JP2014203240A - Information processor for supporting security countermeasure, security countermeasure support method and program therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem that it is not possible to present a security countermeasure for maintaining security in a change process of system configurations including at least one of the components and setting of the system.SOLUTION: The information processor includes: configuration information generation means for, on the basis of first system configuration information indicating system configurations and change procedure information indicating the change procedure of the system configurations, generating second system configuration information indicating the system configurations corresponding to each step in the change procedure; and countermeasure generation means for, on the basis of the second system configuration information and knowledge information indicating a security countermeasure related to its components and its setting, generating and outputting countermeasure information indicating the security countermeasure corresponding to the second system configuration information.

Description

  The present invention relates to a technology for supporting system security measures.

  Various related technologies for supporting security measures in information processing systems and the like are known.

  Patent Document 1 discloses an example of an information security measure determination support device.

  First, the information security measure decision support device stores a correspondence table between threats and assets. The correspondence table of threats and assets shows the attributes of the threats and assets that cause a change in state between each node from the initial state node to the damaged state node. The correspondence with is shown.

  Secondly, the information security measure determination support apparatus stores a correspondence table indicating measures that can be taken corresponding to each threat, that is, a correspondence table of threats and measures.

  Third, the information security measure determination support device receives an input of an attribute such as an asset type, a business type, or an information type related to the diagnosis target system, and determines the threat corresponding to the attribute from the threat and asset correspondence table. Extract.

  Fourth, the information security countermeasure determination support apparatus reads and outputs a countermeasure corresponding to the threat extracted from the correspondence table of the threat and the countermeasure.

  Patent Document 2 discloses an example of a security design support method.

  The security design support method includes the following processing performed using an environment element (Data Base) DB, a threat DB, a threat extraction rule DB, and a countermeasure DB. The environment element DB stores components of the security environment of an IT (Information Technology) product or system. The threat DB stores threats. The threat extraction rule DB stores a description of a rule for extracting a threat from the security environment. The countermeasure DB stores countermeasure countermeasure candidates.

  First, the security design support method allows the user to define the security environment of the IT product or the system using the environment element DB.

  Second, the security design support method extracts a threat assumed in the IT product or the system from the threat DB and the threat extraction rule DB based on the defined security environment.

  Third, the security design support method presents the extraction result of the threat to the user.

  Fourth, the security design support method allows the user to select whether to adopt the threat as a threat to be considered in the IT product or the system.

  Fourth, the security design support method extracts countermeasure candidates from the countermeasure DB based on the threat selection result, and presents the extraction result to the user.

  Fifth, the security design support method allows the user to select a countermeasure to be implemented by the IT product or the system from among the countermeasure candidates indicated by the extraction result.

JP 2009-110177 A JP 2006-350708 A

  However, in the technology described in the above-mentioned patent technical document, there is a problem in that a security measure for maintaining security in the process of changing the system configuration including at least one of system components and settings cannot be presented. .

  The reason is that the technique described in the above-mentioned patent technical document does not consider a transient system configuration in the process of changing the system configuration.

  An object of the present invention is to provide an information processing apparatus, a security countermeasure support method, and a program therefor that can solve the above-described problems.

  The information processing apparatus according to the present invention provides the change procedure based on first system configuration information indicating a system configuration including at least one of system components and settings and change procedure information indicating a change procedure of the system configuration. Configuration information generating means for generating second system configuration information indicating the system configuration corresponding to each stage in the change procedure indicated in the information, security information regarding the second system configuration information, the configuration elements, and the settings Countermeasure generating means for generating and outputting countermeasure information indicating security countermeasures corresponding to the second system configuration information based on the knowledge information indicating the second system configuration information.

  The security countermeasure support method according to the present invention is based on the first system configuration information indicating a system configuration including at least one of system components and settings, and the change procedure information indicating a change procedure of the system configuration. Knowledge information indicating the second system configuration information, the configuration elements, and the security measures related to the settings by generating second system configuration information indicating the system configuration corresponding to each stage in the change procedure indicated in the procedure information Based on the above, the countermeasure information indicating the security countermeasure corresponding to the second system configuration information is generated and output.

  The program according to the present invention includes the change procedure information based on first system configuration information indicating a system configuration including at least one of system components and settings and change procedure information indicating a change procedure of the system configuration. A process for generating second system configuration information indicating the system configuration corresponding to each stage in the change procedure shown; the second system configuration information; knowledge information indicating security measures related to the configuration elements and the settings; And generating and outputting countermeasure information indicating security countermeasures corresponding to the second system configuration information.

  The present invention has an effect of enumerating security measures for maintaining security in the process of changing the system configuration.

FIG. 1 is a block diagram showing the configuration of the security countermeasure support apparatus according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating a configuration of an information processing system including the security countermeasure support apparatus according to the first embodiment. FIG. 3 is a block diagram illustrating a hardware configuration of a computer that implements the security countermeasure support apparatus according to the first embodiment. FIG. 4 is a diagram illustrating an example of a change procedure list according to the first embodiment. FIG. 5 is a block diagram showing the configuration of the target system. FIG. 6 is a diagram illustrating an example of a system element list according to the first embodiment. FIG. 7 is a block diagram showing the configuration of the target system corresponding to each stage in the change procedure. FIG. 8 is a diagram illustrating an example of a system element list corresponding to each stage in the change procedure according to the first embodiment. FIG. 9 is a block diagram showing the configuration of the target system corresponding to each stage in the change procedure. FIG. 10 is a diagram illustrating an example of a system element list corresponding to each stage in the change procedure according to the first embodiment. FIG. 11 is a block diagram showing the configuration of the target system corresponding to each stage in the change procedure. FIG. 12 is a diagram illustrating an example of a system element list corresponding to each stage in the change procedure according to the first embodiment. FIG. 13 is a diagram illustrating an example of a knowledge list according to the first embodiment. FIG. 14 is a diagram illustrating an example of a countermeasure list according to the first embodiment. FIG. 15 is a flowchart illustrating the operation of the security countermeasure support apparatus according to the first embodiment. FIG. 16 is a diagram illustrating an example of a countermeasure list according to a modification of the first embodiment. FIG. 17 is a diagram illustrating an example of a countermeasure list in a modification of the first embodiment. FIG. 18 is a block diagram illustrating a configuration of a security countermeasure support apparatus according to the second embodiment. FIG. 19 is a diagram illustrating an example of a change procedure list according to the second embodiment. FIG. 20 is a diagram illustrating an example of a target system according to the second embodiment. FIG. 21 is a diagram illustrating an example of a system element list according to the second embodiment. FIG. 22 is a diagram illustrating an example of a deletion element list according to the second embodiment. FIG. 23 is a diagram illustrating an example of a countermeasure list according to the second embodiment. FIG. 24 is a flowchart showing the operation of the security countermeasure support apparatus in the second embodiment. FIG. 25 is a diagram illustrating an example of a countermeasure list according to the second embodiment. FIG. 26 is a block diagram illustrating a configuration of a security countermeasure support apparatus according to the third embodiment. FIG. 27 is a block diagram illustrating a configuration of an information processing system including a security countermeasure support apparatus according to the third embodiment. FIG. 28 is a diagram illustrating an example of a change procedure template according to the third embodiment. FIG. 29 is a diagram illustrating an example of a change procedure template according to the third embodiment. FIG. 30 is a diagram illustrating an example of change procedure information according to the third embodiment.

  Embodiments for carrying out the present invention will be described in detail with reference to the drawings. In each embodiment described in each drawing and specification, the same reference numerals are given to the same components, and the description thereof is omitted as appropriate.

<<<< first embodiment >>>>
FIG. 1 is a block diagram showing a configuration of a security countermeasure support apparatus 100 according to the first embodiment of the present invention.

  As shown in FIG. 1, the security countermeasure support apparatus 100 according to the present embodiment includes an element list generation unit (also referred to as configuration information generation unit) 110 and a countermeasure generation unit 120.

=== Element List Generation Unit 110 ===
The element list generation unit 110 performs system element lists 822 to 824 based on a change procedure list (also called change procedure information) 810 and a system element list (also called system configuration information) 820 (first system configuration information). (Second system configuration information) is generated. Here, each of the system element lists 822 to 824 corresponds to each change procedure identifier (that is, each stage in the change procedure) shown in the change procedure list 810.

  The change procedure list 810 includes a series of change procedures for changing the system configuration of a system for which security countermeasures are to be supported (hereinafter referred to as a target system). Here, the system configuration includes at least one of components and settings of the target system.

  The system element list 820 is information indicating the configuration of the target system. That is, the information includes at least one of the component and setting of the target system.

  Further, each of the system element lists 822 to 824 corresponding to each stage in the change procedure includes information indicating the configuration of the target system in each stage. Here, the target system in each stage is in a state where any one of the change procedures included in the change procedure list 810 has been executed. In other words, each stage in the change procedure is a stage of change processing corresponding to any one of a series of procedures included in the change procedure list 810 and sequentially executed.

  Note that specific examples of the change procedure list 810, the system element list 820, and the system element lists 822 to 824 will be described later.

=== Measure Generation Unit 120 ===
The countermeasure generation unit 120 generates and outputs a countermeasure list (also referred to as countermeasure information) 840 based on the system element lists 822 to 824 generated by the element list generation unit 110 and the knowledge list (also referred to as knowledge information) 830. .

  Here, the knowledge list 830 is a list of knowledge information indicating security measures regarding the components and settings included in the system.

  The countermeasure list 840 is a list of countermeasure information indicating security countermeasures corresponding to each of the system element lists 822 to 824. Therefore, the countermeasure list 840 includes countermeasure information corresponding to each stage in the change procedure.

  Specific examples of the knowledge list 830 and the countermeasure list 840 will be described later.

  FIG. 2 is a block diagram illustrating a configuration of the information processing system 101 including the security countermeasure support apparatus 100 according to the present embodiment.

  As shown in FIG. 2, the information processing system 101 includes a security countermeasure support apparatus 100, a system element DB 102, and a knowledge DB 103.

  The system element DB 102 stores a system element list 820. The knowledge DB 103 stores a knowledge list 830.

  The system element DB 102 and the knowledge DB 103 may be included as a part of the element list generation unit 110 and the countermeasure generation unit 120.

  FIG. 3 is a block diagram illustrating a hardware configuration of a computer 700 that implements the security countermeasure support apparatus 100 according to the present embodiment.

  As illustrated in FIG. 3, the computer 700 includes a CPU (Central Processing Unit) 701, a storage unit 702, a storage device 703, an input unit 704, an output unit 705, and a communication unit 706. Furthermore, the computer 700 includes a recording medium (or storage medium) 707 supplied from the outside. The recording medium 707 may be a non-volatile recording medium that stores information non-temporarily.

  The CPU 701 controls the overall operation of the computer 700 by operating an operating system (not shown). The CPU 701 reads a program and data from a recording medium 707 mounted on the storage device 703, for example, and writes the read program and data to the storage unit 702. Here, the program is, for example, a program that causes the computer 700 to execute an operation of a flowchart shown in FIG.

  The CPU 701 executes various processes as the element list generation unit 110 and the countermeasure generation unit 120 illustrated in FIG. 1 according to the read program and based on the read data.

  Note that the CPU 701 may download a program and data to the storage unit 702 from an external computer (not shown) connected to a communication network (not shown).

  The storage unit 702 stores programs and data. The storage unit 702 may include a system element DB 102 and a knowledge DB 103.

  The storage device 703 is, for example, an optical disk, a flexible disk, a magnetic optical disk, an external hard disk, and a semiconductor memory, and includes a recording medium 707. The storage device 703 (recording medium 707) stores the program in a computer-readable manner. The storage device 703 may store data. The storage device 703 may include a system element DB 102 and a knowledge DB 103.

  The input unit 704 is realized by, for example, a mouse, a keyboard, a built-in key button, and the like, and is used for input operations. The input unit 704 is not limited to a mouse, a keyboard, and a built-in key button, and may be a touch panel, for example.

  The output unit 705 is realized by a display, for example, and is used for confirming the output.

  The communication unit 706 implements an interface with the outside. For example, the communication unit 706 is included as part of the element list generation unit 110 and the countermeasure generation unit 120.

  As described above, the functional unit block of the security countermeasure support apparatus 100 shown in FIG. 1 is realized by the computer 700 having the hardware configuration shown in FIG. However, the means for realizing each unit included in the computer 700 is not limited to the above. In other words, the computer 700 may be realized by one physically coupled device, or may be realized by two or more physically separated devices connected by wire or wirelessly and by a plurality of these devices. .

  A recording medium 707 in which the above-described program code is recorded may be supplied to the computer 700, and the CPU 701 may read and execute the program code stored in the recording medium 707. Alternatively, the CPU 701 may store the code of the program stored in the recording medium 707 in the storage unit 702, the storage device 703, or both. That is, the present embodiment includes an embodiment of a recording medium 707 that stores a program (software) executed by the computer 700 (CPU 701) temporarily or non-temporarily.

  This completes the description of each hardware component of the computer 700 that implements the security countermeasure support apparatus 100 according to this embodiment.

  Next, the change procedure list 810, the system element list 820, the system element lists 822 to 824, the knowledge list 830, and the countermeasure list 840 will be described with specific examples.

=== Change Procedure List 810 ===
As described above, the change procedure list 810 indicates the operation of changing the configuration of the target system as a change procedure. FIG. 4 is a diagram illustrating an example of the change procedure list 810. As shown in FIG. 4, the change procedure list 810 includes a procedure record 819 including a change procedure identifier, a work type, and a work target.

  The change procedure identifier is an identifier for specifying the change procedure (procedure record 819). The work type indicates an operation (for example, resource addition, installation, connection, etc.) of the worker who performs the configuration change of the target system. The work object indicates an object on which the configuration change is performed. For example, the procedure record 819 whose change procedure identifier is “procedure 1” indicates that the machine B 913 is added to the target system 920 shown in FIG. Each stage in the change procedure corresponding to the change procedure identifier is a stage in which the change procedure corresponding to the change procedure identifier is executed. In other words, the change procedure identifier is also an identifier that identifies each stage in the change procedure.

  Note that the change procedure list 810 may include, as a change procedure, setting changes of the target system, such as firewall settings and user authentication settings for the Internet 901, regardless of the example illustrated in FIG.

  For example, the element list generation unit 110 acquires the change procedure list 810 input by the operator from the input unit 704 illustrated in FIG. Further, the element list generation unit 110 may acquire the change procedure list 810 stored in the system element DB 102 illustrated in FIG. Further, the element list generation unit 110 may acquire the change procedure list 810 from an external device (not shown) via the communication unit 706 shown in FIG. Further, the element list generation unit 110 may acquire the change procedure list 810 recorded in the recording medium 707 illustrated in FIG. 3 via the storage device 703.

=== System Element List 820 ===
As described above, the system element list 820 shows the configuration of the target system as shown in FIG. 5, for example.

  FIG. 5 is a block diagram illustrating a configuration of the target system 920. As shown in FIG. 5, the target system 920 includes the Internet 901, a management network 902, and a machine A 903 including an OS 904 and a mail server 905.

  FIG. 6 is a diagram illustrating an example of the system element list 820. A system element list 820 shown in FIG. 6 shows a configuration of the target system 920 shown in FIG. As shown in FIG. 6, the system element list 820 includes an element record 829 related to the network including an element identifier, a connection source, and a connection destination. In addition, the system element list 820 includes an element record 829 related to a service including an element identifier, a machine name, and a service name. The element identifier is an identifier that identifies the element record 829. The service name is a service name installed on a machine specified by the corresponding machine name.

  The system element list 820 may include setting information of the target system such as a firewall and user authentication for the Internet 901, for example, regardless of the example shown in FIG. For example, the element record 829 indicating the setting information of the target system may include the element identifier, the identifier of the component to be set, and the setting content.

  For example, the element list generation unit 110 acquires the system element list 820 stored in the system element DB 102 illustrated in FIG. The element list generation unit 110 may acquire the system element list 820 from an external device (not shown) via the communication unit 706 shown in FIG. Further, the element list generation unit 110 may acquire the system element list 820 recorded in the recording medium 707 illustrated in FIG. 3 via the storage device 703. Further, the element list generation unit 110 may acquire the system element list 820 input by the operator from the input unit 704 illustrated in FIG.

=== System Element List 822-824 ===
FIG. 7 is a block diagram illustrating a configuration of the target system 922 corresponding to the stage of “procedure 1”. Specifically, FIG. 7 shows a target in which machine B 913 is added to the target system 920 shown in FIG. 5 according to the change procedure shown in the procedure record 819 whose change procedure identifier is “procedure 1” shown in FIG. FIG. 2 is a diagram illustrating a configuration of a system 922. Here, the machine B 913 includes an OS (Operating System) 914.

  FIG. 8 is a diagram showing a system element list 822 generated by the element list generation unit 110 corresponding to the target system 922. As shown in FIG. 8, the system element list 822 is an element record related to the network in which the element identifier is “configuration N13”, the connection source is “machine B”, and the connection destination is “not connected”, compared to the system element list 820. 829 has been added. In addition, the system element list 822 has a service element record 829 added to the system element list 820, in which the element identifier is “configuration S11”, the machine name is “machine B”, and the service name is “OS”. Yes.

  FIG. 9 is a block diagram illustrating a configuration of the target system 923 corresponding to the stage of “procedure 2”. Specifically, FIG. 9 shows a target in which a WWW server is added to the target system 922 shown in FIG. 7 by the change procedure shown in the procedure record 819 whose change procedure identifier is “procedure 2” shown in FIG. FIG. 11 is a diagram showing a configuration of a system 923.

  FIG. 10 is a diagram showing a system element list 822 generated by the element list generation unit 110 corresponding to the target system 923. As shown in FIG. 10, the system element list 823 is an element record related to a service, in which the element identifier is “configuration S12”, the machine name is “machine B”, and the service name is “WWW server”, compared to the system element list 822. 829 has been added.

  FIG. 11 is a block diagram illustrating a configuration of the target system 924 corresponding to the stage of “procedure 3”. Specifically, FIG. 11 shows that the machine B 913 is transferred to the management network 902 for the target system 923 shown in FIG. 9 according to the change procedure shown in the procedure record 819 whose change procedure identifier is “procedure 2” shown in FIG. It is a figure which shows the structure of the target system 924 connected.

  FIG. 12 is a diagram showing a system element list 822 generated by the element list generation unit 110 corresponding to the target system 924. As shown in FIG. 12, in the system element list 824, the connection destination of the element record 829 related to the network, in which the element identifier is “configuration N13” and the connection source is “machine B”, compared to the system element list 822 is “not connected”. To "Machine B".

=== Knowledge List 830 ===
As described above, the knowledge list 830 is a list of knowledge information indicating security measures related to components and settings included in the target system 920 and the target systems 922 to 924.

  FIG. 13 is a diagram illustrating an example of the knowledge list 830. As shown in FIG. 13, the knowledge list 830 includes a plurality of rule records 839 including rule identifiers, request conditions, and security measures. The rule identifier is an identifier that identifies the rule (rule record 839). The required condition is a state of components and settings (for example, OS, WWW server program, connection state, authentication setting, firewall setting, etc.) that require corresponding security measures. The security measure indicates a measure for ensuring security for the required condition.

  The knowledge list 830 may include a rule record 839 for setting contents for the target system 920 and the target systems 922 to 924 regardless of the example shown in FIG. The setting contents are, for example, firewall setting contents for the Internet 901 and user authentication setting contents.

=== Countermeasure list 840 ===
As described above, the countermeasure list 840 is a list of countermeasure information indicating security countermeasures for the target systems 922 to 924 indicated by the system element lists 822 to 824 corresponding to each stage in the change procedure.

  FIG. 14 is a diagram illustrating an example of the countermeasure list 840. As shown in FIG. 14, the countermeasure list 840 includes a plurality of countermeasure records 849 including a change procedure identifier and a security countermeasure. The change procedure identifier is an identifier that identifies a countermeasure (measure record 849). The security measures indicate to the target systems 922 to 924 security measures to be implemented. Each of the target systems 922 to 924 corresponds to each stage in the change procedure corresponding to the countermeasure record 849. Each stage in the change procedure corresponding to the countermeasure record 849 is each stage in the change procedure corresponding to the change procedure identifier included in the countermeasure record 849.

  Note that the countermeasure list 840 may include security countermeasures for the settings of the target systems 922 to 924, such as firewall settings and user authentication settings for the Internet 901, regardless of the example illustrated in FIG.

  The above is the description of each component of the security measure support apparatus 100 in units of functions.

  Next, the operation of the present embodiment will be described in detail with reference to FIGS.

  FIG. 15 is a flowchart showing the operation of this embodiment. Note that the processing according to this flowchart may be executed based on the program control by the CPU 701 described above. Further, the step name of the process is described by a symbol as in step S601.

  Here, the operation in the case where the target system 920 shown in FIG. 5 is set as the target system in the initial state and the countermeasure list 840 is generated when the element change is performed by the change procedure list 810 shown in FIG. 4 will be described.

  The element list generation unit 110 acquires the change procedure list 810 (step S611).

  Next, the element list generation unit 110 acquires the system element list 820 (step S612).

  Next, the element list generation unit 110 sequentially selects the procedure record 819 of the change procedure list 810, and generates the system element lists 822 to 824 based on the selected procedure record 819 (step S613).

  Specifically, the element list generation unit 110 generates the system element list 822 shown in FIG. 8 based on the procedure record 819 whose change procedure identifier is “procedure 1”. The element list generation unit 110 generates the system element list 823 shown in FIG. 10 based on the procedure record 819 whose change procedure identifier is “procedure 2”. Furthermore, the element list generation unit 110 generates the system element list 824 shown in FIG. 12 based on the procedure record 819 whose change procedure identifier is “procedure 3”.

  Next, the countermeasure generation unit 120 acquires the knowledge list 830 (step S614).

  Next, the countermeasure generation unit 120 generates a countermeasure record 849 for each of the system element lists 822 to 824 generated by the element list generation unit 110 based on the knowledge list 830 (step S615).

  For example, the countermeasure generation unit 120 generates a countermeasure record 849 based on the system element list 822 and the knowledge list 830 as follows.

  First, since the OS 904 is installed on the machine A 903 in the system element list 822, the countermeasure generation unit 120 determines that “the OS of the machine A is the latest version” from the rule 1 of the knowledge list 830. To do.

  Secondly, since the mail server 905 is installed in the machine A 903 in the system element list 822, the countermeasure generation unit 120 determines that “the mail server program of the machine A is the latest version” from the rule 2 of the knowledge list 830. Is further included in security measures.

  Third, since the machine A 903 is connected to the Internet 901 via the management network 902, the countermeasure generation unit 120 further determines that “a firewall is installed” from the rule 2 of the knowledge list 830. Include in

  Fourth, since the OS 904 is installed on the machine B 913 in the system element list 822, the countermeasure generation unit 120 further determines that “the OS of the machine B is the latest version” from the rule 1 of the knowledge list 830. Include in

  Fifth, the countermeasure generation unit 120 generates a countermeasure record 849 using the security countermeasure and the “procedure 1” of the change procedure identifier as a set.

  Further, the countermeasure generation unit 120 generates a countermeasure record 849 based on the system element list 823 and the knowledge list 830 as follows.

  The countermeasure generation unit 120 performs the first to fourth processes in the generation of the countermeasure record 849 in the case of the system element list 822.

  Fifth, since the WWW server 915 is installed in the machine B 913 in the system element list 822, the countermeasure generation unit 120 determines that “the WWW server program of the machine B is the latest version” from the rule 2 of the knowledge list 830. Is further included in security measures.

  Sixth, the countermeasure generation unit 120 generates a countermeasure record 849 using the security countermeasure and the “procedure 2” of the change procedure identifier as a set.

  Further, the countermeasure generation unit 120 generates a countermeasure record 849 based on the system element list 824 and the knowledge list 830 as follows.

  The countermeasure generation unit 120 performs the first to second processes in the generation of the countermeasure record 849 in the case of the system element list 822 described above.

  Thirdly, since the machine A 903 and the machine B 913 are connected to the Internet 901 via the management network 902, the countermeasure generation unit 120 determines that “a firewall is installed” from Rule 2 of the knowledge list 830. It is further included in security measures.

  Fourth, the countermeasure generation unit 120 performs the fourth process in generating the countermeasure record 849 in the case of the system element list 822 described above.

  Fifth, the countermeasure generation unit 120 performs the fifth process in generating the countermeasure record 849 in the case of the system element list 823 described above.

  Sixth, the countermeasure generation unit 120 generates a countermeasure record 849 by combining the security countermeasure and the “procedure 3” of the change procedure identifier.

  Next, the countermeasure generation unit 120 collects the generated countermeasure records 849 and outputs them as a countermeasure list 840 (step S616).

<<< Modification of First Embodiment >>>
The countermeasure generation unit 120 deletes the security countermeasure corresponding to the change procedure identifier before the change procedure identifier from the security countermeasure corresponding to each change procedure identifier (measure record 849) included in the countermeasure list 840. Is generated. As described above, the change procedure identifier is also an identifier for specifying each stage in the change procedure. Therefore, the security measure corresponding to the change procedure identifier is a security measure corresponding to each stage in the change procedure.

  For example, the countermeasure generation unit 120 generates a countermeasure list in which the security countermeasures corresponding to the target system in the initial state are deleted from the countermeasure record 849 of the countermeasure list 840 illustrated in FIG. In other words, the countermeasure generation unit 120 generates a countermeasure list on the assumption that the target system in the initial state has already been subjected to security countermeasures.

  Here, it is assumed that the target system in the initial state is the target system 920 shown in FIG.

  FIG. 16 is a diagram showing an example of the countermeasure list 841 from which the security countermeasure corresponding to the target system in the initial state is deleted. As shown in FIG. 16, each countermeasure record 849 of the countermeasure list 841 is “the OS of the machine A is the latest version” and “the mail server program of the machine A is compared with the countermeasure record 849 of the countermeasure list 840 shown in FIG. "Latest version" and "Firewall is installed" have been removed from security measures. These “the OS of the machine A is the latest version”, “the mail server program of the machine A is the latest version”, and “the firewall is installed” correspond to the target system 920 (target system in the initial state) shown in FIG. This is a security measure.

  Note that the security countermeasure corresponding to the target system in the initial state may be generated by means not shown in the security countermeasure support apparatus 100, the countermeasure generation unit 120, or the like, or means not shown in the security countermeasure support apparatus 100 or FIG. May be stored in advance in the storage device 703 shown in FIG.

  Further, the countermeasure generation unit 120 may generate a countermeasure list 842 in which all the previous security measures included in each step in the change procedure are deleted from the countermeasure record 849 of the countermeasure list 840 illustrated in FIG. Good. In other words, the countermeasure generation unit 120 may generate the countermeasure list on the assumption that the security countermeasure before that stage is surely implemented at each stage in the change procedure.

  FIG. 17 is a diagram showing an example of a countermeasure list 842 in which security countermeasures included in each stage in the change procedure in all previous stages are deleted. As shown in FIG. 17, in the countermeasure list 842, “the OS of machine B is the latest version” is deleted from the security countermeasure of the countermeasure record 849 whose change procedure identifier is “procedure 2”, compared to the countermeasure list 841. Yes.

  The countermeasure generation unit 120 may output any of the countermeasure list 840, the countermeasure list 841, and the countermeasure list 842.

  The first effect of the present embodiment described above is that it is possible to enumerate security measures for maintaining security in the process of changing the system configuration.

  This is because the following configuration is provided. First, the element list generation unit 110 generates system element lists 822 to 824 corresponding to each stage in the change procedure. Second, the countermeasure generation unit 120 generates and outputs a countermeasure record 849 corresponding to each of those system element lists 822 to 824.

  The second effect of the present embodiment described above is that the security measures can be listed in a format that is easier to use.

  The reason is that the countermeasure generation unit 120 deletes the security countermeasure corresponding to each stage in the change procedure before the change procedure from the security countermeasure corresponding to each stage in each change procedure, and the countermeasure list 841 and the countermeasure list. This is because 842 is generated.

<<< Second Embodiment >>>
Next, a second embodiment of the present invention will be described in detail with reference to the drawings. Hereinafter, the description overlapping with the above description is omitted as long as the description of the present embodiment is not obscured.

  FIG. 18 is a block diagram showing a configuration of a security countermeasure support apparatus 200 according to the second embodiment of the present invention.

  As illustrated in FIG. 18, the security countermeasure support apparatus 200 according to the present embodiment further includes a difference extraction unit 230 as compared with the security countermeasure support apparatus 100 according to the first embodiment. Further, the security countermeasure support apparatus 200 according to the present embodiment is different in operation of the countermeasure generation unit 120 from the security countermeasure support apparatus 100 according to the first embodiment.

=== Difference Extraction Unit 230 ===
The difference extraction unit 230 extracts components to be deleted at each stage in the change procedure. Then, the difference extraction unit 230 generates a deletion element list (also referred to as deletion element information) including information regarding the extracted component elements.

  The difference extraction unit 230 may further extract settings that are changed at each stage in the change procedure. And the difference extraction part 230 may produce | generate the deletion element list containing the information regarding the extracted setting.

  FIG. 19 is a diagram showing an example of the change procedure list 811 in the present embodiment.

  FIG. 20 is a diagram showing the target system 925 from which the machine A 903 has been deleted by the change procedure shown in the procedure record 819 whose change procedure identifier is “procedure 4” in the change procedure list 811 shown in FIG.

  FIG. 21 is a diagram showing a system element list 825 generated by the element list generation unit 110 corresponding to the target system 925. As shown in FIG. 21, the system element list 825 has element identifiers whose element identifiers are “configuration N03”, “configuration N04”, “configuration S01”, and “configuration S02” compared to the system element list 824 shown in FIG. 829 has been deleted.

  FIG. 22 is a diagram illustrating an example of the deletion element list 860. As shown in FIG. 22, the deletion element list 860 includes a deletion element record 869 including a change procedure identifier and a deletion element.

The change procedure identifier is, for example, a change procedure identifier corresponding to the change procedure identifier in the change procedure list 811 illustrated in FIG. The deletion element indicates information regarding the configuration to be deleted in the change procedure of the corresponding change procedure identifier. Further, the deletion element indicates information related to the setting to be changed in the change procedure of the corresponding change procedure identifier.
The countermeasure generation unit 120 generates and outputs a countermeasure list based on the system element lists 822 to 825 generated by the element list generation unit 110, the deleted element list 860 and the knowledge list 830 generated by the difference extraction unit 230.

  FIG. 23 is a diagram showing an example of the countermeasure list 843. As illustrated in FIG. 23, the countermeasure list 843 includes a countermeasure record 849 whose change procedure identifier is “procedure 4”. The security measures of the measure record 849 include “the mail server program of machine A cannot be restored”, “the OS of machine A cannot be restored”, and “machine A cannot be restored” corresponding to the deletion element list 860.

  Next, the operation of the present embodiment will be described in detail with reference to the drawings.

  FIG. 24 is a flowchart showing the operation of this embodiment.

  The element list generation unit 110 acquires the change procedure list 811 (step S621).

  Next, the element list generation unit 110 acquires the system element list 820 (step S622).

  Next, the element list generation unit 110 sequentially selects the procedure record 819 of the change procedure list 810, and generates the system element lists 822 to 825 based on the selected procedure record 819 (step S623).

  Specifically, the element list generation unit 110 generates a system element list 822-824 in the same manner as in step S13 shown in FIG.

  Further, the element list generation unit 110 generates the system element list 825 shown in FIG. 21 corresponding to the target system 925 shown in FIG. 20 based on the procedure record 819 whose change procedure identifier is “procedure 4”.

  Next, the difference extraction unit 230 selects the system element list 820 and the system element lists 822 to 824 one by one from the system element list 820 (system element list indicating the system elements in the initial state) illustrated in FIG. Subsequently, the difference extraction unit 230 compares each of the selected system element list 820 and system element lists 822 to 824 with each of the system element lists 822 to 825 at each stage in the next change procedure. Subsequently, the difference extraction unit 230 extracts the deleted element record 829 in each of the system element lists 822 to 825 at each stage in the next change procedure. Subsequently, the difference extraction unit 230 generates a deletion element record 869 based on the extracted element record 829 (step S624).

  Here, “the selected system element list 820 and system element list 822 to 824 and the system element list 822 to 825 at each stage in the next change procedure” means the system element list 820 and the system element list 822 to 825. Are two consecutive, before and after execution of work by one procedure record 819.

  Specifically, first, the difference extraction unit 230 compares the system element list 820 and the system element list 822 and does not detect the deleted element record 829, and therefore does not generate the deleted element record 869. Secondly, the difference extraction unit 230 compares the system element list 822 and the system element list 823 and does not detect the deleted element record 829, and therefore does not generate the deleted element record 869. Thirdly, the difference extraction unit 230 compares the system element list 823 and the system element list 824 and does not detect the deleted element record 829, and therefore does not generate the deleted element record 869. Fourth, the difference extraction unit 230 compares the system element list 824 and the system element list 825, and deletes the element identifiers “configuration N03”, “configuration N04”, “configuration S01”, and “configuration S02”. The element record 829 being detected is detected. Subsequently, based on the detected element record 829, a deletion element record 869 shown in FIG. 22 is generated.

  Next, the countermeasure generation unit 120 acquires the knowledge list 830 (step S625).

  Next, the countermeasure generation unit 120 generates a countermeasure record 849 for each of the system element lists 822 to 825 generated by the element list generation unit 110 based on the knowledge list 830 (step S626). FIG. 25 is a diagram showing an example of the countermeasure list 844 including the countermeasure record 849 generated in step S626. Since this step is equivalent to step S615 shown in FIG.

  Next, the countermeasure generation unit 120 generates a countermeasure record 849 for the deleted element list 860 generated by the difference extraction unit 230 based on the knowledge list 830 (step S627).

  Specifically, the countermeasure record 849 is generated as follows.

  The measure generation unit 120 includes “disconnect machine A from the management network” and “mail server from machine A” indicated by the delete element record 869 whose change procedure identifier is “procedure 4” in the delete element list 860 shown in FIG. "Uninstall OS", "Uninstall OS from machine A" and "Delete machine A from system", "Machine A mail server program cannot be restored", "Machine A OS cannot be restored" and " A countermeasure record 849 including “Machine A cannot be restored” is generated. Next, the countermeasure generation unit 120 merges the generated countermeasure record 849 with the countermeasure record 849 whose change procedure identifier is “procedure 4” in the countermeasure list 844 illustrated in FIG. A countermeasure record 849 (FIG. 23) having a change procedure identifier “procedure 4” in the list 843 is generated.

  Next, the countermeasure generation unit 120 collects the generated countermeasure records 849 and outputs them as a countermeasure list 843 (step S628).

  The first effect of the present embodiment described above maintains the security in the change process even when the deletion of the component is included in the change process of the system configuration in addition to the effect of the first embodiment. Therefore, it is possible to enumerate security measures.

  The reason is that the difference extraction unit 230 generates a deletion element list 860 including information on the component elements deleted in the change procedure, and the countermeasure generation unit 120 includes the system element list 820 and the system configuration lists 822 to 825, the deletion element. This is because the countermeasure list 843 is generated based on the list 860 and the knowledge list 830.

  The second effect of the present embodiment described above is to maintain security in the change process even when a change in the setting is included in the change process of the system configuration so that the specific setting is lost. It is possible to enumerate security measures.

  The reason is that the difference extraction unit 230 generates the deletion element list 860 including information regarding the settings changed in the change procedure.

[Third Embodiment]
Next, a third embodiment of the present invention will be described in detail with reference to the drawings. Hereinafter, the description overlapping with the above description is omitted as long as the description of the present embodiment is not obscured.

  FIG. 26 is a block diagram showing a configuration of a security countermeasure support apparatus 300 according to the third embodiment of the present invention.

  As shown in FIG. 26, the security countermeasure support apparatus 300 in the present embodiment further includes a change procedure input unit 350, as compared to the security countermeasure support apparatus 100 of the first embodiment.

=== Change Procedure Input Unit 350 ===
The change procedure input unit 350 displays a change procedure template that supports input of change procedure information based on a request from the user. Then, the change procedure input unit 350 displays the change procedure template on the output unit 705 shown in FIG. 3 as a display, for example.

  In addition, the change procedure input unit 350 receives, for example, change procedure information input by the user according to the change procedure template via the input unit 704 illustrated in FIG. Subsequently, the change procedure input unit 350 generates a change procedure list 810 based on the input change procedure information, and outputs the change procedure list 810 to the element list generation unit 110.

  FIG. 27 is a block diagram illustrating a configuration of an information processing system 301 including the security countermeasure support apparatus 300 according to the present embodiment.

  As shown in FIG. 27, the information processing system 301 includes a security countermeasure support apparatus 300, a system element DB 102, a knowledge DB 103, and a change procedure template DB 104.

  The system element DB 102 and the knowledge DB 103 are equivalent to the system element DB 102 and the knowledge DB 103 shown in FIG.

  The change procedure template DB 104 stores a change procedure template 850 to be described later. The change procedure template DB 104 may be included as a part of the change procedure input unit 350.

  FIG. 28 is a diagram illustrating an example of the change procedure template 850 stored in the security countermeasure support apparatus 300.

  As shown in FIG. 28, for example, the change procedure template 850 includes a “service addition change procedure template” and a “service migration change procedure template”. These change procedure templates include input records 859 corresponding to the number of change procedures, each of which includes a set of a change procedure identifier, a work type, and an input value. The change procedure identifier and the work type are equivalent to the change procedure identifier and the work type in the change procedure list 810 shown in FIG. The input value is information indicating items to be input to the user.

  FIG. 29 is a diagram illustrating an example of the change procedure template 851 displayed by the change procedure template change procedure input unit 350 with reference to the change procedure template 850 and displayed in the change procedure input unit. The change procedure template 851 is an example of a change procedure template displayed by the change procedure input unit 350 when the request from the user is “a change procedure template for adding a service”.

  Note that the change procedure input unit 350 may acquire the change procedure template 850 from an external device (not shown) via the communication unit 706 shown in FIG. 3 instead of the change procedure template DB 104. Further, the change procedure input unit 350 may acquire the change procedure template 850 recorded on the recording medium 707 illustrated in FIG. 3 via the storage device 703.

<<< Modification of Third Embodiment >>>
The change procedure input unit 350 reuses and displays items for which the same input value is expected.

  For example, when the user requests “change procedure template for service migration”, the change procedure input unit 350 selects and displays the change procedure template from the change procedure template 850. When a resource name is input for “target resource?” In the input record 859 whose change procedure identifier is “procedure 1”, the change procedure input unit 350 changes the resource name to “procedure”. “5” and “procedure 6” are displayed in the place of “resources specified in procedure 1” in the input record 859.

  Further, the change procedure input unit 350 may output the change procedure information including the change procedure template identifier and the input value for each input record 859 to the element list generation unit 110 instead of the change procedure list 810. Good. In this case, the element list generation unit 110 may acquire the corresponding change procedure template based on the identifier of the change procedure template included in the change procedure information. Then, the element list generation unit 110 may generate the system element lists 822 to 824 based on the change procedure template and the input values included in the change procedure information.

  The first effect of the present embodiment described above is that, in addition to the effect of the first embodiment, creation of the change procedure list 810 can be facilitated for the user.

  The reason is that the change procedure input unit 350 displays the change procedure template, accepts the change procedure template entered by the user, generates the change procedure list 810, and outputs it to the element list generation unit 110. It was because it did so.

  The second effect of the present embodiment described above is that it is possible to reduce the effort for the user to input an input value to the change procedure template.

  The reason is that the change procedure input unit 350 reuses and displays items for which the same input value is expected.

  The third effect of the present embodiment described above is that it is possible to reduce resources for storing change procedure information.

  The reason is that the change procedure input unit 350 outputs change procedure information including the identifier of the change procedure template and the input value instead of the change procedure list 810, and the element list generation unit 110 includes the change procedure information. This is because the system element lists 822 to 824 are generated based on this.

  Each component described in each of the above embodiments does not necessarily have to be individually independent. For example, each component may be realized as a module with a plurality of components. In addition, each component may be realized by a plurality of modules. Each component may be configured such that a certain component is a part of another component. Each component may be configured such that a part of a certain component overlaps a part of another component.

  In the embodiments described above, each component and a module that realizes each component may be realized as hardware as necessary. Moreover, each component and the module which implement | achieves each component may be implement | achieved by a computer and a program. Each component and a module that realizes each component may be realized by mixing hardware modules, computers, and programs.

  The program is provided by being recorded in a non-volatile computer-readable recording medium such as a magnetic disk or a semiconductor memory, and is read by the computer when the computer is started up. The read program causes the computer to function as a component in each of the above-described embodiments by controlling the operation of the computer.

  Further, in each of the embodiments described above, a plurality of operations are described in order in the form of a flowchart, but the described order does not limit the order in which the plurality of operations are executed. For this reason, when each embodiment is implemented, the order of the plurality of operations can be changed within a range that does not hinder the contents.

  Furthermore, in each embodiment described above, a plurality of operations are not limited to being executed at different timings. For example, another operation may occur during the execution of a certain operation, or the execution timing of a certain operation and another operation may partially or entirely overlap.

  Furthermore, in each of the embodiments described above, a certain operation is described as a trigger for another operation, but the description does not limit all relationships between the certain operation and the other operations. For this reason, when each embodiment is implemented, the relationship between the plurality of operations can be changed within a range that does not hinder the contents. The specific description of each operation of each component does not limit each operation of each component. For this reason, each specific operation | movement of each component may be changed in the range which does not cause trouble with respect to a functional, performance, and other characteristic in implementing each embodiment.

  As mentioned above, although this invention was demonstrated with reference to each embodiment and an Example, this invention is not limited to the said embodiment and Example. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

100 Security Countermeasure Support Device 101 Information Processing System 102 System Element DB
103 Knowledge DB
104 Change procedure template DB
110 Element List Generation Unit 120 Countermeasure Generation Unit 200 Security Countermeasure Support Device 230 Difference Extraction Unit 300 Security Countermeasure Support Device 301 Information Processing System 350 Change Procedure Input Unit 700 Computer 701 CPU
702 Storage unit 703 Storage device 704 Input unit 705 Output unit 706 Communication unit 707 Recording medium 810 Change procedure list 811 Change procedure list 819 Procedure record 820 System element list 822 System element list 823 System element list 824 System element list 825 System element list 829 Element record 830 Knowledge list 839 Rule record 840 Countermeasure list 841 Countermeasure list 842 Countermeasure list 843 Countermeasure list 844 Countermeasure list 849 Countermeasure record 850 Change procedure template 851 Change procedure template 859 Input record 860 Delete element list 869 Delete element record 901 Internet 902 Management network 903 Machine A
904 OS
905 mail server 913 machine B
915 WWW server 920 Target system 922 Target system 923 Target system 924 Target system 925 Target system 822-824 System element list 822-825 System element list 922-924 Target system

Claims (10)

The change indicated in the change procedure information based on the first system configuration information indicating the system configuration including at least one of system components and settings and the change procedure information change procedure list indicating the change procedure of the system configuration Configuration information generating means for generating second system configuration information indicating the system configuration corresponding to each stage in the procedure;
Measures for generating and outputting countermeasure information indicating security measures corresponding to the second system configuration information based on the second system configuration information and knowledge information indicating security measures related to the components and the settings And an information processing apparatus. Further comprising difference extraction means for generating deleted element information including information on the component deleted in any stage of the change procedure;
The information processing apparatus according to claim 1, wherein the countermeasure generation unit generates the countermeasure information based on the second system configuration information, the knowledge information, and the deletion element information. The information processing apparatus according to claim 2, wherein the difference extraction unit further generates the deletion element information including information relating to a setting to be changed in any stage of the change procedure. The measure generation means generates the measure information from which the security measure corresponding to each step in the change procedure before the change procedure is deleted from the security measure corresponding to each step in the change procedure. The information processing apparatus according to any one of claims 1 to 3. Further, it includes a procedure input means for displaying a change procedure template for supporting the input of the change procedure information based on a request from a user, and receiving the input value from the user and generating the change procedure information. The information processing apparatus according to claim 1, wherein: The information processing apparatus according to claim 5, wherein the procedure input unit re-uses and displays the input value for an item that expects the same input value. The information processing apparatus according to claim 5, wherein the change procedure information is a set of the change procedure template and the input value. Based on the first system configuration information indicating the system configuration including at least one of system components and settings and the change procedure information indicating the change procedure of the system configuration, each of the change procedures indicated in the change procedure information Generating second system configuration information indicating the system configuration corresponding to the stage;
Based on the second system configuration information and knowledge information indicating the security measures related to the configuration elements and the settings, the countermeasure information indicating the security measures corresponding to the second system configuration information is generated and output. Countermeasure support method. Generating deleted element information including information on the component to be deleted in any stage of the change procedure;
The security countermeasure support method according to claim 8, wherein the countermeasure information is generated based on the second system configuration information, the knowledge information, and the deletion element information. Based on first system configuration information indicating a system configuration including at least one of system components and settings, and change procedure information indicating a change procedure of the system configuration, each of the change procedures indicated in the change procedure information Processing to generate second system configuration information indicating the system configuration corresponding to the stage;
Processing for generating and outputting countermeasure information indicating security measures corresponding to the second system configuration information based on the second system configuration information and knowledge information indicating security measures related to the component and the setting A program that causes a computer to execute.

Images