WO2017033253A1 - 管理単位存在判定装置、及び管理単位存在判定プログラム - Google Patents
管理単位存在判定装置、及び管理単位存在判定プログラム Download PDFInfo
- Publication number
- WO2017033253A1 WO2017033253A1 PCT/JP2015/073686 JP2015073686W WO2017033253A1 WO 2017033253 A1 WO2017033253 A1 WO 2017033253A1 JP 2015073686 W JP2015073686 W JP 2015073686W WO 2017033253 A1 WO2017033253 A1 WO 2017033253A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- management unit
- question
- unit
- determination
- answer
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
- G06F16/122—File system administration, e.g. details of archiving or snapshots using management policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Definitions
- the present invention relates to a management unit presence determination device and a management unit presence determination program.
- malware a malicious program that is undesirable for the user.
- a typical malware is a so-called computer virus.
- malwares have been confirmed to actively spread infection through the network. For example, it is a type of malware that is mass-infected at a stretch through e-mail or the like.
- OS operating systems
- a personal firewall as a standard
- the damage caused by such "active attack” type malware is less noticeable than before.
- the “passive attack” type malware using websites has been increasing rapidly recently.
- malware may be installed due to tampering.
- a malicious command may be executed on the web server or information stored in the server may be stolen. Even if the web page of a general company that should be safe can be rewritten, even if you are careful not to get close to the "suspicious website", damage caused by the vulnerability of the web server Incidents are increasing.
- a method of determining whether there is an application that may have a vulnerability in the web server is known.
- a request is transmitted to the web server based on a list of file names and directory names of applications that may be vulnerable.
- it is determined whether there is an application that may have a vulnerability is determined whether there is an application that may have a vulnerability.
- Patent Document 1 a technique is known in which a request is transmitted to a web server to determine whether an application exists based on a received response.
- the web server may send a response indicating that the application exists by reacting to a specific character included in the list of application file names and directory names included in the request.
- a response indicating that the application exists by reacting to a specific character included in the list of application file names and directory names included in the request.
- An object of the present invention is to provide a management unit presence determination device and a management unit presence determination program that can reduce erroneous determination when determining whether or not content exists in a web server.
- One embodiment of the present invention is a question for confirming the existence of a management unit of a file management system, the first question including management unit information indicating the management unit, and a part of the management unit information Including at least one second question including information changed to the determination target device, the determination target device from the determination target device, and the second question Whether the management unit exists by comparing the answer to the first question and the answer to the second question received by the receiver that receives the answer to the question
- a management unit existence determination device including a determination unit for determination.
- the management unit includes one or a plurality of groups, the group includes one or a plurality of elements, and the second unit.
- the question is a question in which the first element of the elements included in a group is changed or the last element of the elements included in the group is changed.
- the second question is the first element of the group of management information indicating the management unit, or the last element of the group. If it is a specific element, it is a question in which the element adjacent to the beginning or end of the group is changed.
- the management unit is included in each of a plurality of hierarchies of the file management system, and the question transmission unit is included in a hierarchy of the hierarchies. Based on the determination result of the determination unit for the management unit, the first question and the second question for the management unit included in another layer other than the certain layer are the determination target Send to device.
- a first question for confirming the existence of a management unit of a file management system in a computer the first question including management unit information indicating the management unit, and the management unit information
- a management unit existence determination program for executing a determination step for determining whether or not to perform.
- FIG. 1 is a schematic diagram illustrating an example of a configuration of a management unit presence determination apparatus in the present embodiment.
- FIG. 2 is a schematic diagram illustrating an example of the configuration of the management unit presence determination apparatus in the present embodiment.
- FIG. 3 is a schematic diagram showing an example of the configuration of the file system in the present embodiment.
- FIG. 4 is a table showing an example of management unit information in the present embodiment.
- FIG. 5 is a table showing an example of determination by the determination unit in the present embodiment.
- FIG. 6 is a flowchart showing an example of the operation of the management unit existence determination apparatus in the present embodiment.
- FIG. 7 is a flowchart illustrating an example of the operation of the management unit existence determination apparatus according to a modification of the present embodiment.
- FIG. 1 is a schematic diagram illustrating an example of the configuration of the management unit presence determination apparatus 10 in the present embodiment.
- the network N is, for example, the Internet or a LAN (Local Area Network).
- the determination target device TG stores a file F, and the file F can be referred to from another device OTH that is another device connected to the network N.
- the file F is, for example, an HTML file, an image file, or the like.
- the determination target device TG is, for example, a server device. Specifically, the determination target device TG is, for example, a file server device, a web server device, or the like.
- the management unit existence determination apparatus 10 transmits a question Q for confirming whether the file F can be referred to the determination target apparatus TG via the network N. In response to the question Q, the determination target device TG transmits an answer R to the management unit existence determination device 10 according to the state of the file F indicated by the question Q.
- the management unit presence determination device 10 is a device that determines whether or not the file F exists in the determination target device TG based on the answer R.
- FIG. 2 is a schematic diagram illustrating an example of the configuration of the management unit presence determination apparatus 10 in the present embodiment.
- the determination target device TG includes a reception unit RV, a transmission unit SD, a communication restriction unit FW, and a storage unit MM.
- the storage unit MM stores a directory D and a file F.
- the directory D and the file F stored in the storage unit MM are managed by a file system FS using a hierarchical structure.
- FIG. 3 is a schematic diagram showing an example of the configuration of the file system FS in the present embodiment.
- the file system FS manages the file F by a hierarchical structure. Specifically, the file system FS manages the file F and the directory D by a hierarchical structure.
- the directory D is a unit for managing the file F.
- the hierarchy L1 which is the highest layer of the file system FS having a hierarchical structure is a directory D1.
- a directory D11, a directory D12, and a directory D13 are stored. That is, the directory D11, the directory D12, and the directory D13 are a hierarchy L2 that is one layer B lower than the hierarchy L1.
- the directory D11 stores a directory D111 and a file F111.
- the directory D12 stores a directory D121 and a file F121.
- the directory D13 stores a directory D131 and a file F131.
- the directory D111, the file F111, the directory D121, the file F121, the directory D131, and the file F131 are the hierarchy L3 that is one layer B lower than the hierarchy L2.
- a file F1111 is stored in the directory D111.
- the directory D131 stores a directory D1311 and a file F1311. That is, the file F1111, the directory D1311, and the file F1311 are a hierarchy L4 that is one lower layer B than the hierarchy L3. That is, the layer U that is one higher than the layer L4 is the layer L3. In addition, the layer U that is one higher than the layer L3 is the layer L2.
- the layer U that is one higher than the layer L2 is the layer L1.
- the directory D and the file F are collectively referred to as a management unit MU.
- the receiving unit RV receives from the other device OTH or the management unit presence determination device 10 a question Q asking whether it is possible to refer to the management unit MU stored in the storage unit MM.
- the question Q includes management unit position information IMA indicating the location of the management unit MU to be referred to.
- the management unit position information IMA is information indicating a position where the management unit MU is stored by listing the names of one or a plurality of management units MU.
- the name of the management unit MU is indicated by one or a plurality of characters. These characters include alphanumeric characters, symbols, special characters, and the like.
- the management unit position information IMA is, for example, a path.
- an example of the management unit position information IMA will be described with reference to FIG.
- the question Q includes management unit position information IMA indicating the location of the file F121.
- the management unit position information IMA is indicated from the upper layer U by dividing each management unit MU by “/”.
- the file F121 is stored in a directory D12 included in the directory D1.
- the management unit position information IMA of the file F121 is indicated by the name of the directory D1 / the name of the directory D12 / the name of the file F121.
- the communication restriction unit FW acquires the question Q received by the reception unit RV.
- the communication restriction unit FW restricts the communication of the determination target device TG according to the content of the question Q received by the reception unit RV.
- security information SI is set in advance in the communication restriction unit FW.
- the security information SI is information indicating whether or not the management unit MU can be referred to.
- reference to the management unit MU included in the security information SI is limited. That is, when the management unit MU included in the question Q is included in the security information SI, the communication restriction unit FW restricts reference to the management unit MU included in the question Q.
- the present invention is not limited to this. Whether to refer to the management unit MU may be set in the management unit MU itself. Specifically, a function for authenticating a user who can refer to the management unit MU may be set in the management unit MU itself.
- the transmission unit SD transmits the response R to the other device OTH or the management unit presence determination device 10 based on the restriction of the communication restriction unit FW.
- the content of this answer R differs depending on the state of the management unit MU and the restriction of the communication restriction unit FW.
- the state of the management unit MU is a state where the management unit MU indicated by the management unit position information IMA included in the question Q does not exist at the location indicated by the management unit position information IMA, or is moved.
- the response R includes a permission response PR, a movement response MR, an authentication response CR, a rejection response RR, and a non-existence response NER will be described.
- the permission answer PR is an answer R when the reference of the management unit MU indicated by the management unit position information IMA included in the question Q is not restricted by the communication restriction unit FW.
- the movement answer MR is an answer R when the management unit MU indicated by the management unit position information IMA included in the question Q is moved from the location indicated by the management unit position information IMA.
- the authentication answer CR is an answer when the user who can refer to the management unit MU indicated by the management unit position information IMA included in the question Q is restricted by the communication restriction unit FW.
- the authentication answer CR is an answer R when a user who can be referred to is set in the management unit MU indicated by the management unit position information IMA included in the question Q.
- the rejection response RR is the response R when the reference to the management unit MU indicated by the management unit location information IMA included in the question Q is restricted by the communication restriction unit FW.
- the nonexistent answer NER is an answer R in the following two cases.
- the nonexistence answer NER is an answer R when the management unit MU indicated by the management unit position information IMA included in the question Q does not exist at the location indicated by the management unit position information IMA.
- the other is the non-existence answer NER, which is an answer R when reference to the management unit MU indicated by the management unit position information IMA included in the question Q is restricted by the communication restriction unit FW.
- the management unit existence determination apparatus 10 includes a control unit 110 and a storage unit 120.
- the storage unit 120 stores management unit information IMU in advance.
- the management unit information IMU is information that defines a determination target file F and a directory D with which the determination target device TG confirms the existence.
- FIG. 4 is a table showing an example of the management unit information IMU in the present embodiment.
- the storage unit 120 stores a plurality of management unit position information IMA that is management unit information IMU.
- the management unit position information IMA which is the management unit information IMU, is assigned an identification number NO for each management unit position information IMA.
- management unit position information IMA1 is associated with identification number NO1.
- management unit position information IMA2 is associated with identification number NO2.
- management unit position information IMA3 is associated with identification number NO3.
- management unit position information IMA4 is associated with identification number NO4.
- management unit position information IMA5 is associated with identification number NO5.
- a case where the management unit position information IMA1 indicates the directory D121 (phpMyAdmin) will be described.
- a case where the management unit position information IMA2 indicates the file F131 (test.cgi) will be described.
- a case where the management unit position information IMA3 indicates a file F1311 (.htaccess) will be described.
- the case where the management unit position information IMA4 indicates directory D11 / directory D111 / file F1111 (admin / cgi-bin / admin.php) will be described.
- a case where the management unit position information IMA5 indicates the directory D11 (admin) will be described.
- the control unit 110 includes a question transmission unit 111, a reception unit 112, and a determination unit 113 as functional units.
- the question transmitter 111 reads the management unit information IMU from the storage unit 120.
- the question transmission unit 111 transmits a question Q for checking whether or not the management unit MU indicated by the management unit position information IMA that is the management unit information IMU can be referred to the determination target device TG.
- the question transmission unit 111 transmits the first question Q1 based on the management unit position information IMA that is the management unit information IMU.
- the question transmission unit 111 further determines the second question Q2 and the third question Q3 according to the answer R from the determination target device TG to the first question Q1 determined by the determination unit 113. Send to TG.
- the answer R from the determination target device TG to the first question Q1 determined by the determination unit 113 will be described later.
- the first question Q1, the second question Q2, and the third question Q3 when the question transmission unit 111 transmits the question Q for the management unit position information IMA1 that is the management unit information IMU will be described. .
- the question transmitter 111 reads the management unit information IMU from the storage unit 120.
- the question transmission unit 111 checks the management unit MU indicated by the management unit position information IMA stored as the management unit information IMU, and checks whether or not the first question Q1 can be referred to the determination target device TG.
- the first question Q1 is a question Q for confirming whether or not the management unit MU indicated by the management unit position information IMA can be referred to without changing the management unit position information IMA.
- the question transmission unit 111 reads the directory D121 (phpMyAdmin) that is the management unit position information IMA1 stored as the management unit information IMU.
- the question transmitting unit 111 transmits the first question Q1 to the determination target device TG in order to confirm whether or not the directory D121 (phpMyAdmin) can be referred to.
- the question transmitter 111 reads the management unit information IMU from the storage unit 120.
- the question transmitting unit 111 checks the management unit MU indicated by the management unit position information IMA stored as the management unit information IMU to check whether or not the second question Q2 can be referred to the determination target device TG.
- the second question Q2 is a question Q for confirming whether or not the management unit MU indicated by the management unit position information IMA can be referred to by changing a part of the management unit position information IMA.
- the part of the management unit position information IMA is the first character of the name of the management unit MU indicated by the management unit position information IMA stored as the management unit information IMU.
- the question transmission unit 111 reads the directory D121 (phpMyAdmin) that is the management unit position information IMA1 stored as the management unit information IMU.
- the question transmission unit 111 transmits a second question Q2 in which a part of the directory D121 (phpMyAdmin) is changed to the determination target device TG.
- the second question Q2 is the question Q obtained by changing the directory D121 (phpMyAdmin) to the directory D121C2 (XhpMyAdmin).
- the question transmission unit 111 transmits the second question Q2 to the determination target device TG in order to confirm whether or not the directory D121C2 (XhpMyAdmin) can be referred to.
- the question transmitter 111 reads the management unit information IMU from the storage unit 120.
- the question transmitting unit 111 checks the management unit MU indicated by the management unit position information IMA stored in the storage unit 120 as the management unit information IMU, and checks the third question Q3 to the determination target device TG. Send.
- the third question Q3 is a question Q in which a part of the management unit position information IMA is changed. Further, a part of the management unit position information IMA is a place different from the place changed in the second question Q2.
- the third question Q3 is a question Q for confirming whether or not the management unit MU indicated by the management unit position information IMA can be referred to by changing a part of the management unit position information IMA.
- the part of the management unit position information IMA is the last character of the name of the management unit MU indicated by the management unit position information IMA stored as the management unit information IMU.
- the question transmission unit 111 reads the directory D121 (phpMyAdmin) that is the management unit position information IMA1 stored as the management unit information IMU.
- the question transmission unit 111 transmits the third question Q3 in which a part of the directory D121 (phpMyAdmin) is changed to the determination target device TG.
- the question transmission unit 111 transmits the third question Q3 to the determination target device TG in order to confirm whether or not the directory D121C3 (phpMyAdmiX) can be referred to the determination target device TG.
- the part changed in the second question Q2 and the third question Q3 is the first or last character of the name of the management unit MU indicated by the management unit position information IMA which is the management unit MU
- the present invention is not limited to this.
- the first or last character of the name of the management unit MU indicated by the management unit position information IMA is a special character
- the character adjacent to the first or last character may be changed.
- Special characters are, for example,. Symbols such as (dot) and _ (underscore).
- the question transmission unit 111 transmits the second question Q2 in the file F1311 (.htaccess) indicated by the management unit position information IMA3
- the second question Q2 sets the file F1311 (.htaccess) to the file F1311C2.
- the question Q is changed to (.Xtacess).
- the case where the first or last character of the name of the management unit MU indicated by the management unit position information IMA in the second question Q2 and the third question Q3 is changed to X has been described.
- the first or last character of the name of the management unit MU indicated by the management unit position information IMA in the second question Q2 and the third question Q3 may be any character other than special characters.
- the first or last character of the name of the management unit MU indicated by the management unit position information IMA in the second question Q2 and the third question Q3 is any character that is not the same as the character before the change. There may be.
- the receiving unit 112 receives the answer R transmitted from the determination target device TG in response to the question Q transmitted from the question transmitting unit 111. Specifically, the receiving unit 112 receives the first answer R1 for the first question Q1 transmitted by the question transmitting unit 111. In addition, the receiving unit 112 receives the second answer R2 for the second question Q2 transmitted by the question transmitting unit 111. The receiving unit 112 receives the third answer R3 for the third question Q3 transmitted by the question transmitting unit 111.
- the response R received by the receiving unit 112 is any one of the permission response PR, the movement response MR, the authentication response CR, the rejection response RR, and the nonexistence response NER transmitted by the determination target device TG.
- the determination unit 113 acquires the answer R received by the reception unit 112. Based on the acquired answer R, the determination unit 113 determines whether there is a possibility that the file F or the directory D exists in the determination target device TG.
- FIG. 5 is a table showing an example of determination by the determination unit 113 in the present embodiment.
- the determination unit 113 determines whether or not the management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the question Q can be referred to based on the answer R received by the reception unit 112.
- the management unit existence determination apparatus 10 makes a first question Q ⁇ b> 1 including the management unit information IMU stored in the storage unit 120 as the management unit information IMU. Will be described.
- the management unit position information IMA that is the management unit information IMU included in the first question Q1 is indicated in the determination target device TG.
- a management unit MU exists.
- the management unit MU indicated by the management unit position information IMA that is the management unit information IMU can be referred to the determination target device TG. That is, it can be said that the management target TG indicated by the management unit position information IMA exists in the determination target device TG.
- the determination target device TG receives the management unit position information that is the management unit information IMU included in the first question Q1.
- the management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the first question Q1 cannot be referred to. That is, it can be said that the management unit MU indicated by the management unit position information IMA does not exist in the determination target device TG.
- the reception unit 112 receives the authentication answer CR for the first question Q1
- the management unit MU indicated by the management unit location information IMA that is the management unit information IMU included in the first question Q1 is It is in a state where it cannot be referred to.
- the determination target device TG may have a management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the first question Q1. That is, it can be said that there is a possibility that the management unit MU indicated by the management unit position information IMA exists in the determination target device TG.
- the management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the first question Q1 is It is in a state where it cannot be referred to.
- the determination target device TG may have a management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the first question Q1. That is, it can be said that there is a possibility that the management unit MU indicated by the management unit position information IMA exists in the determination target device TG.
- the determination target device TG determines that the management unit indicated by the management unit position information IMA stored as the management unit information IMU.
- the MU does not exist and cannot be referenced. That is, it can be said that the management unit MU indicated by the management unit position information IMA does not exist in the determination target device TG.
- the reception unit 112 receives the authentication response CR and the rejection response RR, it can be said that there is a possibility that the management unit MU indicated by the management unit location information IMA exists in the determination target device TG.
- the management unit MU indicated by the management unit location information IMA stored as the management unit information IMU cannot be referred to. That is, in this case, since the existence of the management unit MU cannot be confirmed, it cannot be said that there is a possibility that the management unit MU exists.
- the determination unit 113 instructs the question transmission unit 111 to transmit the second question Q2 and the third question Q3.
- the question transmission unit 111 transmits the second question Q2 and the third question Q3 to the determination target device TG according to the first answer R1.
- the determination unit 113 includes a management unit MU in which the first response R1 is the authentication response CR and the rejection response RR based on the second response R2 and the third response R3 acquired from the reception unit 112. It is determined whether or not.
- the determination unit 113 receives management unit position information IMA that is management unit information IMU included in the question Q. It is determined in more detail whether or not the indicated management unit MU exists.
- the first question Q1, the second question Q2, and the third question in which the question transmission unit 111 confirms whether or not the management unit MU indicated by the management unit position information IMA that is the management unit information IMU exists.
- Q3 is transmitted will be described.
- the receiving unit 112 acquires the first answer R1, the second answer R2, and the third answer R3 will be described.
- the determination unit 113 determines that the management unit MU indicated by the management unit position information IMA does not exist in the determination target device TG.
- the determination unit 113 determines that the management unit MU indicated by the management unit position information IMA does not exist in the determination target device TG under the following two conditions.
- One condition is when the first answer R1 and the second answer R2 match, and when the first answer R1 and the third answer R3 do not match.
- One condition is that the first answer R1 and the third answer R3 match, and the first answer R1 and the second answer R2 do not match.
- the determination unit 113 determines that the management unit MU indicated by the management unit position information IMA that is the management unit information IMU does not exist in the determination target device TG. That is, when the first answer R1 is not the nonexistent answer NER, and the first answer R1 does not match the second answer R2 and the third answer R3, the determination unit 113 determines It is determined that the management unit MU indicated by the management unit position information IMA that is the management unit information IMU exists in the target device TG.
- the reception unit 112 may receive a server failure response BKR, which is the response R when an error has occurred in the determination target device TG.
- FIG. 6 is a flowchart showing an example of the operation of the management unit existence determination apparatus 10 in the present embodiment.
- the question transmission unit 111 transmits the first question Q1 to the determination target device TG (step S100).
- the determination target device TG receives the first question Q1 from the management unit existence determination device 10 (step S110).
- the determination target device TG transmits the first answer R1 to the first question Q1 to the management unit existence determination device 10 (step S120).
- the receiving unit 112 receives the first answer R1 from the determination target device TG (step S130).
- the receiving unit 112 supplies the received first answer R1 to the determination unit 113 (step S140).
- the determination unit 113 determines whether or not the first response R1 acquired from the reception unit 112 is a non-existence response NER (step S150). When the determination unit 113 determines that the first answer R1 is the nonexistent answer NER (step S150; YES), the management unit indicated by the management unit position information IMA included as the management unit information IMU in the first question Q1 It is determined that no MU exists (step S160). If the determination unit 113 determines that the first answer R1 is not the nonexistent answer NER (step S150; NO), the determination unit 113 instructs the question transmission unit 111 to transmit the second question Q2 and the third question Q3. (Step S170).
- the question transmission unit 111 transmits the second question Q2 to the determination target device TG based on the instruction of the determination unit 113 (step S180).
- the determination target device TG receives the second question Q2 from the management unit existence determination device 10 (step S190).
- the determination target device TG transmits the second answer R2 to the second question Q2 to the management unit existence determination device 10 (step S200).
- the receiving unit 112 receives the second answer R2 from the determination target device TG (step S210).
- the receiving unit 112 supplies the received second answer R2 to the determination unit 113 (step S220).
- the question transmission unit 111 transmits the third question Q3 to the determination target device TG based on the instruction of the determination unit 113 (step S230).
- the determination target device TG receives the third question Q3 from the management unit existence determination device 10 (step S240).
- the determination target device TG transmits a third answer R3 to the third question Q3 to the management unit existence determination device 10 (step S250).
- the receiving unit 112 receives the third answer R3 from the determination target device TG (step S260).
- the receiving unit 112 supplies the received third answer R3 to the determination unit 113 (step S270).
- the determining unit 113 determines whether or not the first answer R1 acquired from the receiving unit 112 matches the second question Q2 (step S280). If the determination unit 113 determines that the first answer R1 acquired from the reception unit 112 does not match the second question Q2 (step S280; NO), the determination process proceeds to step S290. Further, when the determination unit 113 determines that the first answer R1 acquired from the reception unit 112 matches the second question Q2 (step S280; YES), the determination unit 113 includes the first question Q1 as management unit information IMU. It is determined that there is no management unit MU indicated by the management unit location information IMA (step S160).
- the determination unit 113 determines whether or not the first response R1 acquired from the reception unit 112 matches the third response R3 (step S290). If the determination unit 113 determines that the first response R1 acquired from the reception unit 112 does not match the third response R3 (step S290; NO), the process proceeds to step S300. If the determination unit 113 determines that the first response R1 acquired from the reception unit 112 matches the third response R3 (step S290; YES), the determination unit 113 sets the first question Q1 as management unit information IMU. It is determined that the management unit MU indicated by the included management unit position information IMA does not exist (step S160). Further, the determination unit 113 determines that there is a management unit MU indicated by the management unit position information IMA included as the management unit information IMU in the first question Q1 (step S300).
- the management unit presence determination apparatus 10 includes the question transmission unit 111, the reception unit 112, and the determination unit 113.
- the question transmission unit 111 transmits a question Q for confirming the existence of the management unit MU managed by the file system FS using the hierarchical structure in the storage unit MM of the determination target device TG to the determination target device TG.
- the question Q includes management unit information IMU.
- the question Q is intended to confirm the existence of the management unit MU indicated by the management unit location information IMA that is the management unit information IMU.
- the question Q includes the first question Q1 and the second question Q2 including information obtained by changing a part of the management unit information IMU included in the first question Q1. , And a third question Q3.
- the question transmitter 111 transmits the first question Q1, the second question Q2, and the third question Q3 to the determination target device TG.
- the receiving unit 112 receives the first answer R1, the second answer R2, and the third answer R3 from the determination target device TG.
- the determination unit 113 is a management unit that is the management unit information IMU in the determination target device TG by comparing the first response R1, the second response R2, and the third response R3 received by the reception unit 112. It is determined whether or not the management unit MU indicated by the position information IMA exists.
- the determination target device TG transmits the authentication response CR and the rejection response RR to the first question Q1 transmitted from the management unit presence determination device 10
- the management unit MU may not exist.
- the management unit MU indicated by the management unit location information IMA which is the information IMU, cannot be guaranteed.
- the determination unit 113 of the present embodiment uses the authentication response CR and the rejection response RR in the first response R1 based on the second response R2 and the third response R3 acquired from the reception unit 112. It is possible to improve the accuracy of determining whether or not there is a management unit MU. That is, the management unit presence determination device 10 of the present embodiment determines whether or not the management unit MU indicated by the management unit location information IMA that is the management unit information IMU included in the first question Q1 exists in the determination target device TG. In making the determination, erroneous determination can be reduced.
- the management unit information IMU indicates a file having vulnerability
- the management unit existence determination apparatus 10 of the present embodiment it is possible to reduce erroneous determination in determining whether or not a file having the vulnerability indicated by the management unit position information IMA exists in the determination target apparatus TG. . That is, according to the management unit presence determination apparatus 10 of the present embodiment, it is possible to reduce erroneous determinations when determining whether or not the determination target apparatus TG has a vulnerability.
- the management unit information IMU includes the name of one or more management units MU.
- the name of the management unit MU includes one or more alphanumeric characters.
- the second answer R2 is a question in which the first alphanumeric character among the alphanumeric characters included in the name of a certain management unit MU is changed.
- the third answer R3 is a question in which the last alphanumeric character included in the name of a certain management unit MU is changed.
- the determination target device TG transmits a uniform answer R to the first question Q1 transmitted from the management unit existence determination device 10.
- the determination target device TG returns a rejection response.
- RR was returned. More specifically, for example, even if the determination target device TG does not include a management unit MU that includes a specific character string “.ht” in the name, the determination target device TG does not accept the rejection response RR. There was a case to return.
- the determination target device TG returns a rejection response RR. There was a case to return. More specifically, for example, even if the determination target device TG does not include a management unit MU that includes a specific character string “.cgi” in the name, the determination target device TG returns the rejection response RR. There was a case to return. In this case, since the determination target device TG returns a rejection response RR, in the conventional technology, even when the management unit MU indicated by the management unit position information IMA that is the management unit information IMU does not exist, the management unit MU exists.
- the determination unit 113 includes the second answer R2 to the second question Q2 in which the first alphanumeric character among the alphanumeric characters included in the name of a certain management unit MU is changed, and the first The answer R1 is compared and determined.
- the determination unit 113 compares the first answer R1 with the third answer R3 for the third question Q3 in which the last alphanumeric character is changed among the alphanumeric characters included in the name of a certain management unit MU. And judge. Thereby, even if the determination part 113 is a case where a specific character string is contained in the question Q, it can improve the precision which determines whether the management unit MU exists in the determination object apparatus TG.
- the management unit presence determination device 10 of the present embodiment determines whether or not the management unit MU indicated by the management unit location information IMA that is the management unit information IMU included in the first question Q1 exists in the determination target device TG. In making the determination, erroneous determination can be reduced.
- the second question Q2 and the third question Q3 are the first alphanumeric character of the name of the management unit MU of the management unit information IMU indicating the management unit MU, or the last alphanumeric character of the name of the management unit MU. If it is a special character, it is a question in which the alphanumeric character adjacent to the beginning or end of the name of the management unit MU is changed. That is, when the character at the beginning or end of the name of the management unit MU indicated by the management unit position information IMA is a special character, the character adjacent to the beginning or end may be changed. Special characters are, for example,. Symbols such as (dot) and _ (underscore).
- the determination unit 113 can improve the accuracy of determining whether or not the management unit MU exists in the determination target device TG even if the question Q includes a special character. That is, the management unit presence determination device 10 of the present embodiment determines whether or not the management unit MU indicated by the management unit location information IMA that is the management unit information IMU included in the first question Q1 exists in the determination target device TG. In making the determination, erroneous determination can be reduced.
- FIG. 7 is a flowchart illustrating an example of the operation of the management unit existence determination apparatus 10 according to a modification of the present embodiment.
- a modification of the present embodiment will be described with reference to FIG.
- the same reference numerals are given to the same configurations or the same operations as those in the first embodiment, and the description thereof is omitted.
- the determination unit 113 determines whether or not the first answer R1, the second answer R2, and the third answer R3 match (step S310).
- step S310 If the determination unit 113 determines that the first response R1, the second response R2, and the third response R3 match (step S310; YES), the determination unit 113 sends the question to the question transmission unit 111 from the first question Q1.
- the question transmission unit 111 raises the first question Q1 to the upper layer U one level higher based on the instruction from the determination unit 113 (step S320). Thereafter, the processing from step S100 to step S320 is repeated.
- the first question Q1 includes the directory D11 / directory D111 / file F111 (admin / cgi-bin / admin.php) as the management unit MU indicated by the management unit position information IMA4 which is the management unit information IMU.
- the first question Q1 includes the directory D11 / directory D111 / file F111 (admin / cgi-bin / admin.php) as the management unit MU indicated by the management unit position information IMA4.
- the second question Q2 includes a directory D11 / directory D111 / file F111C2 (admin / cgi-bin / Xdmin.php) obtained by changing a part of the file F111 of the management unit MU indicated by the management unit position information IMA4. It is.
- the third question Q3 includes a directory D11 / directory D111 / file F111C3 (admin / cgi-bin / admin.phX) obtained by changing a part of the file F111 of the management unit MU indicated by the management unit position information IMA4. It is.
- the determination unit 113 determines whether or not the first answer R1, the second answer R2, and the third answer R3 match (step S310). In this example, when the determination unit 113 determines that the first response R1, the second response R2, and the third response R3 match (step S310; YES), the determination unit 113 sends the first response R1 to the question transmission unit 111.
- the question Q1 of the upper layer U is instructed.
- the question Q of the higher layer U than the first question Q1 includes the directory D11 / directory D111 (admin / cgi-bin), which is the upper layer U of the management unit MU indicated by the management unit position information IMA4.
- the question transmission unit 111 sets the question Q including the directory D11 / directory D111 (admin / cgi-bin), which is the upper layer U of the management unit MU indicated by the management unit position information IMA4, as the first question Q1 (step S1). S320). Thereafter, the processing from step S100 to step S320 is repeated.
- the management unit MU is included in each of the plurality of hierarchies L included in the file system FS.
- the question transmission unit 111 Based on the determination result of the determination unit 113 for the management unit MU included in a certain hierarchy L, the question transmission unit 111 relates to the management unit MU included in another hierarchy L other than the certain hierarchy L.
- the first question Q1, the second question Q2, and the third question Q3 are transmitted to the determination target device TG.
- the determination unit 113 determines that the management unit MU indicated by the management unit position information IMA that is the management unit information IMU included in the question Q does not exist in the determination target device TG, the management included in the plurality of hierarchies L Of the unit MUs, it can be extracted which management unit MU causes the determination unit 113 to determine that it does not exist. As a result, the determination unit 113 extracts which management unit MU among the management units MU included in the plurality of hierarchies L causes the determination not to exist in the determination target device TG.
- the management unit presence determination device 10 of the present embodiment determines whether or not the management unit MU indicated by the management unit location information IMA that is the management unit information IMU included in the first question Q1 exists in the determination target device TG. It is possible to reduce the time and labor of determination.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Library & Information Science (AREA)
- Information Transfer Between Computers (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
これに対して、ここ最近急激に増加しているのが、ウェブサイトを利用した「受動的な攻撃」型のマルウェアである。例えば、ウェブサーバに脆弱性が存在した場合、改ざんによりマルウェアを設置される場合がある。
また、ウェブサーバに脆弱性が存在する場合、ウェブサーバ上で悪意のあるコマンドが実行されたり、サーバに保存された情報が窃取されたりする場合がある。
安全なはずの一般企業のウェブページであっても書き換えられることがあるため、「怪しいウェブサイト」に近付かないように気を付けている場合であってもウェブサーバの脆弱性に起因する被害に遭う事例は増えている。
従来の技術では、ウェブサーバにリクエストを送信することにより、受信したレスポンスに基づいてアプリケーションが存在するか否かを判定する技術が知られている(特許文献1)。
以下、図を参照して管理単位存在判定装置10の実施形態について説明する。初めに、図1を参照して、管理単位存在判定装置10の概要について説明する。
図1は、本実施形態における、管理単位存在判定装置10の構成の一例を示す模式図である。図1に示すとおり、管理単位存在判定装置10と、判定対象装置TGとは、ネットワークNを介して接続される。このネットワークNとは、例えば、インターネットやLAN(Local Area Network)である。
判定対象装置TGには、ファイルFが記憶されており、このファイルFを、ネットワークNに接続される他の装置である他装置OTHから参照することができる。このファイルFとは、例えば、HTMLファイル、画像ファイル等である。また、判定対象装置TGとは、例えば、サーバ装置である。具体的には、判定対象装置TGとは、例えば、ファイルサーバ装置、ウェブサーバ装置等である。
管理単位存在判定装置10は、ネットワークNを介して判定対象装置TGにファイルFの参照が可能であるか確認する質問Qを送信する。この質問Qに対して、判定対象装置TGは、質問Qに示されるファイルFの状態に応じて管理単位存在判定装置10へ回答Rを送信する。管理単位存在判定装置10は、この回答Rに基づいて判定対象装置TGにファイルFが存在するか否かを判定する装置である。
まず、判定対象装置TGについて説明する。判定対象装置TGは、受信部RVと、送信部SDと、通信制限部FWと、記憶部MMとを備える。記憶部MMには、ディレクトリDと、ファイルFとが記憶される。記憶部MMに記憶されるディレクトリDと、ファイルFとは、階層構造を用いたファイルシステムFSによって管理される。
ファイルシステムFSは、ファイルFを階層構造によって管理する。具体的には、ファイルシステムFSは、ファイルFと、ディレクトリDとを階層構造によって管理する。ディレクトリDとは、ファイルFを管理するための単位である。
ここで、ディレクトリDと、ファイルFとを総称して管理単位MUと称する。
具体的には、管理単位位置情報IMAとは、例えば、パスである。以下、図3を参照して管理単位位置情報IMAの一例について説明する。
記憶部120には、管理単位情報IMUが予め記憶される。管理単位情報IMUとは、判定対象装置TGが存在を確認する、判定対象のファイルF、及びディレクトリDを定義した情報である。
また、この一例の場合、管理単位位置情報IMA2が、ファイルF131(test.cgi)を示す場合について説明する。また、この一例の場合、管理単位位置情報IMA3が、ファイルF1311(.htaccess)を示す場合について説明する。
また、この一例の場合、管理単位位置情報IMA4が、ディレクトリD11/ディレクトリD111/ファイルF1111(admin/cgi-bin/admin.php)を示す場合について説明する。また、この一例の場合、管理単位位置情報IMA5が、ディレクトリD11(admin)を示す場合について説明する。
質問送信部111は、記憶部120から管理単位情報IMUを読み出す。質問送信部111は、管理単位情報IMUである管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否か確認する質問Qを判定対象装置TGへ送信する。
具体的には、質問送信部111は、管理単位情報IMUである管理単位位置情報IMAに基づいて、第1の質問Q1を送信する。また、質問送信部111は、判定部113が判定する第1の質問Q1に対する判定対象装置TGからの回答Rに応じて、更に第2の質問Q2と、第3の質問Q3とを判定対象装置TGへ送信する。判定部113が判定する第1の質問Q1に対する判定対象装置TGからの回答Rについては、後述において説明する。
以下、質問送信部111が管理単位情報IMUである管理単位位置情報IMA1について質問Qを送信する場合の、第1の質問Q1と、第2の質問Q2と、第3の質問Q3とについて説明する。
まず、第1の質問Q1について説明する。質問送信部111は、記憶部120から管理単位情報IMUを読み出す。質問送信部111は、管理単位情報IMUとして記憶される管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否かを確認するため、第1の質問Q1を判定対象装置TGへ送信する。この第1の質問Q1とは、管理単位位置情報IMAを変更することなく、管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否かを確認する質問Qである。
例えば、質問送信部111は、管理単位情報IMUとして記憶される管理単位位置情報IMA1であるディレクトリD121(phpMyAdmin)を読み出す。質問送信部111は、ディレクトリD121(phpMyAdmin)の参照が可能であるか否かを確認するため、第1の質問Q1を判定対象装置TGへ送信する。
次に、第2の質問Q2について説明する。質問送信部111は、記憶部120から管理単位情報IMUを読み出す。質問送信部111は、管理単位情報IMUとして記憶される管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否かを確認するため、第2の質問Q2を判定対象装置TGへ送信する。この第2の質問Q2とは、管理単位位置情報IMAの一部を変更し、管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否かを確認する質問Qである。この管理単位位置情報IMAの一部とは、管理単位情報IMUとして記憶される管理単位位置情報IMAによって示される管理単位MUの名称の先頭の文字である。
例えば、質問送信部111は、管理単位情報IMUとして記憶される管理単位位置情報IMA1であるディレクトリD121(phpMyAdmin)を読み出す。質問送信部111は、判定対象装置TGへディレクトリD121(phpMyAdmin)の一部を変更した第2の質問Q2を送信する。ここでは、第2の質問Q2が、ディレクトリD121(phpMyAdmin)をディレクトリD121C2(XhpMyAdmin)に変更した質問Qである場合について説明する。質問送信部111は、ディレクトリD121C2(XhpMyAdmin)の参照が可能であるか否かを確認するため、第2の質問Q2を判定対象装置TGへ送信する。
次に、第3の質問Q3について説明する。質問送信部111は、記憶部120から管理単位情報IMUを読み出す。質問送信部111は、管理単位情報IMUとして記憶部120される管理単位位置情報IMAによって示される管理単位MUの参照が可能であるかを確認するため、第3の質問Q3を判定対象装置TGへ送信する。この第3の質問Q3とは、管理単位位置情報IMAの一部が変更された質問Qである。また、管理単位位置情報IMAの一部とは、第2の質問Q2において変更された箇所とは異なる箇所である。第3の質問Q3とは、管理単位位置情報IMAの一部を変更し管理単位位置情報IMAによって示される管理単位MUの参照が可能であるか否かを確認する質問Qである。この管理単位位置情報IMAの一部とは、管理単位情報IMUとして記憶される管理単位位置情報IMAによって示される管理単位MUの名称の末尾の文字である。
例えば、質問送信部111は、管理単位情報IMUとして記憶される管理単位位置情報IMA1であるディレクトリD121(phpMyAdmin)を読み出す。質問送信部111は、判定対象装置TGへディレクトリD121(phpMyAdmin)の一部が変更された第3の質問Q3を送信する。また、ディレクトリD121(phpMyAdmin)の一部とは、第2の質問Q2において変更された箇所とは異なる箇所である。ここでは、第3の質問Q3が、ディレクトリD121(phpMyAdmin)をディレクトリD121C3(phpMyAdmiX)に変更した質問Qである場合について説明する。質問送信部111は、判定対象装置TGへディレクトリD121C3(phpMyAdmiX)の参照が可能であるか否かを確認するため、第3の質問Q3を判定対象装置TGへ送信する。
例えば、質問送信部111が、管理単位位置情報IMA3によって示されるファイルF1311(.htaccess)において、第2の質問Q2を送信する場合、第2の質問Q2は、ファイルF1311(.htaccess)をファイルF1311C2(.Xtaccess)に変更した質問Qである。
判定部113は、受信部112が受信した回答Rを取得する。判定部113は、取得した回答Rに基づいて、判定対象装置TGにファイルF、又はディレクトリDが存在する可能性があるか否かを判定する。
判定部113は、受信部112が受信した回答Rに基づいて、質問Qに含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUの参照が可能である否かを判定する。
以下、図5を参照し、判定部113の判定について、管理単位存在判定装置10が、管理単位情報IMUとして記憶部120に記憶される管理単位情報IMUが含まれる第1の質問Q1をした場合について説明する。
この第1の質問Q1に対して、受信部112が許可回答PRを受信した場合、判定対象装置TGには、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在する。また、判定対象装置TGには、管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが参照することが可能な状態である。つまり、判定対象装置TGには、管理単位位置情報IMAが示す管理単位MUが存在するといえる。
次に、この第1の質問Q1に対して、受信部112が移動回答MRを受信した場合、判定対象装置TGには、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在しない。すなわち、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUは、参照することができない状態である。つまり、判定対象装置TGには、管理単位位置情報IMAが示す管理単位MUが存在しないといえる。
次に、この第1の質問Q1に対して、受信部112が認証回答CRを受信した場合、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUは、参照することができない状態である。ただし、判定対象装置TGには、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在する可能性がある。つまり、判定対象装置TGには、管理単位位置情報IMAが示す管理単位MUが存在する可能性があるといえる。
次に、この第1の質問Q1に対して、受信部112が不存在回答NERを受信した場合、判定対象装置TGは、管理単位情報IMUとして記憶される管理単位位置情報IMAによって示される管理単位MUが存在せず、また参照することができない状態である。つまり、判定対象装置TGには、管理単位位置情報IMAが示す管理単位MUが存在しないといえる。
これに対し、判定部113は、質問送信部111へ第2の質問Q2と、第3の質問Q3との送信を指示する。つまり、質問送信部111は、第1の回答R1に応じて第2の質問Q2と、第3の質問Q3とを判定対象装置TGへ送信する。
判定部113は、受信部112から取得した第2の回答R2と、第3の回答R3とに基づいて第1の回答R1が認証回答CR、及び拒否回答RRであった管理単位MUが存在するか否かを判定する。
以下、質問送信部111が、管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在するか否かを確認する第1の質問Q1、第2の質問Q2、及び第3の質問Q3を送信する場合について説明する。また、受信部112が第1の回答R1、第2の回答R2、及び第3の回答R3を取得した場合について説明する。
判定部113は、第1の回答R1が不存在回答NERである場合、判定対象装置TGに管理単位位置情報IMAによって示される管理単位MUが存在しない判定をする。
また、第1の回答R1が不存在回答NERではない場合、判定部113は、以下2つの条件において判定対象装置TGに管理単位位置情報IMAによって示される管理単位MUが存在しない判定をする。1つの条件は、第1の回答R1と、第2の回答R2とが一致する場合であって、かつ第1の回答R1と、第3の回答R3とが一致しない場合である。また、1つの条件は、第1の回答R1と、第3の回答R3とが一致する場合であって、かつ第1の回答R1と、第2の回答R2とが一致しない場合である。
上記2つの条件の場合、判定部113は、判定対象装置TGに管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在しない判定をする。
つまり、第1の回答R1が不存在回答NERでない場合であって、かつ第1の回答R1が、第2の回答R2と、第3の回答R3とは一致しない場合、判定部113は、判定対象装置TGに管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在する判定をする。
質問送信部111は、判定対象装置TGへ第1の質問Q1を送信する(ステップS100)。判定対象装置TGは、管理単位存在判定装置10から第1の質問Q1を受信する(ステップS110)。判定対象装置TGは、第1の質問Q1に対する第1の回答R1を管理単位存在判定装置10へ送信する(ステップS120)。受信部112は、判定対象装置TGから第1の回答R1を受信する(ステップS130)。受信部112は、受信した第1の回答R1を判定部113へ供給する(ステップS140)。判定部113は、受信部112から取得した第1の回答R1が不存在回答NERであるか否かを判定する(ステップS150)。判定部113は、第1の回答R1が不存在回答NERであると判定する場合(ステップS150;YES)、第1の質問Q1に管理単位情報IMUとして含まれる管理単位位置情報IMAが示す管理単位MUが存在しない判定をする(ステップS160)。判定部113は、第1の回答R1が不存在回答NERではないと判定する場合(ステップS150;NO)、質問送信部111へ第2の質問Q2と、第3の質問Q3との送信を指示する(ステップS170)。
これに対し、本実施形態の判定部113は、受信部112から取得した第2の回答R2と、第3の回答R3とに基づいて第1の回答R1において認証回答CR、及び拒否回答RRであった管理単位MUが存在するか否かを判定する精度を向上することができる。すなわち、本実施形態の管理単位存在判定装置10は、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが判定対象装置TGに存在するか否かを判定するに当たって、誤判定を低減することができる。
また、同様に、管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUの名称の末尾に「.cgi」という特定の文字列が含まれる場合、判定対象装置TGは、拒否回答RRを返す場合があった。より具体的には、例えば、判定対象装置TGには、名称に「.cgi」という特定の文字列が含まれる管理単位MUが存在しない場合であっても、判定対象装置TGは、拒否回答RRを返す場合があった。
この場合、判定対象装置TGが拒否回答RRを返すことから、従来の技術では、管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが存在しない場合であっても管理単位MUが存在する判定をする。つまり、従来の技術では、質問Qに含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが、判定対象装置TGに存在するという誤判定をする場合があった。
これにより、判定部113は、質問Qに特定の文字列が含まれる場合であっても、判定対象装置TGに管理単位MUが存在するか否かを判定する精度を向上することができる。すなわち、本実施形態の管理単位存在判定装置10は、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが判定対象装置TGに存在するか否かを判定するに当たって、誤判定を低減することができる。
例えば、質問送信部111が、管理単位位置情報IMA3によって示されるディレクトリD121(.htaccess)において、第2の質問Q2を送信する場合、第2の質問Q2は、(.Xtaccess)である。
これにより、判定部113は、質問Qに特殊文字が含まれる場合であっても、判定対象装置TGに管理単位MUが存在するか否かを判定する精度を向上することができる。すなわち、本実施形態の管理単位存在判定装置10は、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが判定対象装置TGに存在するか否かを判定するに当たって、誤判定を低減することができる。
次に、第1の実施形態の変形例について説明する。図7は、本実施形態における変形例の、管理単位存在判定装置10の動作の一例を示す流れ図である。以下、図7を参照して本実施形態における変形例について説明する。なお、以下の説明において、第1の実施形態と同一の構成または同一の動作については同一の符号を付して、その説明を省略する。
図7に示す通り、判定部113は、第1の回答R1と、第2の回答R2と、第3の回答R3とが一致するか否かを判定する(ステップS310)。判定部113は、第1の回答R1と、第2の回答R2と、第3の回答R3とが一致すると判定した場合(ステップS310;YES)、質問送信部111へ、第1の質問Q1より上位層Uの質問Qである第1の質問Q1を判定対象装置TGへ送信する指示をする。質問送信部111は、判定部113からの指示に基づいて第1の質問Q1を1つ上の上位層Uへ上げる(ステップS320)。以降は、ステップS100からステップS320までの処理を繰り返す。
これにより、判定部113は、複数の階層Lに含まれる管理単位MUのうち、いずれの管理単位MUが原因となって判定対象装置TGに存在しない判定となるかを抽出する。すなわち、本実施形態の管理単位存在判定装置10は、第1の質問Q1に含まれる管理単位情報IMUである管理単位位置情報IMAが示す管理単位MUが判定対象装置TGに存在するか否かを判定する手間を低減することができる。
Claims (5)
- ファイル管理システムの管理単位の存在を確認する質問であって、前記管理単位を示す管理単位情報が含まれる第1の質問と、前記管理単位情報のうちの一部が変更された情報が含まれる、少なくとも1つの第2の質問とを、判定対象の装置に送信する質問送信部と、
前記判定対象の装置から、前記第1の質問の回答と、前記第2の質問の回答とを受信する受信部と、
前記受信部が受信した前記第1の質問の回答と、前記第2の質問の回答とを比較することにより前記管理単位が存在するか否かを判定する判定部と
を備えることを特徴とする管理単位存在判定装置。 - 前記管理単位には、
1つまたは複数の群が含まれ、
前記群には、
1つまたは複数の要素が含まれ、
前記第2の質問とは、
ある群に含まれる前記要素のうちの先頭の前記要素が変更され、または当該群に含まれる前記要素のうちの末尾の前記要素が変更された質問である
ことを特徴とする請求項1に記載の管理単位存在判定装置。 - 前記第2の質問とは、
前記管理単位を示す前記管理情報の群の先頭の前記要素、または前記群の末尾の前記要素が、特定の要素である場合には、群の先頭、または末尾に隣接する要素が変更された質問である
ことを特徴とする請求項2に記載の管理単位存在判定装置。 - 前記管理単位は、
前記ファイル管理システムが有する複数の階層にそれぞれ含まれ、
前記質問送信部は、
前記階層のうち、ある階層に含まれる前記管理単位についてした前記判定部の判定結果に基づいて、前記ある階層以外の他の階層に含まれる前記管理単位についての前記第1の質問、及び前記第2の質問を、前記判定対象の装置に送信する
ことを特徴とする請求項2または請求項3に記載の管理単位存在判定装置。 - コンピュータに、
ファイル管理システムの管理単位の存在を確認する質問であって、前記管理単位を示す管理単位情報が含まれる第1の質問と、前記管理単位情報のうちの一部が変更された情報が含まれる、少なくとも1つの第2の質問とを、判定対象の装置に送信する質問送信ステップと、
前記判定対象の装置から、前記第1の質問の回答と、前記第2の質問の回答とを受信する受信ステップと、
前記受信ステップが受信した前記第1の質問の回答と、前記第2の質問の回答とを比較することにより前記管理単位が存在するか否かを判定する判定ステップと
を実行させるための管理単位存在判定プログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201580082515.3A CN108027781A (zh) | 2015-08-24 | 2015-08-24 | 管理单位存在判定装置和管理单位存在判定程序 |
JP2016504402A JP5995392B1 (ja) | 2015-08-24 | 2015-08-24 | 管理単位存在判定装置、及び管理単位存在判定プログラム |
KR1020177006727A KR101923329B1 (ko) | 2015-08-24 | 2015-08-24 | 관리 단위 존재 판정 장치, 및 관리 단위 존재 판정 프로그램 |
PCT/JP2015/073686 WO2017033253A1 (ja) | 2015-08-24 | 2015-08-24 | 管理単位存在判定装置、及び管理単位存在判定プログラム |
US15/457,078 US10909076B2 (en) | 2015-08-24 | 2017-03-13 | Management unit existence determination system and management unit existence determination program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2015/073686 WO2017033253A1 (ja) | 2015-08-24 | 2015-08-24 | 管理単位存在判定装置、及び管理単位存在判定プログラム |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/457,078 Continuation-In-Part US10909076B2 (en) | 2015-08-24 | 2017-03-13 | Management unit existence determination system and management unit existence determination program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017033253A1 true WO2017033253A1 (ja) | 2017-03-02 |
Family
ID=56960862
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2015/073686 WO2017033253A1 (ja) | 2015-08-24 | 2015-08-24 | 管理単位存在判定装置、及び管理単位存在判定プログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US10909076B2 (ja) |
JP (1) | JP5995392B1 (ja) |
KR (1) | KR101923329B1 (ja) |
CN (1) | CN108027781A (ja) |
WO (1) | WO2017033253A1 (ja) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111506715B (zh) * | 2020-04-13 | 2021-02-12 | 深圳追一科技有限公司 | 查询方法、装置、电子设备及存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007272695A (ja) * | 2006-03-31 | 2007-10-18 | Fujitsu Ltd | ブラウザ処理プログラムおよびブラウザ処理装置 |
JP2011221892A (ja) * | 2010-04-13 | 2011-11-04 | Seiko Epson Corp | 情報処理システム、情報処理装置、情報処理方法及び情報処理プログラム |
US20130174263A1 (en) * | 2010-07-01 | 2013-07-04 | Mariano Nunez Di Croce | Automated security assessment of business-critical systems and applications |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4608290B2 (ja) * | 2004-11-17 | 2011-01-12 | セイコーエプソン株式会社 | 情報収集システム、情報収集装置、端末装置管理プログラム、情報収集管理プログラム、情報収集管理方法、端末装置管理方法 |
US8443358B1 (en) * | 2006-02-10 | 2013-05-14 | Citrix Systems, Inc. | Hot pluggable virtual machine |
JP4749266B2 (ja) * | 2006-07-27 | 2011-08-17 | 株式会社日立製作所 | 情報資源の重複を省いたバックアップ制御装置及び方法 |
US8751523B2 (en) * | 2009-06-05 | 2014-06-10 | Apple Inc. | Snapshot based search |
WO2011148511A1 (ja) * | 2010-05-28 | 2011-12-01 | 富士通株式会社 | 情報生成プログラム/装置/方法、情報検索プログラム/装置/方法 |
US9646108B2 (en) * | 2011-05-10 | 2017-05-09 | Uber Technologies, Inc. | Systems and methods for performing geo-search and retrieval of electronic documents using a big index |
US9245123B1 (en) * | 2014-05-07 | 2016-01-26 | Symantec Corporation | Systems and methods for identifying malicious files |
US9690933B1 (en) * | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
-
2015
- 2015-08-24 WO PCT/JP2015/073686 patent/WO2017033253A1/ja active Application Filing
- 2015-08-24 JP JP2016504402A patent/JP5995392B1/ja active Active
- 2015-08-24 KR KR1020177006727A patent/KR101923329B1/ko active IP Right Grant
- 2015-08-24 CN CN201580082515.3A patent/CN108027781A/zh active Pending
-
2017
- 2017-03-13 US US15/457,078 patent/US10909076B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007272695A (ja) * | 2006-03-31 | 2007-10-18 | Fujitsu Ltd | ブラウザ処理プログラムおよびブラウザ処理装置 |
JP2011221892A (ja) * | 2010-04-13 | 2011-11-04 | Seiko Epson Corp | 情報処理システム、情報処理装置、情報処理方法及び情報処理プログラム |
US20130174263A1 (en) * | 2010-07-01 | 2013-07-04 | Mariano Nunez Di Croce | Automated security assessment of business-critical systems and applications |
Also Published As
Publication number | Publication date |
---|---|
KR20170043567A (ko) | 2017-04-21 |
US10909076B2 (en) | 2021-02-02 |
KR101923329B1 (ko) | 2019-02-27 |
JP5995392B1 (ja) | 2016-09-21 |
CN108027781A (zh) | 2018-05-11 |
US20170185618A1 (en) | 2017-06-29 |
JPWO2017033253A1 (ja) | 2017-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4405248B2 (ja) | 通信中継装置、通信中継方法及びプログラム | |
US10754826B2 (en) | Techniques for securely sharing files from a cloud storage | |
US7142848B2 (en) | Method and system for automatically configuring access control | |
US9348980B2 (en) | Methods, systems and application programmable interface for verifying the security level of universal resource identifiers embedded within a mobile application | |
JP2006262019A (ja) | ネットワーク検疫プログラム、該プログラムを記録した記録媒体、ネットワーク検疫方法、およびネットワーク検疫装置 | |
CN102110200A (zh) | 计算机可执行的认证方法 | |
CN107733853B (zh) | 页面访问方法、装置、计算机和介质 | |
US11863987B2 (en) | Method for providing an elastic content filtering security service in a mesh network | |
US11574046B2 (en) | Protecting a software program against tampering | |
JP5661290B2 (ja) | 情報処理装置及び方法 | |
KR101586048B1 (ko) | 불법 어플리케이션 차단 시스템 및 서버, 이를 위한 통신 단말기 및 불법 어플리케이션 차단 방법과 기록매체 | |
KR101834808B1 (ko) | 파일 암호화 방지 장치 및 방법 | |
US20200076793A1 (en) | Management device, management system, and non-transitory computer readable medium | |
JP5995392B1 (ja) | 管理単位存在判定装置、及び管理単位存在判定プログラム | |
CA2498317C (en) | Method and system for automatically configuring access control | |
KR101436404B1 (ko) | 사용자 인증 장치 및 방법 | |
JP2018142078A (ja) | 情報処理システム及び情報処理方法 | |
WO2017021724A1 (en) | Secure configuration data storage | |
EP3903468B1 (en) | Credential loss prevention | |
US20200329056A1 (en) | Trusted advisor for improved security | |
KR101915718B1 (ko) | Ps-lte 단말장치 및 ps-lte 통신망의 보안 방법 및 그 시스템 | |
JP2013092998A (ja) | アクセス判定装置およびアクセス判定方法およびプログラム | |
US20210344681A1 (en) | System and Method for Authentication | |
Haber et al. | Privilege escalation | |
JP5359292B2 (ja) | アクセス制御システム、アクセス制御装置、アクセス制御方法及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2016504402 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20177006727 Country of ref document: KR Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15902224 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15902224 Country of ref document: EP Kind code of ref document: A1 |