JP2022074721A - Security verification system and method - Google Patents

Abstract

To automatically identify an attack pattern which mechanically reproduces the behavior of an attacker attempting a cyber attack to a target system.SOLUTION: A security verification system inputs a system profile information including a component, a logic network, and a physical configuration profile, and attacker profile information including a purpose of an attacker, a start point on a system, and attack method and resource information, and determines a state of the attacker on the basis of the attacker profile information and the system configuration information and on the basis of a status of the attacker that dynamically changes by an attack activity in determining whether the attack is successful. A determined result history is held, and a history list is generated when it can be determined whether the final target of the attacker is achieved.SELECTED DRAWING: Figure 1

Description

The present invention relates to a technique for supporting verification of the security assurance status of a system composed of computer devices, and in particular, it is possible to take countermeasures against attacks by mechanically reproducing the behavior of an attacker group attempting a cyber attack. Regarding the technology to do.

Currently, computer systems, also called IT systems, are used in various fields. For example, an industrial control system, which is a computer system in the industrial field, can process a large amount of data by actively adopting IT technology, and realizes advanced measurement / control processing and management of production information. On the other hand, security problems have become apparent in these computer systems. For example, in a cyber attack targeting the industrial field, malware targeting a computer system such as ransomware may suddenly invade the inside of the system. However, there are also many targeted attacks by advanced attackers called APTs that target confidential information such as computer system destruction and trade secrets related to production and control.

Therefore, in order to ensure security, it is necessary to predict in advance what kind of attacks and threats are expected to the computer system and take effective countermeasures against the identified attacks and threats. be.
In order to take this measure, for example, there are techniques as shown in Patent Documents 1 to 3.

Patent Document 1 is a model of an attacker who threatens security in a goal model including a goal to be achieved by the target system, a goal or task for achieving the goal, or one or more of resources as elements. Present candidates for. This technology determines whether or not the malicious goal is achieved when the element that does not hold at the same time is deleted from the information of the element indicated by the specified attacker model data and the dependency between the elements, and at the same time. If the malicious goal is achieved even when the element that does not hold is deleted, the attacker model data is deleted from the attacker model indicated by the attacker model data, and the element that does not hold at the same time is deleted. It is disclosed to execute the process of "changing to show a new attacker model in which an element that does not hold when deleted is deleted".

According to this technology, it automatically generates assumptions until an attacker achieves a goal, and helps even an unskilled person to perform security analysis at the same level as a skilled person efficiently and at low cost. The purpose is.

Patent Document 2 is a vulnerability risk evaluation system that evaluates a risk related to a vulnerability of an information processing system that executes information processing related to a predetermined business, and the information processing system includes at least one device, and the information is described. Vulnerability detectors that detect vulnerabilities in the device, vulnerability nodes that indicate the detected vulnerabilities, and the devices are shown based on system configuration information related to the configuration of the processing system and security information related to information security. It is a system that evaluates the risk that the detected vulnerability may cause in the device by arranging it in association with the device node. As a subordinate configuration, this technology contains one or more attack scenario information assuming the attack order corresponding to the vulnerability, and mechanically evaluates the attack scenario caused by the vulnerability in the system and the impact on the business. Provide a mechanism for this.

In Patent Document 3, an information storage unit that stores functional information indicating the function of the device and attack classification information indicating the classification of the execution step of the cyber attack, and system configuration information indicating the information of the device constituting the training target system are input. Then, the functional information of the basic attack scenario including the execution step in which the functional information and the attack classification information are associated with each other is rewritten to the device of the system configuration information corresponding to this functional information, and matches the system configuration information of the training target system. It is a training device for abnormal situations equipped with a scenario generation unit that generates an individual attack scenario, which is an individual attack scenario. Based on the system configuration information input to the training device and the basic attack scenario information, the attack scenario is determined from the attack classification and attack source-attack destination information.

Japanese Unexamined Patent Publication No. 2008-250680 Japanese Unexamined Patent Publication No. 2017-224053 International Publication No. 2017/126041

By utilizing the techniques of Patent Documents 1 to 3, it is possible to mechanically reproduce the behavior of an attacker group attempting a cyber attack on a target computer system. On the other hand, in order to reproduce a more advanced attack, in addition to the attacker model described in Patent Document 1, it is necessary to consider the behavior of the attacker when the system invades and the internal environment of the computer system that changes depending on the attack activity. be.

For example, after a computer system breaks in, the attacker is placed on the computer system. Then, in order to determine the next action (attack tool or technique for breaking through barriers), it is dynamic based on the attacker's internal behavior based on the attack method and attack capability available to the attacker. It is necessary to reproduce the behavior including the constraints of the attacker that changes to.

Therefore, an object of the present invention is to reproduce advanced attacker behavior including the behavior of an attacker inside a computer system.

In order to solve the above problems, the present invention generates an attack scenario based on the attacker profile and the system profile.

More specifically, in a security verification system for verifying the security assurance status in a computer system, an attacker profile, which is characteristic information indicating the characteristics of an attacker's attack, and a system indicating the characteristics of the computer system to be attacked. An input unit that accepts a profile, an attack status management unit that specifies an attack status indicating the progress of an attack by the attacker using the attacker profile and the system profile, and an attack status management unit that uses the attack status to identify the attacker. It has an attack success / failure determination unit that determines whether or not the attack is successful, and the attack status management unit creates an attack scenario that includes the determination result of the attack success / failure determination unit and indicates the content of the attack on the computer system. It is a security verification system. Further, a security verification method using this security verification system is also included in one form of the present invention.

Further, the present invention also includes a computer program for operating the security verification system as a computer and a storage medium in which the computer program is stored.

According to the present invention, it is possible to perform more accurate analysis of the behavior of an attacker on a system.

It is a figure which shows the concept of the security verification system in one Embodiment of this invention. It is a figure which shows the functional structure of the security verification system in one Example of this invention. It is a flowchart which shows the processing flow of the attack status management part in one Embodiment of this invention. It is a figure which shows the system profile and the attacker profile in one Embodiment of this invention. It is a figure which shows the specific example of the network profile, the component profile and the physical profile in one Example of this invention. It is a figure which shows an example of the attacker status managed by the attack status management part in one Embodiment of this invention. It is a figure which showed the flowchart of the attack action determination processing in one Embodiment of this invention. It is a system configuration diagram in the case of cloud computing in one embodiment of the present invention.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings. In each drawing, the same components are designated by the same reference numerals, and the detailed description of the overlapping portions will be omitted.

FIG. 1 shows an overall picture of the concept of the security verification system 100 in this embodiment. More specifically, FIG. 1 shows the relationship between the input data and the output data of this embodiment. That is, the security verification system 100 inputs the profile I101 and the attacker profile I102 related to the attack related to the computer system, and outputs the attack scenario list O101. By performing such processing, the security verification system 100 can reproduce the attack of the attacker or assume the attack, and can specify whether or not these are successful. Therefore, the security of the computer system can be verified by using the security verification system 100.

As will be described later, it is desirable that the security verification system 100 be realized by a computer that functions according to a computer program. Further, the security verification system 100 may be realized as a dedicated information processing device.

Next, FIG. 2 shows the functional configuration of the security verification system 100. The security verification system 100 has an attack verification unit 110 and a storage unit that stores the attack establishment condition information DB 120. Further, the attack verification unit 110 includes an attack status management unit 111, a status history recording unit 112, an attack success / failure determination unit 113, and an input unit 114.

As described with reference to FIG. 1, the security verification system 100 handles the system profile I101 and the attacker profile I102 as input information. Based on the input information, the security verification system 100 executes emulation processing of attacker behavior on the system corresponding to the input system profile, and generates trace information of attacker behavior as attack scenario O101. Since a plurality of cases are assumed in the attack scenario O101, a plurality of assumed or reproducible cases are generated.

The attack verification unit 110 determines the system configuration information and the attacker's characteristic information mainly based on the system profile I101 and the attacker profile I102, and determines whether or not the attack is successful. The determination of whether or not the attack of the attack verification unit 110 is successful continues until the final target of the attack set in the attacker profile I102 can be achieved. Then, if the attack target is achieved, the attacker's behavior from the initial point of the attacker to the achievement of the attack target, and if the attack target is not achieved, the point determined that the attack target cannot be achieved from the initial point. Reproduce the behavior of the attacker up to.

The attack verification unit 110 is composed of an attack status management unit 111, a status history recording unit 112, and an attack success / failure determination unit 113 as subordinate configurations. The attack verification unit 110 analyzes the system configuration information and the attack start point on the attacker's system configuration from the system profile I101 and the attacker profile I102. Then, the start condition of the emulation process of the attacker behavior is solved, and the update process of the attacker's status information is continued from the start point until it is determined that the final target is achieved or cannot be achieved.

Further, the input unit 114 receives the system profile I101 and the attacker profile I102 from the outside. When the system profile I101 and the attacker profile I102 are stored in the storage unit, the attack verification unit 110 may read them from the storage unit.

Here, a system configuration when the security verification system 100 is realized by a computer will be described. The security verification system 100 can be realized by a PC, especially a so-called stand-alone system, but in this embodiment, a cloud-based system will be described. FIG. 8 shows a system configuration diagram of the present embodiment in the cloud.

In FIG. 8, the security verification system 100 is connected to the computer system 40 to be verified via the network 31 and the network 32. Here, it is desirable that the network 31 and the network 32 are realized by an intranet under the control of the control source of the security verification system 100 and the computer system 40, respectively. However, each of these networks may be composed of one network.

Further, the security verification system 100 is connected to the terminal device 21 via the network 31. The terminal device 21 enables the use of the security verification system 100, and functions according to the operation of the user.

Further, the computer system 40 is connected to the terminal device 22 via the network 32. The terminal device 22 also enables the use of the computer system 40 and functions according to the operation of the user. The terminal device 21 and the terminal device 22 can be realized by a computer, that is, a PC, a smartphone, or a tablet.

Here, it is desirable that the computer system 40 to be verified stores its own system profile in an auxiliary storage device realized by an HDD or SDD.

Further, the security verification system 100, which is the main configuration of this embodiment, has the following configuration. That is, a processing unit 11 that executes information processing and calculation such as a CPU, a communication I / F 12 that inputs and outputs information to other devices, a main storage device 13 such as a memory, and an internal storage such as an HDD or SSD. Auxiliary storage device 14. The processing unit 11 executes information processing and calculation according to various programs stored in the main storage device 13. Various programs can be distributed via the Internet or stored in a storage medium and distributed.

Further, the communication I / F 12 is connected to the network 31 and has a communication function. As a communication function, the calculation result executed by the processing unit 11 is output, and the input of information necessary for the calculation is accepted. In this embodiment, since the security verification system 100 is realized by the server device, the communication I / F 12 and the network 31 are connected. However, when the security verification system 100 itself realizes the process as a stand-alone system, the above-mentioned communication function may be omitted. Further, the communication I / F 12 may be provided with a function of accepting input from the user and displaying information for the user.

Further, the main storage device 13 stores each program for executing the main information processing and calculation in this embodiment. The program includes an attack status management program 131, an attack success / failure determination program 132, and a status history recording program 133. Here, each part of FIG. 2 enables execution of the same function as each of these programs, and the corresponding relationship is as follows.
Attack status management unit 111: Attack status management program 131
Status history recording unit 112: Status history recording program 133
Attack success / failure determination unit 113: Attack success / failure determination program 132
The input unit 114 in FIG. 2 corresponds to the communication I / F 12 in FIG.

Further, the auxiliary storage device 14 is used for information processing and calculation executed by the processing unit 11, and stores various information which is a processing result. Specifically, the auxiliary storage device 14 stores the system profile I101, the attacker profile I102, the attack scenario list O101, and the attack establishment condition information 120. These contents will be described later.

Further, the storage medium 70 stores the system profile I101 and the attacker profile I102. Then, the security verification system 100 or the terminal device 21 can read each data stored in the storage medium 70.

Note that FIG. 8 above is suitable when the consultant is in charge of the security verification system 100 and verifies the customer's computer system 40.

This is the end of the description of the configuration of this embodiment, and then the processing of this embodiment will be described. In the following, each part shown in FIG. 2 will be described as the processing subject. FIG. 3 is a flowchart showing a processing flow of the attack status management unit 111. The attack status management unit 111 reads the system profile I101 and the attacker profile I102 input from the outside via the input unit 114 (S301, S302). Here, as shown in FIG. 8, “from the outside” includes input from the storage medium 70 and reading from the auxiliary storage device 14. Further, such information may be received via the network 31. In this case, it is desirable to accept the system profile I101 of the computer system 40.

Next, the attack status management unit 111 determines the attacker's target, that is, the component of the computer system 40 to be verified, which is the final target of the attack, and the action required to achieve the target from the read attacker profile I102 (. S303). Here, as an example of the component that is the final target of the attack and the action required to achieve the target, an example is to illegally tamper with the logic (action) of the PLC (component). Another example is the exploitation (action) of confidential information about the site from the site PC (component).

Next, the attack status management unit 111 determines the attack start point of the attacker in the configuration of the computer system 40 from the read system profile I101 (S304).

Then, the attack status management unit 111 sets the initial attack status based on the attack start point (S305). Here, it is desirable that the initial attack status, that is, the initial value, is the attack start point loaded from the entered attacker profile, the final target component of the attack, and the attack action required to achieve the target. ..

Next, the attack status management unit 111 selects an attack action necessary for achieving the target from the initial values set in step S305, and executes the selected attack action (S306). This attack action may be executed on a simulation or may actually be executed. When executing this attack action, the attack status management unit 111 inquires the attack success / failure determination unit 113 whether or not the attack action is established.

The attack success / failure determination unit 113 determines whether or not the attack is successful from the attacker's current status information received from the attack status management unit 111 and the attack action information to be tried next. In making that determination, the necessary conditions for establishing an attack are acquired from the attack establishment condition information 120, which is a component of the security verification system 100, and whether or not the attack is established is determined. The attack status management unit 111 determines the attack success / failure of the next attack action from the attack success / failure determination unit 113 (S307). As a result, if the attack is successful (Y), the process proceeds to step S308. It also updates the attack status and selects the next attack action.

If the attack is not established (N), the process returns to step S306. This means that if there is a next attack action candidate as if the next attack action was not established under the relevant conditions, it is verified whether or not this attack is established.

As described above, in step S307, the process is continued until the final target defined in the attack profile is achieved, or there are no candidates for the attack action and it is determined that the final target is difficult to achieve.

After executing each step as described above, the attack status management unit 111 generates a series of attack actions from the attack start position as a list when the final target is achieved or when it is determined that the final target is difficult to achieve. (S308).

Next, FIG. 4 shows a system profile I101 and an attacker profile I102, which are input information of the security verification system 100. The system profile I101 is information indicating the characteristics of the computer system 40 to be verified. As an example, the network profile 401, the component profile 402 and the physical profile 403 are included as shown. The network profile 401 is information indicating definition information regarding the configuration of a network to which two or more components are connected.

Further, the component profile 402 is information that defines information about a connection destination network, a physical location, configured hardware, and installed software (information such as an OS and an application). Further, the physical profile 403 is information that defines information about the component profile 402 and the physical site on which the component is located.

Here, the network profile 401 defines, for example, a LAN segment (wired / wireless), a network to which an unspecified number of people such as the Internet are connected, and a peer network such as serial communication using USB or RS-232C. Further, the component profile 402 may be a host device for operating application software such as a workstation or an embedded device specialized for executing a specific function as hardware information. However, it may refer to a specific product such as a specific product model number. The hardware and software information may be in a CPE (Comon Platform Enumeration) format or a data format for storing computer asset management information corresponding to the CPE.

Here, FIG. 5 shows specific examples of the network profile 401, the component profile 402, and the physical profile 403 included in the system profile I101.

Here, the attacker profile I102 defines characteristic information indicating the characteristics of the emulated attacker. The attacker profile I102 includes at least: It is the attack target that is the final target of the attacker, the attack start point that indicates the attack start point on the attacker's system, what kind of attack technique / method the attacker has, and how much attack resource ( It is the parameter information that defines the ability). Of these, the attack target defines, for example, component information to be the attack target and conditions for achieving the target. For example, "the attack target is to illegally change the control logic for PLCXX (Modify Control Logic)" is an example of the content defined as the attack target. That is, the attack target is a combination of the final attack target (which needs to be defined as the component profile 402 described above) and the attack action. The attack action is stored in a database in advance, and the item matching the entry defined in the attack establishment condition information 120 is used.

In addition, as an example of what is selected as an attack action, there are cases of threat events identified by threat modeling methods such as STRIDE (for example, information leakage, service inability, information tampering), and ATT & CK (R) (US registered trademark). It is expressed in the form of a specific attack tool or means (for example, an attack module of Mimikatz or Metasploit, a command example of nmap, etc.) that realizes Tactics or Techniques defined in.

The attack start point defines the attack start point of the attacker. The attack start point is defined by the entity defined in the system profile. Specifically, it is a network entity defined in network profile 401, a component entity defined in component profile 402, or a physical entity indicating a physical location defined in physical profile 403. Attack method / attack ability defines the attack ability and available methods of the attacker. For the attack method, the same items as the above-mentioned attack action are input, and if there are multiple attack methods, multiple are defined. In general, the higher the attack capability, the more attack methods can be used.

The attacker defined in the attacker profile may be a single attacker or a plurality of attackers (Advanced Persistence Threat). The attack status management unit 111 reads information from the system profile information I101 and the attacker profile information I102 described in detail above, sets initial attack status information, and starts the processing flow described with reference to FIG.

Next, FIG. 6 shows an example of the attacker status managed by the attack status management unit 111. The attacker status I102 sets the target component and the target condition from the attack target input from the attacker profile I102. This is a fixed value unless the attacker profile I102 changes. The point at the time of verification (attack) of this embodiment shows the current position in the attacker's system. For example, the distinguished name of the network entity, component entity, or physical entity mentioned above is entered. That is, the attacker status indicates the progress in the attack.

The point during validation is defined as a network entity, a component entity, or an entity in a physical location. The next attack action indicates information on the next attack action to be executed by the attacker. The next attack action is determined by the attack target and the attacker's decision logic to achieve the target.

The attacker's determination logic is executed by the attack success / failure determination unit 113, and when the attack action is successful, the attack status management unit 111 responds to the next attack action in addition to the success / failure of the attack. This attack determination logic is statically or dynamically determined according to the case-based modeled attacker's TTP. The initial reading of the attacker profile I102 is determined by the attack start point and the attack determination logic of the attacker.

Attack method / attack ability defines the attack ability and available methods of the attacker defined in the attacker profile. This is a fixed value unless the attacker profile I102 changes, as well as the target component and target condition.
Here, FIG. 7 shows a flowchart of the attack action determination process in this embodiment. The attack success / failure determination unit 113 reads the attacker status I102 (S601).

Then, the attack success / failure determination unit 113 covers, that is, identifies the candidate of the attack method from the next attack action and the attack method / attack ability in the attacker status (S602). Here, the attack method extracts those that can achieve the next attack action by executing the attack method. For example, when a certain Tactics defined in ATT & CK (R) (US registered trademark) is defined as a next attack action, a candidate to be an attack method is extracted from the Techniques that realize the Tactics.

Next, the attack success / failure determination unit 113 determines whether or not there is a candidate for the attack method (S603). As a result, if it is determined that there is one or more candidates for the attack method (Y), the process proceeds to step S604. If it is determined that there is no candidate for the attack method (N), the process proceeds to step S608.

Then, the attack success / failure determination unit 113 tries the attack method determined to exist in step S602 (S604).

Next, the attack success / failure determination unit 113 determines whether the attack method tried in step S604 was successful, that is, the trial result, and responds to this to the attack status management unit 111 (S605). As a result, if it is determined to be successful, the process proceeds to step S606. If it is determined that the process was not successful, the process returns to step S603. As a result, in step S603, the attack success / failure determination unit 113 tries another attack method.

Then, the status history recording unit 112 updates the attacker status information I102.

Next, the attack success / failure determination unit 113 continues the trial of the attack until there are no candidates for the attack method, that is, until the final target, according to the attack step determined by itself. As a result, the attack success / failure determination unit 113 reaches the final target component without failing, executes the final target attack action, and determines whether or not it succeeds (S607).

If this result is successful, that is, if the final goal is achieved (Y), the process proceeds to step S608. If the final goal is not achieved (N), the process returns to step S603.

Then, the status history recording unit 112 generates a list of attack actions tried so far and outputs it as an attack scenario list O101 (S608). As a result, even if there are no candidates for the attack method and the attack fails, a list of attack actions leading up to the attack failure can be generated and output as an attack scenario list O101.

Whether or not the next target can be accessed after a successful attack depends on the attack action and the system profile. That is, it depends on whether all attack actions have been achieved to achieve access, adjacent to the next target component, network, or physical area. For example, when a user-level shell operation access is regained for a certain component by a certain attack action, the following attacks (1) to (4) are performed in order to access the next target. After (1) regaining full access privileges for the network control function after privilege escalation on the target, (2) scanning the next target via the network, (3) searching for vulnerabilities in the next target, and then ((3) 4) Launch an attack to access the next target.

This is premised on the existence of the following targets on the same network, and depends on the system configuration (that is, the system profile). Therefore, whether or not the attack success / failure determination unit 113 succeeds in the next attack action is determined by the system profile. The attack selection logic of the attack success / failure determination unit 113 has a function of verifying the system profile condition (this condition is included as a part of the attack establishment condition information 120) for determining the attack success / failure. Then, in the attack success / failure determination process of the attack action requested by the attack status management unit 111, the attacker status information and the system profile are collated. As a result, even if the attack success condition is satisfied as the attack method / attack ability, if the system profile conditions do not match, it is determined as an attack failure.

In addition, as a condition of the system profile, it is determined based on the presence / absence of vulnerabilities that can be used by an attacker and the presence / absence of security control, in addition to restrictions on the network configuration. As for the vulnerabilities, those associated with the component profile 402 can be extracted, and if there is an available vulnerability in the vulnerabilities, it can be determined that the attack is successful. For example, it is possible to associate the vulnerability information with the component profile 402 by associating the vulnerability information to which the CVE (Common Vulnerability Environment) identification information is assigned with the asset information (CPE) of the component profile 402. be.

This is the end of the description of this embodiment. According to this embodiment, it is possible to automatically identify security attack patterns targeting industrial control systems and the like in the industrial field. In addition, analysis based on behavior including constraints can be performed, and an attack scenario based on the attacker's behavior after system intrusion can be identified based on the attacker's TTP (Tactics, Tactics and Procedures).

100 ... Security verification system 110 ... Attack verification unit 111 ... Attack status management unit 112 ... Status history recording unit 113 ... Attack success / failure judgment unit 120 ... Attack establishment condition information I101 ... System profile I102 ... Attacker profile O101 ... Attack scenario list 401 ... Network profile 402… Component profile 403… Physical profile

Claims (10)

In a security verification system for verifying the security assurance status in a computer system,
An attacker profile that is characteristic information indicating the characteristics of an attacker's attack, an input unit that accepts a system profile that indicates the characteristics of the computer system that is the target of the attack, and an input unit.
Using the attacker profile and the system profile, an attack status management unit that identifies an attack status indicating the progress of the attacker's attack, and an attack status management unit.
It has an attack success / failure determination unit that determines whether or not the attacker's attack is successful using the attack status.
The attack status management unit is a security verification system that includes a determination result in the attack success / failure determination unit and creates an attack scenario indicating the content of an attack on the computer system. In the security verification system according to claim 1,
The attack success / failure determination unit is a security verification system that makes a determination using the system profile. In the security verification system according to claim 2,
The system profile is a security verification system including at least one of the attack position of the attacker in the computer system, the configuration of the components constituting the computer system, and the vulnerability of the computer system. In the security verification system according to claim 1,
The attack status is a security verification system that is a component reached by the attack among a plurality of components constituting the computer system. In the security verification system according to claim 1,
The input unit is a security verification system that receives the system profile from the computer system via a network. In the security verification method using the security verification system for verifying the security assurance status in the computer system,
The input unit of the security verification system accepts an attacker profile, which is characteristic information indicating the characteristics of an attacker's attack, and a system profile indicating the characteristics of the computer system to be attacked.
The attack status management unit of the security verification system uses the attacker profile and the system profile to identify the attack status indicating the progress of the attacker's attack.
The attack success / failure determination unit of the security verification system uses the attack status to determine whether the attacker's attack is successful.
A security verification method in which the attack status management unit creates an attack scenario that includes a determination result in the attack success / failure determination unit and indicates the content of an attack on the computer system. In the security verification method according to claim 6,
The attack success / failure determination unit is a security verification method in which a determination is made using the system profile. In the security verification method according to claim 7,
The system profile is a security verification method including at least one of the attack position of the attacker in the computer system, the configuration of the components constituting the computer system, and the vulnerability of the computer system. In the security verification method according to claim 6,
The attack status is a security verification method in which the attack has reached a component among a plurality of components constituting the computer system. In the security verification method according to claim 6,
A security verification method in which the system profile is received from the computer system via a network by the input unit.

Images