linux OS TOMOYO Linux OS 2.1 (DAC: Discretionary Access Control) (MAC: Mandatory Access Control) 2 [8] DAC (identity-based access control) MAC MAC (rule-based access control) MAC 1983 TCSEC (Trusted Computing Systems Evaluation Criteria)[9] MAC(Labeled Security) TCSEC MAC MAC 2006 MAC(pathname-based MAC) *1 Linux SELinux[10][11][12] SMACK[13], TOMOYO Linux, AppArmor[14] 4 MAC SELinux SMACK MAC TOMOYO Linux AppArmor MAC Subject Object *1 c 2012 Information Processing Society of Japan 2
![control) MAC 1983 TCSEC (Trusted Computing Systems Evaluation Criteria)[9] MAC(Labeled Security) TCSEC MAC MAC 2006 MAC(pathname-based MAC)](/docs-images/41/20463342/images/page_2.jpg "*1 Linux SELinux[10][11][12] SMACK[13], TOMOYO Linux, AppArmor[14] 4 MAC SELinux SMACK MAC TOMOYO Linux AppArmor MAC Subject Object *1")
3 OS Linux execve OS MAC Linux seccomp[15], FreeBSD Capsicum[16] seccomp prctl(pr_set_seccomp, 1); read(), write(), exit(), sigreturn() 4 seccomp Capsicum seccomp Capsicum 2.2 DAC DAC [17] MAC DAC MAC MAC Web Apache.htaccess Web index.txt MAC.htaccess index.txt Web Apache *2 SSH /usr/sbin/sshd -o Banner /etc/shadow /etc/shadow MAC Apache sshd *2 Fedora15 /var/www/html.htaccess c 2012 Information Processing Society of Japan 3
4 SSH ( i ) ( ii ) ( iii ) (i)(ii) Linux SSH Web Apache CGI 1 Linux Fedora 15 *3 3 /bin/bash 1 3 /sbin/init Linux /bin/bash 3 1 /etc/rc.d/init.d/sshd sshd /bin/bash 2 /sbin/agetty /bin/login /bin/bash 3 2 /bin/bash su(switch user) /bin/bash Linux 3 /bin/bash SSH 3.2 *3 c 2012 Information Processing Society of Japan 4
5 Table 1 1 (Linux) Examples of Program Execution History (Linux). 1 SSH bash /sbin/init /etc/rc.d/init.d/sshd /usr/sbin/sshd /usr/sbin/sshd /bin/bash 2 bash /sbin/init /sbin/agetty /bin/login /bin/bash 3 su bash /sbin/init /sbin/agetty /bin/login /bin/bash /bin/su /bin/bash /etc/nologin,.htaccess MAC MAC 4. Linux TOMOYO Linux TOMOYO Linux Linux MAC TOMOYO Linux Linux TOMOYO Linux TOMOYO Linux SourceForge.jp *4 Linux TOMOYO Linux 4.1 Linux id TOMOYO Linux 1 /bin/bash *4 c 2012 Information Processing Society of Japan 5
6 Linux 1 Linux /bin/bash /bin/date Linux UNIX OS fork() execve() 1 /bin/bash fork() execve() /bin/date /bin/date /bin/bash execve() TOMOYO Linux TOMOYO Linux <kernel> <kernel> <kernel> Linux /sbin/init <kernel> /sbin/init /bin/bash <kernel> /sbin/init /sbin/agetty /bin/login /bin/bash TOMOYO Linux 2 Fedora 15 TOMOYO Linux 4.2 Linux i 4.3 MAC [18][19] 2.6 Linux Linux Security Modules[20] LSM LSM c 2012 Information Processing Society of Japan 6
7 1 Fig. 1 Defining Program Execution History. 2 (Fedora 15) Fig. 2 Domain Transition Example (Fedora 15). c 2012 Information Processing Society of Japan 7
8 LSM LSM TOMOYO Linux LSM 4.4 TOMOYO Linux TOMOYO Linux file rename, execute /tmp ID Web TOMOYO Linux 2 TOMOYO Linux 2 file rename 2 TOMOYO Linux Web *5 *5 policy-specification/index.html 2 TOMOYO Linux Table 2 TOMOYO Linux wild card patterns. \* / 0 \@ /. 0 \? / 1 \$ 1 10 \ \X 1 16 \x 16 1 \A 1 \a 1 \- /\{dir\}/ 1 dir/ TOMOYO Linux <kernel> /sbin/init /sbin/agetty /bin/login /bin/bash) /usr/bin/passwd /usr/bin/passwd <kernel> /sbin/init /sbin/agetty /bin/login /bin/bash /usr/bin/passwd /usr/bin/passwd TOMOYO Linux 3 1 /sbin/init /sbin/agetty /bin/login /bin/bash passwd 3 /usr/bin/passwd exec.argv[0] passwd exec.argv[] exec.argc=1 TOMOYO Linux c 2012 Information Processing Society of Japan 8
9 1 <kernel> /sbin/init /sbin/agetty /bin/login /bin/bash 2 3 file execute /usr/bin/passwd exec.realpath="/usr/bin/passwd" exec.argv[0]="passwd" 4 file read/write /dev/tty 5 file read /etc/passwd 6 file read /etc/profile 7 file read /home/harada/.bash_profile 8 file read /home/harada/.bashrc 9 file read /etc/bashrc 10 file write /dev/null 3 /bin/bash Fig. 3 Policy of /bin/bash Domain. /usr/bin/passwd 4 10 /bin/bash 4 3 /usr/bin/passwd /sbin/init /sbin/agetty /bin/login /bin/bash /usr/bin/passwd passwd /etc/shadow /etc/nshadow /etc/shadow ID ID MAC ( i ) file rename /etc/mtab.tmp /etc/mtab /etc/mtab.tmp /etc/mtab file create /var/lock/subsys/crond 0644 /var/lock/subsys/crond 0644 file chmod /dev/mem 0644 /dev/mem 0644 file execute /bin/ls /bin/ls ( ii ) =!= file symlink /dev/cdrom symlink.target="hdc" hdc /dev/cdrom file execute /bin/bash task.uid= ID /bin/bash file read /tmp/file001.tmp task.uid=path1.uid ID /tmp/file001.tmp ID file execute /usr/bin/ssh exec.realpath="/usr/bin/ssh" exec.argv[0]="ssh" ssh /usr/bin/ssh /usr/bin/ssh file execute /bin/bash exec.realpath="/bin/bash" exec.argv[0]="-bash" task.uid!=0 task.euid!=0 -bash /bin/bash ID ID 0 root /bin/bash 4.5 TOMOYO Linux /etc/ccs/domain_policy.conf c 2012 Information Processing Society of Japan 9
10 1 <kernel> /sbin/init /sbin/agetty /bin/login /bin/bash /usr/bin/passwd 2 3 file read /etc/passwd 4 file read /etc/shadow 5 file write /etc/.pwd.lock 6 file read /dev/urandom 7 file create /etc/nshadow file write /etc/nshadow 9 file chown/chgrp /etc/nshadow 0 10 file chmod /etc/nshadow file rename /etc/nshadow /etc/shadow 4 /usr/bin/passwd Fig. 4 Policy of /usr/bin/passwd Domain. root emacs TOMOYO Linux emacs / TOMOYO Linux CUI (Character User Interface) 2 TOMOYO Linux Web * TOMOYO Linux *7 TOMOYO Linux disabled, learning, permissive, enforcing 4 3 TOMOYO Linux *6 html *7 3 TOMOYO Linux Table 3 TOMOYO Linux mode. disabled learning permissive enforcing ( i ) learning ( ii ) ( iii )permissive ( iv )enforcing enforcing c 2012 Information Processing Society of Japan 10
11 Web enforcing TO- MOYO Linux TOMOYO Linux OS /etc/ccs/domain_policy.conf MAC TOMOYO Linux MAC MAC MAC 5. TOMOYO Linux 5.1 ( i ) ( ii ) MAC ( iii ) MAC SELinux 4 ( iv )Role-Based Access Control Role-Based Access Control Model[21] (RBAC) Identity-Based Access Control Model 3 /bin/su /bin/su [22] ID ID root Linux/UNIX root ID ID c 2012 Information Processing Society of Japan 11
12 5.2 MAC SELinux 2007 TOMOYO Linux SELinux Web [23]. SELinux * NPO OS WG OS Web TOMOYO Linux Apache Web Web CGI CGI Apache TOMOYO Linux Linux *8 * 9 * TOMOYO Linux UNIX LMBench[24] LMBench OS TOMOYO Linux TOMOYO Linux TOMOYO Linux LMBench LMBench 4 LMBench Web * 11 TOMOYO Linux 5 TOMOYO Linux 6 5, 6 Func. LMBench Base TOMOYO Linux (µsec)tomoyo TOMOYO Linux MAC (µsec)diff TOMOYO Base (µsec)overhead Overhead = T OMOY O Base Base 100 Overhead 100 TOMOYO Linux 100% 2 5 TOMOYO Linux ±5%TO- MOYO Linux LMBench *9 *10 *11 c 2012 Information Processing Society of Japan 12
13 5 LMBench Table 5 Result of LMBench (not hooked). Func. Base (µsec) TOMOYO (µsec) Diff (µsec) Overhead (%) null syscall null I/O Select on 100 tcp fd s Signal handler installation p/0K ctxsw p/16K ctxsw p/64K ctxsw p/16K ctxsw p/64K ctxsw p/16K ctxsw p/64K ctxsw Pipe AF UNIX Mmap Page Fault Select on 100 fd s LMBench Table 6 Result of LMBench (hooked by TOMOYO). Func. Base (µsec) TOMOYO (µsec) Diff (µsec) Overhead (%) Simple stat Simple open/close Signal handler overhead Process fork+exit Process fork+execve Process fork+/bin/sh -c UDP RPC/UDP TCP RPC/TCP TCP/IP connection cost K File Create K File Delete K File Create K File Delete c 2012 Information Processing Society of Japan 13
14 4 Table 4 Benchmark Envrionment. specification/version CPU Core 2 Duo T GHz Memory 2GB OS Ubuntu x86 64 Kernel TOMOYO Linux 1.8.3p5 Benchmark tool LMBench 3.0-a9 6 stat, open/close, signal handler 50%0K File Create 60% 10K File Create 18.49% 10KB write TOMOYO fork fork exec 5%fork+/bin/sh -c /bin/sh exec exec 2 LSM MAC OS LSM Performance Monitor (LSMPMON)[25] LSMPMON execve /tmp/reexec /tmp/reexec 5 delay (microseconds) 0.4 "bench1.dat" number of domains (logscale) 5 Fig. 5 Performace delay due to domain number increase. 2 TOMOYO Linux TOMOYO Linux µsec /dev/null open /dev/null open 6 1 TOMOYO Linux TOMOYO Linux µsec Linux TOMOYO Linux 2000 c 2012 Information Processing Society of Japan 14
![49% 10KB write TOMOYO fork fork exec 5%fork+/bin/sh -c /bin/sh exec exec 2 LSM MAC OS LSM Performance Monitor (LSMPMON)[25] LSMPMON 5.3.](/docs-images/41/20463342/images/page_14.jpg "2 execve 2 2 100000 /tmp/reexec /tmp/reexec 5 delay (microseconds) 0.4 \"bench1.dat\" 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 1 10 100 1000 10000 100000 number of domains (logscale) 5 Fig.")
15 delay (microseconds) 1.6 "bench2.dat" number of acl definitions (logscale) 6 Fig. 6 Performace delay due to ACL number increase MAC ( i ) MAC MAC MAC ( ii ) DAC ( iii ) TCSEC 1983 MAC AppArmor TOMOYO Linux AppArmor MAC ( i ) TOMOYO Linux AppArmor AppArmor AppArmor * 12 TOMOYO Linux AppArmor ( ii ) AppArmor TOMOYO Linux TOMOYO Linux AppArmor Web ( iii )AppArmor TOMOYO Linux AppArmor TOMOYO Linux RBAC \ * November/ html c 2012 Information Processing Society of Japan 15
![6.1.1 MAC ( i ) MAC MAC MAC ( ii ) DAC ( iii ) TCSEC 1983 MAC 6.1.2 AppArmor TOMOYO Linux 2005 11 AppArmor 2006 1 MAC ( i ) TOMOYO Linux AppArmor AppArmor](/docs-images/41/20463342/images/page_15.jpg "2011 11 AppArmor * 12 TOMOYO Linux AppArmor ( ii ) AppArmor TOMOYO Linux TOMOYO Linux AppArmor Web ( iii )AppArmor TOMOYO Linux AppArmor TOMOYO Linux RBAC \")
16 .git \ Context-aware Access Control, (CAAC: Context-aware Access Control). Matthias Baldauf A survey on context-aware systems [26] Context-aware system CAAC context Web context [27] CAAC context CAAC CAAC Salvia[28] Salvia 2 OS LAN (ESSID) 6.2 [29] ( i ) OS /bin/sh MAC ( ii ) Linux ( iii ) 6.3 execve() execve() c 2012 Information Processing Society of Japan 16
![Web context [27] CAAC context CAAC CAAC Salvia[28] Salvia 2 OS LAN (ESSID) 6.](/docs-images/41/20463342/images/page_16.jpg "2 [29] ( i ) OS /bin/sh MAC ( ii ) Linux ( iii ) 6.")
17 Web Apache CGI (Common Gateway Interface) CGI execve() CGI mod_perl execve() Apache execve() CGI MAC 7. Linux TOMOYO Linux TOMOYO Linux MAC TOMOYO Linux TOMOYO Linux [1] TOMOYO Linux pp (2009). [2] Linux : 4 TOMOYO Linux Vol. 51, No. 10, pp (2010). [3] Peterson, D. S., Bishop, M. and Pandey, R.: Flexible Containment Mechanism for Executing Untrsted Code, 11th USENIX Security Symposium, pp (2002). [4] Vol. 20, No. 4, pp (2003). [5] Goldberg, I., Wagner, D., Thomas, R. and Brewer, E.: A secure environment for untrusted helper applications confining the Wily Hacker, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography-Volume 6, USENIX Association, pp. 1 1 (1996). [6] Barth, A., Jackson, C., Reis, C. and Team, T.: The security architecture of the Chromium browser (2008). [7] Loscocco, P. A., Smalley, S. D., Muckerbauer, P. A., Taylor, R. C., Turner, S. J. and Farrell, J. F.: The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments, 21st National Information Systems Security Conference, Vol. 10, No. 2, pp (1989). [8] Bishop, M.: Computer Security: Art and Science [9] Tcsec, D.: Trusted computer system evaluation criteria, DoD STD, Vol. 83 (1983). [10] Peter Loscocco, N.: Integrating flexible support for security policies into the Linux operating system, Proceedings of the FREENIX Track 2001 USENIX annual technical conference, June 25-30, 2001, Boston, Massachusetts, USA, Citeseer, p. 29 (2001). [11] Loscocco, P. A. and Smalley, S. D.: Meeting Critical Security Objectives with Security-Enhanced Linux, Ottawa Linux Symposium (2001). [12] Smalley, S.: Configuring the SELinux policy, NAI Laboratories (2005). [13] Schaufler, C.: Smack in embedded computing, Proceedings of the 10th Linux Symposium (2008). [14] Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P. and Gligor, V.: Subdomain: Parsimonious server c 2012 Information Processing Society of Japan 17
![: Flexible Containment Mechanism for Executing Untrsted Code, 11th USENIX Security Symposium, pp. 207 225 (2002). [4] Vol. 20, No. 4, pp. 55 72 (2003). [5] Goldberg, I., Wagner, D., Thomas, R.](/docs-images/41/20463342/images/page_17.jpg "and Brewer, E.")
18 security, Proceedings of the 14th USENIX conference on System administration, USENIX Association, pp (2000). [15] Winter, J.: Trusted computing building blocks for embedded linux-based ARM trustzone platforms, Proceedings of the 3rd ACM workshop on Scalable trusted computing, ACM, pp (2008). [16] Watson, R., Anderson, J., Laurie, B. and Kennaway, K.: Capsicum: practical capabilities for UNIX, USENIX Security (2010). [17] Ken, W.: Buffer Overflow Attacks and Their Countermeasures., Vol. 19, No. 1, pp (online), available from ( ). [18] Sandhu, R. and Samarati, P.: Access control: principle and practice, Communications Magazine, IEEE, Vol. 32, No. 9, pp (1994). [19] / SysGuard Vol. 43, No. 6, pp (2002). [20] Wright, C., Cowan, C., Smalley, S., Morris, J. and Kroah-Hartman, G.: Linux security modules: General security support for the Linux kernel (2003). [21] Sandhu, R., Coyne, E., Feinstein, H. and Youman, C.: Role-based access control models, Computer, Vol. 29, No. 2, pp (1996). [22] OS Vol. 11, pp (2005). [23] (2003). [24] McVoy, L. and Staelin, C.: lmbench: Portable tools for performance analysis, Proceedings of the 1996 annual conference on USENIX Annual Technical Conference, Usenix Association, pp (1996). [25] LSM OS D Vol. J92-D, No. 7, pp (2009). [26] Baldauf, M., Dustdar, S. and Rosenberg, F.: A survey on context-aware systems, International Journal of Ad Hoc and Ubiquitous Computing, Vol. 2, No. 4, pp (2007). [27] Truong, H. and Dustdar, S.: A survey on context-aware web service systems, International Journal of Web Information Systems, Vol. 5, No. 1, pp (2009). [28] KAZUHISA, S., YOSHIMI, I., KOICHI, M. and EIJI, O.: An Adaptive Data Protection Method based on Contexts of Data Access in Privacy- Aware Operating System Salvia(Operating System),. Vol. 47, No. 3, pp (online), available from ( ). [29] Vol. 21, No. 6, pp (2004) NTT 2012 IEEE, ACM 2001 NTT NTT 2003 Linux IEEE ISS Parallel Inference Engine,, IEEE c 2012 Information Processing Society of Japan 18
![, Anderson, J., Laurie, B. and Kennaway, K.: Capsicum: practical capabilities for UNIX, USENIX Security (2010). [17] Ken, W.: Buffer Overflow Attacks and Their Countermeasures., Vol. 19, No. 1, pp.](/docs-images/41/20463342/images/page_18.jpg "49 63 (online), available from http://ci.nii.ac.jp/naid/110003744115/en/ (2002-01- 15). [18] Sandhu, R. and Samarati, P.: Access control: principle and practice, Communications Magazine, IEEE, Vol.")
MAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP
![MAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP](/thumbs/92/108755579.jpg "MAC root Linux 1 OS Linux 2.6 Linux Security Modules LSM [1] Security-Enhanced Linux SELinux [2] AppArmor[3] OS OS OS LSM LSM Performance Monitor LSMP")
LSM OS 700-8530 3 1 1 [email protected] [email protected] 242-8502 1623 14 [email protected] OS Linux 2.6 Linux Security Modules LSM LSM Linux 4 OS OS LSM An Evaluation of Performance
使いこなせて安全なLinuxを目指して
[email protected] Linux Linux(DAC) 2005/6/2 Copyright (C) 2005 NTT DATA CORPORATION. 1 Linux Linux NO SELinux Yes 2005/6/2 Copyright (C) 2005 NTT DATA CORPORATION. 2 2005/6/2 Copyright (C) 2005 NTT
Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m
![Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m](/thumbs/92/108648363.jpg "Vol.55 No (Jan. 2014) saccess 6 saccess 7 saccess 2. [3] p.33 * B (A) (B) (C) (D) (E) (F) *1 [3], [4] Web PDF a m")
Vol.55 No.1 2 15 (Jan. 2014) 1,a) 2,3,b) 4,3,c) 3,d) 2013 3 18, 2013 10 9 saccess 1 1 saccess saccess Design and Implementation of an Online Tool for Database Education Hiroyuki Nagataki 1,a) Yoshiaki
, : GUI Web Java 2.1 GUI GUI GUI 2 y = x y = x y = x
J.JSSAC (2005) Vol. 11, No. 3,4, pp. 77-88 Noda2005 MathBlackBoard MathBlackBoard is a Java program based on the blackboard applet. We can use the blackboard applet with GUI operations. The blackboard
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE {s-kasihr, wakamiya,
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE. 565-0871 1 5 E-mail: {s-kasihr, wakamiya, murata}@ist.osaka-u.ac.jp PC 70% Design, implementation, and evaluation
etrust Access Control etrust Access Control UNIX(Linux, Windows) 2
etrust Access Control etrust Access Control UNIX(Linux, Windows) 2 etrust Access Control etrust Access Control 3 ID 10 ID SU ID root 4 OS OS 2 aaa 3 5 TCP/IP outgoing incoming DMZ 6 OS setuid/setgid) OS
& Vol.2 No (Mar. 2012) 1,a) , Bluetooth A Health Management Service by Cell Phones and Its Us
1,a) 1 1 1 1 2 2 2011 8 10, 2011 12 2 1 Bluetooth 36 2 3 10 70 34 A Health Management Service by Cell Phones and Its Usability Evaluation Naofumi Yoshida 1,a) Daigo Matsubara 1 Naoki Ishibashi 1 Nobuo
& Vol.5 No (Oct. 2015) TV 1,2,a) , Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Ro
TV 1,2,a) 1 2 2015 1 26, 2015 5 21 Augmented TV TV AR Augmented Reality 3DCG TV Estimation of TV Screen Position and Rotation Using Mobile Device Hiroyuki Kawakita 1,2,a) Toshio Nakagawa 1 Makoto Sato
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment
28 Docker Design and Implementation of Program Evaluation System Using Docker Virtualized Environment 1170288 2017 2 28 Docker,.,,.,,.,,.,. Docker.,..,., Web, Web.,.,.,, CPU,,. i ., OS..,, OS, VirtualBox,.,
3_23.dvi
Vol. 52 No. 3 1234 1244 (Mar. 2011) 1 1 mixi 1 Casual Scheduling Management and Shared System Using Avatar Takashi Yoshino 1 and Takayuki Yamano 1 Conventional scheduling management and shared systems
1 DHT Fig. 1 Example of DHT 2 Successor Fig. 2 Example of Successor 2.1 Distributed Hash Table key key value O(1) DHT DHT 1 DHT 1 ID key ID IP value D
P2P 1,a) 1 1 Peer-to-Peer P2P P2P P2P Chord P2P Chord Consideration for Efficient Construction of Distributed Hash Trees on P2P Systems Taihei Higuchi 1,a) Masakazu Soshi 1 Tomoyuki Asaeda 1 Abstract:
Vol. 48 No. 4 Apr LAN TCP/IP LAN TCP/IP 1 PC TCP/IP 1 PC User-mode Linux 12 Development of a System to Visualize Computer Network Behavior for L
Vol. 48 No. 4 Apr. 2007 LAN TCP/IP LAN TCP/IP 1 PC TCP/IP 1 PC User-mode Linux 12 Development of a System to Visualize Computer Network Behavior for Learning to Associate LAN Construction Skills with TCP/IP
2). 3) 4) 1.2 NICTNICT DCRA Dihedral Corner Reflector micro-arraysdcra DCRA DCRA DCRA 3D DCRA PC USB PC PC ON / OFF Velleman K8055 K8055 K8055
1 1 1 2 DCRA 1. 1.1 1) 1 Tactile Interface with Air Jets for Floating Images Aya Higuchi, 1 Nomin, 1 Sandor Markon 1 and Satoshi Maekawa 2 The new optical device DCRA can display floating images in free
( )
NAIST-IS-MT0851100 2010 2 4 ( ) CR CR CR 1980 90 CR Kerberos SSH CR CR CR CR CR CR,,, ID, NAIST-IS- MT0851100, 2010 2 4. i On the Key Management Policy of Challenge Response Authentication Schemes Toshiya
TOMOYO Linuxを体験しよう
TOMOYO Linux を体験しよう 2.1. TOMOYO Linux について ポイント! TOMOYO Linux は誰でも使えるセキュア OS を目指して開発された国産のセキュア OS です SELinux はもともと軍事 政府向けに開発されていること 特に CC 認証を取得することを目的としていることもあり 使い勝手の面ではあまりよくありませんでした そこで 誰でもつかえるセキュア OS
Web Web Web Web Web, i
22 Web Research of a Web search support system based on individual sensitivity 1135117 2011 2 14 Web Web Web Web Web, i Abstract Research of a Web search support system based on individual sensitivity
IPSJ SIG Technical Report Vol.2009-DPS-141 No.20 Vol.2009-GN-73 No.20 Vol.2009-EIP-46 No /11/27 1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Spe
1. MIERUKEN 1 2 MIERUKEN MIERUKEN MIERUKEN: Speech Visualization System Based on Augmented Reality Yuichiro Nagano 1 and Takashi Yoshino 2 As the spread of the Augmented Reality(AR) technology and service,
[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing
![[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing](/thumbs/93/112070099.jpg "[2] OCR [3], [4] [5] [6] [4], [7] [8], [9] 1 [10] Fig. 1 Current arrangement and size of ruby. 2 Fig. 2 Typography combined with printing")
1,a) 1,b) 1,c) 2012 11 8 2012 12 18, 2013 1 27 WEB Ruby Removal Filters Using Genetic Programming for Early-modern Japanese Printed Books Taeka Awazu 1,a) Masami Takata 1,b) Kazuki Joe 1,c) Received: November
内閣官房情報セキュリティセンター(NISC)
( ) ...1 1.1.1...1 (1)..1 (2)...1 (3)...1 1.1.2...2 (1)...2 (2)...2 (3)...2 (4)...3 (5)...3 (6)...3 1.1.3...4...10 2.1...10 2.1.1...10...10...10 (1)...10 (2)... 11 (3)... 11 (4)...12 (5)...13 (6)...13
258 5) GPS 1 GPS 6) GPS DP 7) 8) 10) GPS GPS 2 3 4 5 2. 2.1 3 1) GPS Global Positioning System
Vol. 52 No. 1 257 268 (Jan. 2011) 1 2, 1 1 measurement. In this paper, a dynamic road map making system is proposed. The proposition system uses probe-cars which has an in-vehicle camera and a GPS receiver.
29 jjencode JavaScript
Kochi University of Technology Aca Title jjencode で難読化された JavaScript の検知 Author(s) 中村, 弘亮 Citation Date of 2018-03 issue URL http://hdl.handle.net/10173/1975 Rights Text version author Kochi, JAPAN http://kutarr.lib.kochi-tech.ac.jp/dspa
Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval
![Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval](/thumbs/77/76504768.jpg "Web ( ) [1] Web Shibboleth SSO Web SSO Web Web Shibboleth SAML IdP(Identity Provider) Web Web (SP:ServiceProvider) ( ) IdP Web Web MRA(Mail Retrieval")
SAML PAM SSO Web 1,a) 1 1 1 Shibboleth SAML Web IMAPS Web SAML PAM IMAPS SSO Web Shibboleth Web SSO, Shibboleth, SAML, Web, Web-based mail system with SSO authentication through SAML supporting PAM Makoto
9_18.dvi
Vol. 49 No. 9 3180 3190 (Sep. 2008) 1, 2 3 1 1 1, 2 4 5 6 1 MRC 1 23 MRC Development and Applications of Multiple Risk Communicator Ryoichi Sasaki, 1, 2 Yuu Hidaka, 3 Takashi Moriya, 1 Katsuhiro Taniyama,
6_27.dvi
Vol. 49 No. 6 1932 1941 (June 2008) RFID 1 2 RFID RFID RFID 13.56 MHz RFID A Experimental Study for Measuring Human Activities in A Bathroom Using RFID Ryo Onishi 1 and Shigeyuki Hirai 2 A bathroom is
IPSJ SIG Technical Report Vol.2011-IOT-12 No /3/ , 6 Construction and Operation of Large Scale Web Contents Distribution Platfo
1 1 2 3 4 5 1 1, 6 Construction and Operation of Large Scale Web Contents Distribution Platform using Cloud Computing 1. ( ) 1 IT Web Yoshihiro Okamoto, 1 Naomi Terada and Tomohisa Akafuji, 1, 2 Yuko Okamoto,
( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst
![( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst](/thumbs/91/107597950.jpg "( ) [1] [4] ( ) 2. [5] [6] Piano Tutor[7] [1], [2], [8], [9] Radiobaton[10] Two Finger Piano[11] Coloring-in Piano[12] ism[13] MIDI MIDI 1 Fig. 1 Syst")
情報処理学会インタラクション 2015 IPSJ Interaction 2015 15INT014 2015/3/7 1,a) 1,b) 1,c) Design and Implementation of a Piano Learning Support System Considering Motivation Fukuya Yuto 1,a) Takegawa Yoshinari 1,b) Yanagi
DPA,, ShareLog 3) 4) 2.2 Strino Strino STRain-based user Interface with tacticle of elastic Natural ObjectsStrino 1 Strino ) PC Log-Log (2007 6)
1 2 1 3 Experimental Evaluation of Convenient Strain Measurement Using a Magnet for Digital Public Art Junghyun Kim, 1 Makoto Iida, 2 Takeshi Naemura 1 and Hiroyuki Ota 3 We present a basic technology
(a) (b) 1 JavaScript Web Web Web CGI Web Web JavaScript Web mixi facebook SNS Web URL ID Web 1 JavaScript Web 1(a) 1(b) JavaScript & Web Web Web Webji
Webjig Web 1 1 1 1 Webjig / Web Web Web Web Web / Web Webjig Web DOM Web Webjig / Web Web Webjig: a visualization tool for analyzing user behaviors in dynamic web sites Mikio Kiura, 1 Masao Ohira, 1 Hidetake
"CAS を利用した Single Sign On 環境の構築"
CAS 2 Single Sign On 1,3, 2,3, 2, 2,3 1 2 3 May 31, 2007 ITRC p. 1/29 Plan of Talk Brief survey of Single Sign On using CAS Brief survey of Authorization Environment using CAS 2 Summary May 31, 2007 ITRC
2.1... 1 2.1.1.1... 1 (1). 1 (2)... 1 (3)... 1 2.1.1.2... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.3... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.4... 2 2.1.1.5... 2 2.2... 3 2.2.1... 3 2.2.1.1... 3... 3... 3 (1)...
1. HNS [1] HNS HNS HNS [2] HNS [3] [4] [5] HNS 16ch SNR [6] 1 16ch 1 3 SNR [4] [5] 2. 2 HNS API HNS CS27-HNS [1] (SOA) [7] API Web 2
![1. HNS [1] HNS HNS HNS [2] HNS [3] [4] [5] HNS 16ch SNR [6] 1 16ch 1 3 SNR [4] [5] 2. 2 HNS API HNS CS27-HNS [1] (SOA) [7] API Web 2](/thumbs/91/106048225.jpg "1. HNS [1] HNS HNS HNS [2] HNS [3] [4] [5] HNS 16ch SNR [6] 1 16ch 1 3 SNR [4] [5] 2. 2 HNS API HNS CS27-HNS [1] (SOA) [7] API Web 2")
THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS TECHNICAL REPORT OF IEICE. 657 8531 1 1 E-mail: {soda,matsubara}@ws.cs.kobe-u.ac.jp, {masa-n,shinsuke,shin,yosimoto}@cs.kobe-u.ac.jp,
7,, i
23 Research of the authentication method on the two dimensional code 1145111 2012 2 13 7,, i Abstract Research of the authentication method on the two dimensional code Karita Koichiro Recently, the two
自然言語処理16_2_45
FileMaker Pro E-learning GUI Phrase Reading Cloze. E-learning Language Processing Technology and Educational Material Development Generating English Educational Material using a Database Software Kenichi
DEIM Forum 2009 C8-4 QA NTT QA QA QA 2 QA Abstract Questions Recomme
DEIM Forum 2009 C8-4 QA NTT 239 0847 1 1 E-mail: {kabutoya.yutaka,kawashima.harumi,fujimura.ko}@lab.ntt.co.jp QA QA QA 2 QA Abstract Questions Recommendation Based on Evolution Patterns of a QA Community
fiš„v8.dvi
(2001) 49 2 333 343 Java Jasp 1 2 3 4 2001 4 13 2001 9 17 Java Jasp (JAva based Statistical Processor) Jasp Jasp. Java. 1. Jasp CPU 1 106 8569 4 6 7; [email protected] 2 106 8569 4 6 7; [email protected]
IPSJ SIG Technical Report Vol.2016-ARC-221 No /8/9 GC 1 1 GC GC GC GC DalvikVM GC 12.4% 5.7% 1. Garbage Collection: GC GC Java GC GC GC GC Dalv
GC 1 1 GC GC GC GC DalvikVM GC 12.4% 5.7% 1. Garbage Collection: GC GC Java GC GC GC GC DalvikVM[1] GC 1 Nagoya Institute of Technology GC GC 2. GC GC 2.1 GC 1 c 2016 Information Processing Society of
[1] [2] [3] (RTT) 2. Android OS Android OS Google OS 69.7% [4] 1 Android Linux [5] Linux OS Android Runtime Dalvik Dalvik UI Application(Home,T
![[1] [2] [3] (RTT) 2. Android OS Android OS Google OS 69.7% [4] 1 Android Linux [5] Linux OS Android Runtime Dalvik Dalvik UI Application(Home,T](/thumbs/92/109356146.jpg "[1] [2] [3] (RTT) 2. Android OS Android OS Google OS 69.7% [4] 1 Android Linux [5] Linux OS Android Runtime Dalvik Dalvik UI Application(Home,T")
LAN Android Transmission-Control Middleware on multiple Android Terminals in a WLAN Environment with consideration of Round Trip Time Ai HAYAKAWA, Saneyasu YAMAGUCHI, and Masato OGUCHI Ochanomizu University
i
21 Fault-Toleranted Authentication Data Distribution Protocol for Autonomous Distributed Networks 1125153 2010 3 2 i Abstract Fault-Toleranted Authentication Data Distribution Protocol for Autonomous Distributed
,,.,,., II,,,.,,.,.,,,.,,,.,, II i
12 Load Dispersion Methods in Thin Client Systems 1010405 2001 2 5 ,,.,,., II,,,.,,.,.,,,.,,,.,, II i Abstract Load Dispersion Methods in Thin Client Systems Noritaka TAKEUCHI Server Based Computing by
B HNS 7)8) HNS ( ( ) 7)8) (SOA) HNS HNS 4) HNS ( ) ( ) 1 TV power, channel, volume power true( ON) false( OFF) boolean channel volume int
SOA 1 1 1 1 (HNS) HNS SOA SOA 3 3 A Service-Oriented Platform for Feature Interaction Detection and Resolution in Home Network System Yuhei Yoshimura, 1 Takuya Inada Hiroshi Igaki 1, 1 and Masahide Nakamura
23 Fig. 2: hwmodulev2 3. Reconfigurable HPC 3.1 hw/sw hw/sw hw/sw FPGA PC FPGA PC FPGA HPC FPGA FPGA hw/sw hw/sw hw- Module FPGA hwmodule hw/sw FPGA h
23 FPGA CUDA Performance Comparison of FPGA Array with CUDA on Poisson Equation ([email protected]), ([email protected]), ([email protected]), ([email protected]),
"CAS を利用した Single Sign On 環境の構築"
CAS 2 SSO Authorization 1,3, 2,3, 2, 2,3 1 2 3 Central Authentication and Authorization Service (CAS 2 ) Web Application Single Sign On Authorization CAS 2 SSO/AuthZ Jan. 30 2007, p. 1/40 Plan of Talk
Tf9-1-07-7168.dvi
/Review 1 1 1 1 2 Innovation Process Technology Hideyasu KARASAWA 1, Katsuro SAGANE 1, Hidenaga KARASAWA 1, Akira KURIYAMA 1, and Minoru KOBAYASHI 2 Abstract We propose a methodology for Innovation Process
Microsoft Word ●LMbenchによるメモリレイテンシ測定_石附_ _更新__ doc
2.2.4. LMbench によるメモリレイテンシ測定 富士通株式会社 石附茂 1. 概要 LMbench はマシンの基本性能を測定するツールである 測定項目は以下の 2 項目に大別される 1) バンド幅メモリ, ファイル入出力関連 2) レイテンシキャッシュ, メモリ, コンテキストスイッチ, ファイル操作, プロセス, シグナルなど 2. メモリレイテンシの実測 LMbench を使用し メモリレイテンシを実測した結果を報告する
DEIM Forum 2012 C2-6 Hadoop Web Hadoop Distributed File System Hadoop I/O I/O Hadoo
DEIM Forum 12 C2-6 Hadoop 112-86 2-1-1 E-mail: [email protected], [email protected] Web Hadoop Distributed File System Hadoop I/O I/O Hadoop A Study about the Remote Data Access Control for Hadoop
2) TA Hercules CAA 5 [6], [7] CAA BOSS [8] 2. C II C. ( 1 ) C. ( 2 ). ( 3 ) 100. ( 4 ) () HTML NFS Hercules ( )
![2) TA Hercules CAA 5 [6], [7] CAA BOSS [8] 2. C II C. ( 1 ) C. ( 2 ). ( 3 ) 100. ( 4 ) () HTML NFS Hercules ( )](/thumbs/78/78162263.jpg "2) TA Hercules CAA 5 [6], [7] CAA BOSS [8] 2. C II C. ( 1 ) C. ( 2 ). ( 3 ) 100. ( 4 ) () HTML NFS Hercules ( )")
1,a) 2 4 WC C WC C Grading Student programs for visualizing progress in classroom Naito Hiroshi 1,a) Saito Takashi 2 Abstract: To grade student programs in Computer-Aided Assessment system, we propose
Vol.53 No (July 2012) EV ITS 1,a) , EV 1 EV ITS EV ITS EV EV EV Development and Evaluation of ITS Information Commu
EVITS 1,a) 2 2 2011 10 21, 2012 4 2 EV 1 EV ITS EV ITS EV EV EV Development and Evaluation of ITS Information Communication System for Electric Vehicle Yuriko Hattori 1,a) Tomokazu Shimoda 2 Masayoshi
21 Key Exchange method for portable terminal with direct input by user
21 Key Exchange method for portable terminal with direct input by user 1110251 2011 3 17 Diffie-Hellman,..,,,,.,, 2.,.,..,,.,, Diffie-Hellman, i Abstract Key Exchange method for portable terminal with
1: ( 1) 3 : 1 2 4
RippleDesk Using Ripples to Represent Conversational Noise on Internet Shigaku Iwabuchi Takaomi Hisamatsu Shin Takahashi Buntarou Shizuki Kazuo Misue Jiro Tanaka Department of Comupter Science, University
Input image Initialize variables Loop for period of oscillation Update height map Make shade image Change property of image Output image Change time L
1,a) 1,b) 1/f β Generation Method of Animation from Pictures with Natural Flicker Abstract: Some methods to create animation automatically from one picture have been proposed. There is a method that gives
IPSJ SIG Technical Report Vol.2013-CE-122 No.16 Vol.2013-CLE-11 No /12/14 Android 1,a) 1 1 GPS LAN 2 LAN Android,,, Android, HTML5 LAN 1. ICT(I
Android 1,a) 1 1 GPS LAN 2 LAN Android,,, Android, HTML5 LAN 1. ICT(Information and Communication Technology) (Google [2] [5] ) 2. Google 2.1 Google Google [2]( 1) Google Web, Google Web Google Chrome
1 2 4 5 9 10 12 3 6 11 13 14 0 8 7 15 Iteration 0 Iteration 1 1 Iteration 2 Iteration 3 N N N! N 1 MOPT(Merge Optimization) 3) MOPT 8192 2 16384 5 MOP
10000 SFMOPT / / MOPT(Merge OPTimization) MOPT FMOPT(Fast MOPT) FMOPT SFMOPT(Subgrouping FMOPT) SFMOPT 2 8192 31 The Proposal and Evaluation of SFMOPT, a Task Mapping Method for 10000 Tasks Haruka Asano
IPSJ SIG Technical Report Vol.2014-EIP-63 No /2/21 1,a) Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on tra
1,a) 1 1 2 1 Wi-Fi Probe Request MAC MAC Probe Request MAC A dynamic ads control based on traffic Abstract: The equipment with Wi-Fi communication function such as a smart phone which are send on a regular
i HTTP Basi
2006 Web page Access Control based on Broadcast Encryption Scheme 5ADRM034 i 1 1 1.1................................. 1 1.2.................................... 1 2 2 2.1......................................
IPSJ SIG Technical Report Vol.2013-ARC-203 No /2/1 SMYLE OpenCL (NEDO) IT FPGA SMYLEref SMYLE OpenCL SMYLE OpenCL FPGA 1
SMYLE OpenCL 128 1 1 1 1 1 2 2 3 3 3 (NEDO) IT FPGA SMYLEref SMYLE OpenCL SMYLE OpenCL FPGA 128 SMYLEref SMYLE OpenCL SMYLE OpenCL Implementation and Evaluations on 128 Cores Takuji Hieda 1 Noriko Etani
Vol. 23 No. 4 Oct. 2006 37 2 Kitchen of the Future 1 Kitchen of the Future 1 1 Kitchen of the Future LCD [7], [8] (Kitchen of the Future ) WWW [7], [3
![Vol. 23 No. 4 Oct. 2006 37 2 Kitchen of the Future 1 Kitchen of the Future 1 1 Kitchen of the Future LCD [7], [8] (Kitchen of the Future ) WWW [7], [3](/thumbs/41/22750638.jpg "Vol. 23 No. 4 Oct. 2006 37 2 Kitchen of the Future 1 Kitchen of the Future 1 1 Kitchen of the Future LCD [7], [8] (Kitchen of the Future ) WWW [7], [3")
36 Kitchen of the Future: Kitchen of the Future Kitchen of the Future A kitchen is a place of food production, education, and communication. As it is more active place than other parts of a house, there
Vol.58 No (Mar. 2017) LAN MAC 1,a) , IoT LAN LAN AP MAC 1 Null Function Data Frame NFDF NFDF LAN NFDF LAN LAN MAC Null
LAN MAC 1,a) 1 2016 6 27, 2016 12 1 IoT LAN LAN AP MAC 1 Null Function Data Frame NFDF NFDF LAN NFDF LAN LAN MAC Null Function Data Frame Effectiveness of MAC Layer Information in Communication Quality
IPSJ SIG Technical Report Vol.2011-CE-110 No /7/9 Bebras 1, 6 1, 2 3 4, 6 5, 6 Bebras 2010 Bebras Reporting Trial of Bebras Contest for K12 stud
Bebras 1, 6 1, 2 3 4, 6 5, 6 Bebras 2010 Bebras Reporting Trial of Bebras Contest for K12 students in Japan Susumu Kanemune, 1, 6 Yukio Idosaka, 1, 2 Toshiyuki Kamada, 3 Seiichi Tani 4, 6 and Etsuro Moriya