More Related Content Similar to CSA Japan Chapter Big Data User WG Workshop #3 on April 8, 2014
Similar to CSA Japan Chapter Big Data User WG Workshop #3 on April 8, 2014 (20) More from Eiji Sasahara, Ph.D., MBA 笹åè±åž
More from Eiji Sasahara, Ph.D., MBA 笹åè±åž (20) CSA Japan Chapter Big Data User WG Workshop #3 on April 8, 20142. 2
1. ããã°ããŒã¿ãšãã©ã€ãã·ãŒïŒæ
å ±ã»ãã¥ãªãã£
⢠2012幎幎幎幎11ææææïŒCloud Security Alliance Big Data Working
Groupããããã°ããŒã¿ã®ã»ãã¥ãªãã£ïŒãã©ã€ãã·ãŒã«ãã
ãæè¡çïŒçµç¹çåé¡10é
ç®ããŸãšãããTop 10 Big Data
Security and Privacy Challengesããå
¬è¡š
⢠1. åæ£ããã°ã©ãã³ã°ãã¬ãŒã ã¯ãŒã¯ã«ãããã»ãã¥ã¢ãªèšç®åŠç
⢠2. ãã³ãªã¬ãŒã·ã§ãã«ããŒã¿ã¹ãã¢ã®ã»ãã¥ãªãã£ã®ãã¹ããã©ã¯ãã£ã¹
⢠3. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°
⢠4. ãšã³ããã€ã³ãã®å
¥åã®æ€èšŒïŒãã£ã«ã¿ãªã³ã°
⢠5. ãªã¢ã«ã¿ã€ã ã®ã»ãã¥ãªãã£ïŒã³ã³ãã©ã€ã¢ã³ã¹ã¢ãã¿ãªã³ã°
⢠6. æ¡åŒµæ§ãããæ§æå¯èœãªãã©ã€ãã·ãŒä¿è·ããŒã¿ãã€ãã³ã°ïŒåæ
⢠7. æå·åã«ãã匷å¶ãããã¢ã¯ã»ã¹å¶åŸ¡ãšã»ãã¥ã¢ãªéä¿¡
⢠8. 詳现ãªã¢ã¯ã»ã¹å¶åŸ¡
⢠9ïŒ è©³çŽ°ãªç£æ»
⢠10. ããŒã¿æ¥æŽ
4. 4
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ1ïŒ
⢠è
åšè
åšè
åšè
åšïŒ
ææ°é¢æ°çã«ããŒã¿å®¹éãå¢å ããã¹ãã¬ãŒãžã¡ãã£ã¢ã®å€å±€åã
é²ãäžãITãããŒãžã£ãŒããããŒã¿ãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ãæåã§
管çãç¶ããã®ã¯å°é£ïŒæ¡åŒµæ§ãå¯çšæ§ã«éçãããïŒ
⢠ãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒ
⢠æ§ã
ãªéšéã®ããŒã¿ãäžå
çã«çµ±åãã補é äŒæ¥ã®å ŽåãããŒã¿ã®äžã«ã¯ã»ãš
ãã©å©çšãããªããã®ãããã°ãç¶ç¶çã«å©çšããããã®ããã
â èªåéå±€åã¹ãã¬ãŒãžã·ã¹ãã ã«ãããå©çšé »åºŠã®äœãããŒã¿ãããäžäœã®
å±€ã«æ ŒçŽããããšã«ãã£ãŠãçµè²»ãç¯çŽããããšãå¯èœïŒäŸïŒäžäœå±€ã®ã»ãã¥
ãªãã£ã®ã¬ãã«ãäžããïŒ
â äžæµã®è²©å£²ããã»ã¹ã§è£œåã®æ¬ é¥ãèŠã€ãããå©çšé »åºŠã®äœãç 究ããŒã¿
ãŸã§é¡ãå¿
èŠãããéã«ãã»ãã¥ãªãã£ã¬ãã«ã®éãã«èµ·å ããåé¡ãçºèŠ
ããå¯èœæ§ããã
â ããã¹ããã°ã®ãããªã¡ã¿ããŒã¿ãæšçãšãããã€ãºãã³ã°æ»æãåããŠã
ããŒã¿ã®äžè²«æ§ã®æ¬ åŠãæãå¯èœæ§ãããã
5. 5
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ2ïŒ
⢠ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ïŒ
ãããã¯ãŒã¯ã«åºã¥ãåæ£åã®èªåéå±€åã¹ãã¬ãŒãžã®è匱æ§
⢠æ©å¯æ§ãšå®å
šæ§æ©å¯æ§ãšå®å
šæ§æ©å¯æ§ãšå®å
šæ§æ©å¯æ§ãšå®å
šæ§
ã¹ãã¬ãŒãžã«ãããéå±€éã®ããŒã¿è»¢éã®éããµãŒãã¹ãããã€ããŒã
ãŠãŒã¶ãŒã®è¡åãšããŒã¿ãé£åãããæããããã€ããããšã¯å¯èœã
⢠æ¥æŽæ¥æŽæ¥æŽæ¥æŽ
倧容éã®ããŒã¿ã»ããå
šäœãããŠã³ããŒãããŠãå¯çšæ§ãšå®å
šæ§ãæ€èšŒ
ããããšã¯å®è¡äžå¯èœãªã®ã§ããæšå®ã«åºã¥ããŠæ£ç¢ºã§ãããäœã¬ãã«
ãªèšç®åŠçãšéä¿¡ã®è² è·ãèŠãã蚌æãæäŸããããã«ã¯ã軜éã®ã¹
ããŒã ãæãŸããã
⢠å¯çšæ§å¯çšæ§å¯çšæ§å¯çšæ§
èªåéå±€åã«ãããäžè²«ããå¯çšæ§ãä¿èšŒããåé¢ãäœäœå±€ã«ããã
ã»ãã¥ãªãã£ã®è匱æ§ãçã£ãDoSæ»æã«ãããããããäœäœå±€ãšé«äœ
å±€ã®éã®ããã©ãŒãã³ã¹ã®ã®ã£ããã«ãããé«éåä¿åãçœå®³åŸ©æ§æ
ã®ããã¯ã¢ãããŠã£ã³ããŠãæ¡åŒµãããå¯èœæ§ãããã
6. 6
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ3ïŒ
⢠ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ïŒïŒç¶ã1ïŒ
⢠æŽåæ§æŽåæ§æŽåæ§æŽåæ§
è€æ°ã®ãŠãŒã¶ãŒã«ãã£ãŠåæ£ç°å¢ãå
±æãããç¶æ³äžã§ãæžã蟌ã¿ã®
ã·ãªã¢ã©ã€ãºåãšè€æ°ã®æžãæãšè€æ°ã®èªã¿æïŒMWMRïŒã®åé¡ã解決
ããã®ã¯å®¹æã§ãªãã
⢠å
±è¬æ»æå
±è¬æ»æå
±è¬æ»æå
±è¬æ»æ
ããŒã¿ææè
ãèªåéå±€åã¹ãã¬ãŒãžã§æå·æãä¿åããéµãšã¢ã¯ã»ã¹
èš±å¯ããŠãŒã¶ãŒã«é
åžããã°ãããŒã¿ã»ããã®ç¹å®ã®éšåã«ã¢ã¯ã»ã¹ã§
ããæš©éãä»äžãããïŒãµãŒãã¹ãããã€ããŒã¯ãæå·éµã®èŠçŽ ãªãã§
ããŒã¿ã翻蚳ã§ããªãïŒãããããªããããµãŒãã¹ãããã€ããŒããŠãŒ
ã¶ãŒãšå
±è¬ããŠéµãšããŒã¿ã亀æããã°ãä»äžãããŠããªãããŒã¿ã»ã
ããå
¥æããããšãå¯èœã«ãªãã
⢠ããŒã«ããã¯æ»æããŒã«ããã¯æ»æããŒã«ããã¯æ»æããŒã«ããã¯æ»æ
è€æ°ãŠãŒã¶ãŒç°å¢ã«ãããŠããµãŒãã¹ãããã€ããŒã¯ããŠãŒã¶ãŒã«
ããŒã«ããã¯æ»æãä»æããããšãã§ããïŒããŒã¿ãææ°ã§ãããåŠãã
ãŠãŒã¶ãŒãæ€ç¥ããã®ã¯å®¹æã§ãªãïŒã
7. 7
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ4ïŒ
⢠ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ïŒïŒç¶ã2ïŒ
⢠è«äºè«äºè«äºè«äº
èšé²ä¿åã®æ¬ åŠãåå ã§ããŠãŒã¶ãŒãšã¹ãã¬ãŒãžãµãŒãã¹ãããã€ããŒ
éã®è«äºãèµ·ããå¯èœæ§ãããïŒããŒã¿ã®æ倱ãæ¹ãããçºèŠãããšã
責任ã決å®ããããã«è»¢éãã°ïŒèšé²ãéèŠãšãªãïŒã
⢠åæåæåæåæïŒ
⢠ç§å¯æ§ãšå®å
šæ§ã¯å
ç¢ãªæå·åæè¡ãšã¡ãã»ãŒãžãã€ãžã§ã¹ãã§
å®çŸããããšãã§ããã
⢠ãŠãŒã¶ãŒã®é®®åºŠãšæžã蟌ã¿ã®ã·ãªã¢ã©ã€ãºåã¯ãå®æç£æ»ãšãã§
ã€ã³ããã·ã¥ãŸãã¯äžè²«ããèªèšŒãã£ã¯ã·ã§ããªïŒPADïŒã«ãã£ãŠ
解決ããããšãã§ããã
⢠ã»ãã¥ã¢ãªä¿¡é ŒãããªãããŒã¿ã¬ããžããªïŒSUNDRïŒã¯ããã©ãŒã¯
äžè²«æ§æ»æãæžã蟌ã¿ã®ã·ãªã¢ã©ã€ãºåãæ€ç¥ããããã«å©çš
ããããšãã§ããã
8. 8
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ5ïŒ
⢠åæåæåæåæïŒ
⢠åç¬ã®æžãæãšè€æ°ã®èªã¿æïŒSWMRïŒã®åé¡ã¯ã±ãŒã¹ãã€
ã±ãŒã¹ã§è§£æ±ºã容æã§ãªãã
⢠ãããŒããã£ã¹ãæå·åãškey rotationã¯ãæ¡åŒµæ§ãæ¹åããã
ãã«å©çšããããšãã§ããã
⢠ããŒã¿ã®å¯çšæ§ã¯ãååŸå¯èœæ§ã®èšŒæãŸãã¯å§ä»»å¯èœãªããŒ
ã¿ææã®ææ³ã«ãããé«ã確çã§æ¹åããããšãã§ããã
⢠å
±è¬æ»æã«é¢ããŠã¯ããŠãŒã¶ãŒãç§å¯éµã亀æããªãéããã
ãªã·ãŒããŒã¹ã®æå·åã·ã¹ãã ïŒPBESïŒããå
±è¬ã®ãªãç°å¢ã
æå裡ã«ä¿èšŒããããšãã§ããããŠãŒã¶ãŒã埩å·åãããã³ã³
ãã³ãã亀æããããšãªãç§å¯éµã亀æããã°ãåªä»ããã埩å·
åã·ã¹ãã ãã埩å·åãããã³ã³ãã³ããé²ãã§äº€æããã°ãã
ãžã¿ã«èäœæš©ç®¡çãå
±è¬æ»æãé²ãããšãã§ããã
⢠èªåéå±€åã¹ãã¬ãŒãžã·ã¹ãã ã®ã»ãã¥ãªãã£åé¡ãã·ãŒã ã¬ã¹
ã§å
šäººçãªãœãªã¥ãŒã·ã§ã³ã«çµ±åããã系統çãªæ¹æ³ã¯ãªãã
9. 9
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-1. ã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°ïŒ6ïŒ
⢠å°å
¥å°å
¥å°å
¥å°å
¥ïŒ
ããŒã¿ã®æ©å¯æ§ãå®å
šæ§ãå¯çšæ§ãæºããããã®æ³šæç¹
⢠åçãªããŒã¿æäœåçãªããŒã¿æäœåçãªããŒã¿æäœåçãªããŒã¿æäœ
â åçã§å§ä»»å¯èœãªããŒã¿ææïŒDPDPïŒã®å
¬åŒãã¬ãŒã ã¯ãŒã¯ã¯ããµãŒããŒ
èšç®åŠçã«ãããè² è·ã®å¢å åã®è²»çšã§ãæ€ç¥ã®ç¢ºçãæ¹åã§ããã
â ç°¡æçãªåŸ©å
å¯èœæ§èšŒæïŒPORïŒã®æ¡åŒµããŒãžã§ã³ã¯ãã¯ã©ãŠãã¹ãã¬ãŒãžã«
ãããå
¬çãªèšŒæå¯èœæ§ãšããŒã¿ã®ãã€ãããã¯æ§ã®åæ¹ããµããŒãããã
⢠ãã©ã€ãã·ãŒä¿è·ãã©ã€ãã·ãŒä¿è·ãã©ã€ãã·ãŒä¿è·ãã©ã€ãã·ãŒä¿è·
â 第äžè
ã®ç£æ»äººïŒTPAïŒã«ããå
¬çç£æ»ã«ããããã©ã€ãã·ãŒä¿è·ã®ã¹ããŒ
ã ã§ã¯ãç¡äœçºåãã¹ãã³ã°ã«çµ±åãããæºååç·åœ¢èªèšŒã«åºã¥ããç°ãª
ãéå±€ã®ãµãŒããŒã«ä¿åãããããŒã¿ã»ãããç£æ»ããããšã«ãããããŒã¿ã
ã©ã€ãã·ãŒãä¿è·ããããšãã§ããã
⢠ã»ãã¥ã¢ãªæå·åããŒã¿ã®åãæ±ãã»ãã¥ã¢ãªæå·åããŒã¿ã®åãæ±ãã»ãã¥ã¢ãªæå·åããŒã¿ã®åãæ±ãã»ãã¥ã¢ãªæå·åããŒã¿ã®åãæ±ã
â å®å
šæºååæå·åã®ã¹ããŒã ã«ãã£ãŠã埩å·åããããšãªãæå·æäžã§æ
äœãå®è¡ããèœåèå¥åãèªèããããšãã§ããèšç®åŠçæ¥åã®å€éšå§èš
åãå¯èœã«ãªãã
â æå·åã¯ã©ãŠãã¹ãã¬ãŒãžã«ãã£ãŠãä¿¡é Œãããªãã€ã³ãã©ã¹ãã©ã¯ãã£äžã§ã®
ã»ãã¥ã¢ãªIaaSã¹ãã¬ãŒãžæ§ç¯ãå¯èœã«ãªãã
10. 10
[ReferencesïŒã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°é¢é£]
⢠[10] B. Agreiter, M. Hafner, and R. Breu, âA Fair Non-repudiation Service in a Web
Service Peer-to-Peer Environment,â Computer Standards & Interfaces, vol 30, no 6, pp.
372-378, August 2008.
⢠[11] A. Anagnostopoulos, M. T. Goodrich, and R. Tamassia, âPersistent Authenticated
Dictionaries and Their Applications,â in Proceedings of the 4th International Conference
on Information Security, pp. 379-393, October, 2001.
⢠[12] G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik, âScalable and efficient
provable data possession,â in Proceedings of the 4th international conference on
Security and privacy in communication networks (SecureComm â08), pages 9:1.9:10,
New York, NY, USA, 2008.
⢠[13] W. Bagga and R. Molva, âCollusion-Free Policy-Based Encryption,â ISC, volume
4176 of Lecture Notes in Computer Science, pp 233-245. Springer, 2006.
⢠[14] D. Boneh, C. Gentry, and B. Waters, âCollusion Resistant Broadcast Encryption
with Short Ciphertexts and Private Keys,â Lecture Notes in Computer Science, 2005.
⢠[15] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, âDynamic provable data
possession,â in Proceedings of the 16th ACM conference on Computer and
communications security (CCS â09), pages 213.222, New York, NY, USA, 2009.
11. 11
[ReferencesïŒã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°é¢é£]
⢠[16] J. Feng, Y. Chen, and D. Summerville, âA Fair Multi-Party Non-Repudiation
Scheme for Storage Clouds,â the 2011 International Conference on Collaboration
Technologies and Systems (CTS 2011), Philadelphia, PA., USA, May 23 - 27, 2011.
⢠[17] J. Feng, Y. Chen, W.-S. Ku, and P. Liu, âAnalysis of Integrity Vulnerabilities and a
Non-repudiation Protocol for Cloud Data Storage Platforms,â the 2nd International
Workshop on Security in Cloud Computing (SCC 2010), in conjunction with ICPP 2010,
San Diego, California, USA, Sept. 14, 2010.
⢠[18] J. Feng, Y. Chen, and P. Liu, âBridging the Missing Link of Cloud Data Storage
Security in AWS,â the 7th IEEE Consumer Communications and Networking
Conference - Security for CE Communications (CCNC â10), Las Vegas, Nevada, USA,
January 9 - 12, 2010.
⢠[19] A. Juels and B. S. K. Pors Jr., âProofs of retrievability for large files,â in Proc. ACM
CCS, pages 584.597, 2007.
⢠[20] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, âPlutus: Scalable
Secure File Sharing on Untrusted Storage,â in USENIX Conference on File and
Storage Technologies (FAST), pages 29-42, 2003.
⢠[21] M. Majuntke, D. Dobre, M. Serafini, and N. Suri, âAbortable Fork-Linearizable
Storage,â in Proc. of OPODIS, p255-269, 2009.
12. 12
[ReferencesïŒã»ãã¥ã¢ãªããŒã¿ä¿åãšãã©ã³ã¶ã¯ã·ã§ã³ã®ãã°é¢é£]
⢠[22] K. K. Muniswamy-Reddy, P. Macko, and M. Seltzer, âProvenance for the Cloud,â
the 8th USENIX Conference on File and Storage Technologies (FAST â10), Feb. 2010.
⢠[23] J. Onieva, J. Lopez, and J. Zhou, âSecure Multi-Party Non-repudiation Protocols
and Applications,â Advances in Information Security Series, Springer, 2009.
⢠[24] R. A. Popa, J. Lorch, D. Molnar, H. J. Wang, and L. Zhuang, âEnabling Security in
Cloud Storage SLAs with CloudProof,â Microsoft TechReport MSR-TR-2010-46, May,
2010.
⢠[25] C. Wang, Q. Wang, K. Ren, and W. Lou, âPrivacy-preserving public auditing for
data storage security in cloud computing,â in INFOCOM, 2010 Proceedings IEEE,
pages 1 .9, march 2010.
⢠[26] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, âEnabling public auditability and
data dynamics for storage security in cloud computing,â Parallel and Distributed
Systems, IEEE Transactions on, 22(5):847 .859, May 2011.
⢠[55] S. Kamara and K. Lauter, âCryptographic cloud storage,â Financial Cryptography
and Data Security, 2010.
13. 13
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-2. ç²åºŠã®é«ãç£æ»ïŒ1ïŒ
⢠è
åšè
åšè
åšè
åšïŒ
⢠ãªã¢ã«ã¿ã€ã ã®ã»ãã¥ãªãã£ã¢ãã¿ãªã³ã°ãå©çšããŠãæ»æãèµ·ããç¬éã«
éç¥ãããããè©Šã¿ãŠãããã€ãåœãŠã¯ãŸããšã¯éããªããèŠèœãšããã
æ»æã®ççžã究æããããã«ã¯ãç£æ»æ
å ±ãå¿
èŠã§ããããé©çšç¯å²
ãç²åºŠãç°ãªãããšãããã
⢠ãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒ
⢠éèæ©é¢ïŒããŒã¿ã®ã³ã³ãã©ã€ã¢ã³ã¹èŠä»¶ïŒäŸïŒPCIãSOXæ³ïŒã¯ãéèæ©é¢ã«
察ããç²åºŠã®é«ãç£æ»èšé²ãèŠæ±ããããã©ã€ããŒããªæ
å ±ãå«ãèšé²ã®æ
倱ã¯1件åœãã200ãã«ãšæšèšãããŠããã
⢠ããŒã±ãã£ã³ã°äŒæ¥ïŒãªã³ã©ã€ã³åºåã«é¢ãã顧客äžå¿ã®ææ³ãæé©åããã
ãã«ãå人ã®ãœãŒã·ã£ã«ã¡ãã£ã¢æ
å ±ã«ã¢ã¯ã»ã¹ããã
14. 14
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-2.ç²åºŠã®é«ãç£æ»ïŒ2ïŒ
⢠ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ïŒ
⢠1.èŠæ±ãããç£æ»æ
å ±ã®å®å
šæ§ïŒäŸïŒããã€ã¹ãŸãã¯ã·ã¹ãã ãããå
šãŠ
ã®å¿
èŠãªãã°æ
å ±ã«ã¢ã¯ã»ã¹ããïŒ
⢠2. ç£æ»æ
å ±ãžã®ã¿ã€ã ãªãŒãªã¢ã¯ã»ã¹ïŒäŸïŒãã€ãæéå³å®ã®æããªã©ã
ãã©ã¬ã³ãžãã¯ã®å Žåãç¹ã«éèŠã§ããïŒ
⢠3. æ
å ±ã®æŽåæ§ïŒäŸïŒæ¹ãããããŠããªãç£æ»æ
å ±ïŒ
⢠4. ç£æ»æ
å ±ãžã®æ¿èªãããã¢ã¯ã»ã¹ãæ¿èªããã人éã ããæ
å ±ã®ãã¡
ä»äºãå®è¡ããã®ã«å¿
èŠãªéšåã®ã¿ã«ã¢ã¯ã»ã¹ããããšãã§ããã
⢠åæåæåæåæïŒ
⢠ããã°ããŒã¿ã€ã³ãã©ã¹ãã©ã¯ãã£ãè¶
ããç£æ»æ©èœãå¯èœã«ããå¿
èŠã
ãããïŒäŸïŒãããã¯ãŒã¯ã®æ§æèŠçŽ ïŒäŸïŒã«ãŒã¿ãŒã®syslogïŒãã¢ããªã±ãŒ
ã·ã§ã³ãOSãããŒã¿ããŒã¹ããã®ãã°æ
å ±ïŒ
â ç°ãªãæ§æèŠçŽ ã®å©çšå¯èœãªç£æ»æ
å ±ã掻çšããŠãæ»æã®åéããç£æ»ç»
é¢ãçæããããšã課é¡ãšãªãã
15. 15
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-2. ç²åºŠã®é«ãç£æ»ïŒ3ïŒ
⢠å°å
¥å°å
¥å°å
¥å°å
¥
⢠ã«ãŒã¿ãŒã®æå¹ãªsyslogãã¢ããªã±ãŒã·ã§ã³ã®ãã°ä»ããOSã¬ã
ã«ã®æå¹ãªãã°ä»ã
⢠ãã©ã¬ã³ãžãã¯ãŸãã¯ã»ãã¥ãªãã£æ
å ±ïŒã€ãã³ã管çïŒSIEMïŒããŒ
ã«ã«ããæ
å ±ã®åéãåæãåŠç
⢠ããã°ããŒã¿ã€ã³ãã©ã¹ãã©ã¯ãã£ã®å©çšãšã€ã³ãã©ã¹ãã©ã¯ãã£èª
äœã®ç£æ»ãåé¢ããããã«ãå®çŸå¯èœãªæã«ããã©ã¬ã³ãžãã¯ïŒ
SIEMããŒã«ããããã°ããŒã¿ã€ã³ãã©ã¹ãã©ã¯ãã£ã®å€éšã«å°å
¥ãã
å©çšãã
⢠ãç£æ»ã¬ã€ã€ïŒãªãŒã±ã¹ãã¬ã€ã€ãŒãã®çæ
ç£æ»äººãããå¿
èŠãªïŒæè¡çãªïŒç£æ»æ
å ±ãæœåºãããªãŒã±ã¹ãã¬
ã€ã€ãŒããç£æ»äººã®èŠæ±ãåã蟌ã¿ãå¿
èŠãªç£æ»æ
å ±ãã€ã³ãã©
ã¹ãã©ã¯ãã£ã®æ§æèŠçŽ ããåéããŠããã®æ
å ±ãç£æ»äººã«è¿ãã
16. 16
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-3.ããŒã¿æ¥æŽïŒ1ïŒ
⢠è
åšè
åšè
åšè
åšïŒ
⢠ããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã®ããã°ã©ãã³ã°ç°å¢ããçæããã倧èŠ
æš¡ãªæ¥æŽã°ã©ãã«ãããæ¥æŽã®ã¡ã¿ããŒã¿ã¯è€éåããŠããã
⢠ã¡ã¿ããŒã¿ã®ã»ãã¥ãªãã£ïŒæ©å¯æ§ã¢ããªã±ãŒã·ã§ã³ãžã®äŸå床ãæ€ç¥ã
ãããã«è¡ã倧èŠæš¡ã®æ¥æŽã°ã©ãåæã¯ã³ã³ãã¥ãŒã¿åŠçäžéäžçãªã
ã®ã«ãªãã
⢠ãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒãŠãŒã¹ã±ãŒã¹ïŒã
⢠ããã°ããŒã¿ã®ã»ãã¥ãªãã£ã¢ããªã±ãŒã·ã§ã³ã¯ãçæã«é¢ãã詳现ãªã©ã
ããžã¿ã«èšé²ã®å±¥æŽãèŠæ±ãããçæã«é¢ãã詳现ãªã©ãããžã¿ã«èšé²
ã®å±¥æŽãèŠæ±ããã
â ïŒäŸïŒéèæ©é¢ã®ã€ã³ãµã€ããŒãã¬ãŒãã£ã³ã°ã®æ€ç¥ããç 究調æ»ã®ããã«
ããŒã¿ã®æ£ç¢ºæ§ã決å®ããå Žåããããã®ã»ãã¥ãªãã£è©äŸ¡ã¯å
ã
æéã«å³
æ Œã§ããããã®æ
å ±ãå«ãæ¥æŽã®ã¡ã¿ããŒã¿ãåŠçããããã«ãéãã¢ã«ãŽãª
ãºã ãèŠæ±ãããå ããŠãããŒã¿æ¥æŽã¯ãPCIãSOXæ³ãªã©ãã³ã³ãã©ã€ã¢ã³ã¹
èŠä»¶ã®ããã®ç£æ»ãã°ãè£å®ãããã®ã§ããã
17. 17
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-3.ããŒã¿æ¥æŽïŒ2ïŒ
⢠ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ã¢ããªã³ã°ïŒ
⢠1. ã€ã³ãã©ã¹ãã©ã¯ãã£ã®æ§æèŠçŽ ã®èª€äœå
å€æ°ã®æ§æèŠçŽ ãååããŠã倧èŠæš¡ãªæ¥æŽã°ã©ããçæããããã°ããŒ
ã¿ã¢ããªã±ãŒã·ã§ã³ã«ãããŠãäžåºŠèª€äœåãçºçãããšãæ¥æŽããŒã¿ãã¿
ã€ã ãªãŒã«çæã§ããªããªããããã€ãã®èª€äœåã«ãã£ãŠãäžæ£ç¢ºãªæ¥æŽ
èšé²ã«ã€ãªããå¯èœæ§ãããã
â æ¥æŽã®å¯çšæ§ãä¿¡é Œæ§ãæãªãããã
⢠2. ã€ã³ãã©ã¹ãã©ã¯ãã£å€éšæ»æ
å€éšã®æ»æè
ã¯ãèšé²ãååïŒåæããããšã«ãã£ãŠãæ¥æŽã®ãŠãŒã¶ã
ãªãã£ãç Žå£ãããããã©ã€ãã·ãŒã䟵ãããã«ã転éãããéã«æ¥æŽèš
é²ãåœé ãä¿®æ£ãåçããããé床ã«é
延ããããããããšãã§ããã
⢠3. ã€ã³ãã©ã¹ãã©ã¯ãã£å
éšæ»æ
å
éšæ»æè
ã¯ãããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã®æ¥æŽã·ã¹ãã ãç Žå£ãã
ããã«ãä¿åãããæ¥æŽèšé²ãç£æ»ãã°ãä¿®æ£ïŒåé€ããå¯èœæ§ãã
ãã
18. 18
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-3.ããŒã¿æ¥æŽïŒ3ïŒ
⢠åæåæåæåæïŒ
⢠æ¥æŽåéã®ã»ãã¥ã¢å
⢠ã€ã³ãã©ã¹ãã©ã¯ãã£ã§æ¥æŽãçæãããœãŒã¹ã®æ§æèŠçŽ ãæåã«èªèšŒããå¿
èŠãããã
⢠ãœãŒã¹ã®æ§æèŠçŽ ã®å¥å
šãªç¶æ
ãä¿èšŒããããã«ãå®æçãªã¹ããŒã¿ã¹ã®æŽ
æ°ãçæããå¿
èŠãããã
⢠æ¥æŽèšé²ã®æ£ç¢ºæ§ãä¿èšŒããããã«ãåœé ïŒä¿®æ£ãããŠããªãããšãä¿èšŒã
ãå®å
šæ§ãã§ãã¯ãéããŠãæ¥æŽãå®è¡ãããå¿
èŠãããã
⢠æ¥æŽãšãã®ããŒã¿ã®æŽåæ§ã«ã€ããŠãæ€èšŒãããå¿
èŠãããã
⢠ããŒã¿ã«é¢é£ããŠæ©åŸ®ãªæ
å ±ãæ¥æŽã«å«ãŸããããšãããæ¥æŽã®ç§å¯æ§ãšãã©
ã€ãã·ãŒä¿è·ãéæããããã«ãæå·åæè¡ãèŠæ±ãããã
⢠å°å®¹éã§éçãªããŒã¿ã®ã¢ããªã±ãŒã·ã§ã³ãšæ¯èŒããŠãããã°ããŒã¿ã®æ¥æŽå
éã§ã¯ãå¢ãç¶ãã容éãçš®é¡ãé床ã®æ
å ±ãå¹ççã«å容ããå¿
èŠãããã
19. 19
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-3.ããŒã¿æ¥æŽïŒ4ïŒ
⢠åæåæåæåæ ïŒç¶ãïŒ
⢠æ¥æŽã®ãã现ããã¢ã¯ã»ã¹å¶åŸ¡
⢠ããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã«ãããŠãæ¥æŽèšé²ã¯ãç°ãªãã¢ããªã±ãŒã·ã§ã³
ã®æ¥æŽããŒã¿ã ãã§ãªããããã°ããŒã¿ã€ã³ãã©ã¹ãã©ã¯ãã£èªèº«ã®æ¥æŽãå«ãã
åŸã£ãŠãããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã«ãããæ¥æŽèšé²ã®æ°ã¯ãå°å®¹éã§é
çãªããŒã¿ã®ã¢ããªã±ãŒã·ã§ã³ããããéåžžã«å€ããªããããã倧容éãè€éã§ã
æã«æ©åŸ®ãªæ¥æŽã®ããã«ãã¢ã¯ã»ã¹å¶åŸ¡ãèŠæ±ãããã
⢠ããã®çŽ°ããã¢ã¯ã»ã¹å¶åŸ¡ã¯ãããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã®æ¥æŽã«ã¢ã¯ã»
ã¹ããããã«ãç°ãªãæš©éãç°ãªãããŒã«ã«å¯ŸããŠä»äžãããåæã«ã倧ããª
æ¥æŽã°ã©ããæŽæ°ããéãããŒã¿ã«äŸåããªãæç¶æ§ãæºè¶³ããå¿
èŠãããã
⢠ïŒäŸïŒããŒã¿ã®ç®æšç©ãé€å»ãããŠããä»ããŒã¿ã®ç®æšç©ã®å
ãšããŠæ©èœ
ããããããã®æ¥æŽã¯æ¥æŽã°ã©ãã§ä¿æãããå¿
èŠãããã
⢠ããã®çŽ°ããã¢ã¯ã»ã¹å¶åŸ¡ã«ã€ããŠã¯ãåçã§æ¡åŒµæ§ãæããå¿
èŠãããã
æè»æ§ã®ããå»æ¢ã¡ã«ããºã ããµããŒããããå¿
èŠãããã
20. 20
2.ããŒã¿ç®¡çã«ãããè
åš
⢠2-3.ããŒã¿æ¥æŽïŒ5ïŒ
⢠å°å
¥å°å
¥å°å
¥å°å
¥
⢠ããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã®æ¢åã®ã¯ã©ãŠãã€ã³ãã©ã¹ãã©ã¯
ãã£ã«æ¥æŽãè¿œå å°å
¥ããããã«ã¯ãã»ãã¥ã¢ãªæ¥æŽåéãšãã
ã®çŽ°ããã¢ã¯ã»ã¹å¶åŸ¡ãå¹ççã«åŠçããªããã°ãªããªãã
⢠ã»ãã¥ã¢ãªæ¥æŽåéãåŠçããããã«ã¯ãè¿
éã§è»œéã®èªèšŒæ
è¡ããæ¢åã®ã¯ã©ãŠãã€ã³ãã©ã¹ãã©ã¯ãã£ã«ããçŸè¡ã®æ¥æŽã«çµ±
åãããå¿
èŠããããïŒäŸïŒPASOAïŒ
⢠ãšã³ãããŒãšã³ãã®ã»ãã¥ãªãã£ãéæããããã«ãã€ã³ãã©ã¹ãã©
ã¯ãã£ã®æ§æèŠçŽ éã«ãã»ãã¥ã¢ãªãã£ã³ãã«ãæ§ç¯ãããå¿
èŠ
ãããã
⢠ããã°ããŒã¿ã¢ããªã±ãŒã·ã§ã³ã«ãããæ¥æŽã¹ãã¬ãŒãžãšã¢ã¯ã»ã¹ã®
ã»ãã¥ãªãã£ãå®çŸããããã«ãããã®çŽ°ããã¢ã¯ã»ã¹å¶åŸ¡ïŒäŸïŒ
åæ¶å¯èœãªå±æ§ããŒã¹æå·ïŒABEïŒã¢ã¯ã»ã¹å¶åŸ¡ïŒããçŸè¡ã®å±¥
æŽã¹ãã¬ãŒãžã·ã¹ãã ïŒäŸïŒPASSïŒã«çµ±åãããå¿
èŠãããã
21. 21
[ReferencesïŒããŒã¿æ¥æŽé¢é£]
⢠[32] R. Lu, X. Lin, X. Liang, and X. Shen, âSecure provenance: the
essential of bread and butter of data forensics in cloud computingâ, in
Proceeding of 5th ACM Symposium on Information, Computer and
Communications Security (ASIACCS â10) pp. 282--292, New York, NY,
USA, 2010.
⢠[33] Provenance Aware Service Oriented Architecture (PASOA)
Project, http://www.pasoa.org/.
⢠[34] V. Goyal, O. Pandey, A. Sahai, B. Waters, âAttribute-based
encryption for fine-grained access control of encrypted dataâ, ACM
Conference on Computer and Communications Security, pp. 89-98,
2006.
⢠[35] K. Muniswamy-Reddy, D. Holland, U. Braun, and M. Seltzer,
âProvenance-aware storage systemsâ, in USENIX Annual Technical
Conference, General Track, USENIX, 2006, pp. 43-56.