WO2017221299A1 - Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program - Google Patents

Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program Download PDF

Info

Publication number
WO2017221299A1
WO2017221299A1 PCT/JP2016/068266 JP2016068266W WO2017221299A1 WO 2017221299 A1 WO2017221299 A1 WO 2017221299A1 JP 2016068266 W JP2016068266 W JP 2016068266W WO 2017221299 A1 WO2017221299 A1 WO 2017221299A1
Authority
WO
WIPO (PCT)
Prior art keywords
threat
combination
security
conditions
unsatisfied
Prior art date
Application number
PCT/JP2016/068266
Other languages
French (fr)
Japanese (ja)
Inventor
弘毅 西川
河内 清人
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to JP2018506453A priority Critical patent/JP6324646B1/en
Priority to PCT/JP2016/068266 priority patent/WO2017221299A1/en
Publication of WO2017221299A1 publication Critical patent/WO2017221299A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present invention relates to a security measure determining device, a security measure determining method, and a security measure determining program.
  • Patent Document 1 discloses a technology that collects system and asset configuration information, calculates a risk evaluation index using a logical expression that represents a threat generation condition, and implements countermeasures against vulnerable locations. Yes.
  • Patent Document 2 discloses a technique for finding a vulnerable part by deriving an attack tree for a system and presenting a risk mitigation measure.
  • Patent Document 3 discloses a technique for selecting a measure with a high risk reduction rate and selecting a measure with a low cost when the reduction rate is the same.
  • the present invention aims to reduce potential risks in the system.
  • a security measure determining apparatus includes: A combination of one or more conditions in which a threat affecting the system is generated, and threat information indicating whether the conditions included in the combination are satisfied or unsatisfied in the system are generated and generated.
  • a risk analysis unit that stores threat information in memory; Whether the threat is a threat to be dealt with by accessing the memory, referring to the threat information generated by the risk analysis unit, and according to the number of unsatisfied conditions included in the combination
  • Security measures that can change at least one satisfied condition included in the combination to an unsatisfied condition if the threat is determined to be a threat to be addressed.
  • a measure selection section to select.
  • whether or not the threat is a threat to be dealt with is determined based on how many unsatisfied conditions are present in a combination of one or more conditions that cause a threat that affects the system. If it is determined that the threat should be dealt with, a security measure that can change at least one satisfied condition to an unsatisfied condition is selected as the security countermeasure to be implemented. Is done. For this reason, the potential risk in the system can be reduced.
  • FIG. 2 is a block diagram showing a configuration of a security measure determination device according to the first embodiment.
  • 5 is a flowchart showing the operation of the security measure determining apparatus according to the first embodiment.
  • 6 is a flowchart showing an operation example of a countermeasure selection unit of the security countermeasure determining apparatus according to the first embodiment.
  • FIG. 4 is a block diagram illustrating a configuration of a security measure determining apparatus according to a second embodiment.
  • Embodiment 1 FIG. This embodiment will be described with reference to FIGS.
  • the security measure determining apparatus 100 is a computer.
  • the security measure determining apparatus 100 includes a processor 101 and other hardware such as a memory 102, an auxiliary storage device 103, an input interface 104, and a screen output interface 105.
  • the processor 101 is connected to other hardware via a signal line, and controls these other hardware.
  • the security measure determining apparatus 100 includes a configuration extracting unit 120, an information extracting unit 130, a risk analyzing unit 140, a measure selecting unit 150, and a measure applying unit 160 as functional elements.
  • Functions of “units” such as the configuration extraction unit 120, the information extraction unit 130, the risk analysis unit 140, the countermeasure selection unit 150, and the countermeasure application unit 160 are realized by software.
  • the processor 101 is an IC that performs processing.
  • IC is an abbreviation for Integrated Circuit.
  • the processor 101 is a CPU.
  • CPU is an abbreviation for Central Processing Unit.
  • the threat information 111 is stored in the memory 102.
  • the threat information 111 is information indicating a combination of one or more conditions in which a threat that affects the system 200 occurs and whether the conditions included in the combination are satisfied or not satisfied in the system 200. is there. Although the number of threats considered may be one, in the present embodiment, there are a plurality of threats. In other words, in the present embodiment, the threat information 111 includes, for a plurality of threats affecting the system 200, a combination of one or more conditions for generating each threat, and conditions included in each threat combination. This is information indicating whether the system 200 is satisfied or not satisfied.
  • the memory 102 is a flash memory or a RAM. “RAM” is an abbreviation for Random Access Memory.
  • a countermeasure database 112 is stored in the auxiliary storage device 103.
  • the countermeasure database 112 is a database that stores a set of cost and implementation contents for each security countermeasure that can be implemented for the system 200.
  • the countermeasure database 112 is appropriately expanded in the memory 102 and is referred to or operated by the processor 101.
  • the auxiliary storage device 103 further stores a program for realizing the function of “unit”. This program is loaded into the memory 102 and executed by the processor 101.
  • the auxiliary storage device 103 also stores an OS. “OS” is an abbreviation for Operating System.
  • the processor 101 executes a program for realizing the function of “unit” while executing the OS. A part or all of the program for realizing the function of “unit” may be incorporated in the OS.
  • the auxiliary storage device 103 is a flash memory or an HDD. “HDD” is an abbreviation for Hard Disk Drive.
  • the input interface 104 is a port to which an input device (not shown) is connected. Specifically, the input interface 104 is a USB terminal. “USB” is an abbreviation for Universal Serial Bus. Specifically, the input device is a mouse, a keyboard, or a touch panel.
  • the screen output interface 105 is a port to which a display (not shown) is connected. Specifically, the screen output interface 105 is a USB terminal. Specifically, the display is an LCD. “LCD” is an abbreviation for Liquid Crystal Display.
  • the security measure determining apparatus 100 may include a communication device as hardware.
  • the communication device includes a receiver that receives data and a transmitter that transmits data.
  • the communication device is a communication chip or a NIC.
  • NIC is an abbreviation for Network Interface Card.
  • the security measure determining apparatus 100 may include a plurality of processors that replace the processor 101.
  • the plurality of processors share the execution of a program that realizes the function of “unit”.
  • Each processor is an IC that performs processing in the same manner as the processor 101.
  • Information, data, signal values, and variable values indicating the processing results of “unit” are stored in the memory 102, the auxiliary storage device 103, or a register or cache memory in the processor 101.
  • the program for realizing the function of “unit” may be stored in a portable recording medium such as a magnetic disk or an optical disk.
  • the operation of the security measure determining apparatus 100 corresponds to the security measure determining method according to the present embodiment.
  • the operation of the security countermeasure determining apparatus 100 corresponds to the processing procedure of the security countermeasure determining program according to the present embodiment.
  • step S11 the configuration extraction unit 120 investigates the management target system 200, and extracts system configuration information indicating the configuration of the system 200.
  • the system configuration information includes information such as the network configuration and the OS version.
  • the system configuration information is defined and acquired in the same manner as the “diagnostic item” described in Patent Document 4.
  • the configuration extraction unit 120 inputs the extracted system configuration information to the risk analysis unit 140.
  • step S12 the information extraction unit 130 investigates the system 200 to be managed, and extracts asset information indicating the arrangement of information with asset value held by the system 200.
  • the asset information is information indicating the arrangement of information having asset value such as confidential information and customer information in the system 200 to be managed.
  • asset information is defined and acquired in the same manner as “placement information” described in Patent Document 1.
  • the information extraction unit 130 inputs the extracted asset information to the risk analysis unit 140.
  • step S13 a set of the contents and cost of the security countermeasure is input to the countermeasure database 112. This input may be automatically performed by importing data, but is manually performed in the present embodiment.
  • step S14 and step S15 the risk analysis unit 140 generates the threat information 111 and stores the generated threat information 111 in the memory 102.
  • the risk analysis unit 140 extracts an attack tree of the management target system 200 using the system configuration information and asset information input from the configuration extraction unit 120 and the information extraction unit 130.
  • the attack tree is a kind of risk analysis technique.
  • the attack tree is defined and acquired in the same manner as that described in Patent Document 2.
  • step S15 the risk analysis unit 140 obtains a logical expression of the threat occurrence condition based on the attack tree. This logical expression is expressed in an additive standard form and stored in the memory 102 as threat information 111. A specific example of the logical expression of the threat generation condition will be described later.
  • the countermeasure selection unit 150 accesses the memory 102 and refers to the threat information 111 generated by the risk analysis unit 140.
  • the threat information 111 is a combination of one or more conditions in which a threat that affects the system 200 occurs, and the conditions included in the combination are satisfied or not satisfied in the system 200. It is the information which shows.
  • the measure selection unit 150 determines whether the threat is a threat to be dealt with according to the number of unsatisfied conditions included in the combination. When it is determined that the threat should be dealt with, the countermeasure selection unit 150 performs security countermeasures that can implement a security countermeasure that can change at least one satisfied condition included in the combination to an unsatisfied condition. Select measures.
  • the threat information 111 includes, for a plurality of threats affecting the system 200, a combination of one or more conditions in which each threat occurs and a condition included in each threat combination. It is the information which shows whether it is satisfied in (2). Therefore, the countermeasure selection unit 150 individually determines whether each threat is a threat to be dealt with according to the number of unsatisfied conditions included in each combination of threats. That is, the countermeasure selection unit 150 identifies a threat to be addressed from a plurality of threats according to the number of unsatisfied conditions included in each threat combination. Then, the measure selection unit 150 selects a security measure that can change at least one satisfied condition included in the identified combination of threats to an unsatisfied condition as a security measure to be implemented.
  • step S ⁇ b> 16 the measure selection unit 150 performs analysis based on the logical expression of the threat generation condition obtained by the risk analysis unit 140 and determines whether security measures are necessary. If a security measure is necessary, in step S17, the measure selection unit 150 refers to the measure database 112, determines which security measure can be implemented while considering the cost, and actually implements the security measure. To the countermeasure application unit 160.
  • step S18 the countermeasure application unit 160 receives an instruction from the countermeasure selection unit 150, calls the actually implemented security countermeasure from the countermeasure database 112, and implements the security countermeasure on the management target system 200.
  • the security measure there is a measure to change the setting of the security device included in the system 200 to be managed.
  • security measures are defined and implemented in the same manner as described in Patent Document 1.
  • step S16 and step S17 With reference to FIG. 3, the operation example of the measure selection unit 150 in step S16 and step S17 will be described.
  • Expression 1 is a logical expression of threat generation conditions in the system 200 to be evaluated.
  • j 1, 2, ⁇ ⁇ ⁇ , when the m i, pij denotes one one of the conditions for threat ri occurs, the number of conditions for m i is the threat ri occurs Show.
  • the condition there is a condition of being connected to a network.
  • “ ⁇ ” represents a logical sum
  • represents a logical product.
  • step S21 the countermeasure selection unit 150 checks the value of Expression 1, which is a logical expression of the threat occurrence condition.
  • Expression 1 is a logical expression of the threat occurrence condition.
  • step S22 the measure selection unit 150 evaluates which item is “1” and identifies the corresponding item.
  • step S23 the measure selection unit 150 calculates f (ri) for all ri, and if there is a value whose calculated value is smaller than the threshold th, executes step S24.
  • the threshold th is set to an arbitrary value larger than “0”. If there are a plurality of corresponding ri in step S22, step S24 is executed for all corresponding ri.
  • step S24 the countermeasure selecting unit 150 selects a security countermeasure for dealing with the threat ri identified in step S22 or step S23, and notifies the countermeasure applying section 160 of it.
  • the selected security measure is a procedure such that “1” is changed to “0”.
  • “blocking the network” is selected as a security measure.
  • the security measures to be implemented are to deal with other threats rk by implementing that one security measure, and to implement that one security measure. It is desirable that the cost of A plurality of security measures may be selected.
  • step S23 The selection of security measures for dealing with the threat ri identified in step S23 will be described in detail.
  • the countermeasure selection unit 150 extracts all pij whose values are “1” in ri specified in step S23.
  • Equation 3 a condition that requires security measures can be extracted for the threat ra.
  • the countermeasure selection unit 150 selects a security countermeasure that can set one or more elements e of the set E to “0” from the countermeasure database 112.
  • the security measures to be selected are selected from two viewpoints.
  • the first viewpoint is whether or not the number of elements e that can be set to “0” by implementing one security measure is large. This is because it is a good countermeasure that can eliminate a plurality of attack conditions with one security countermeasure.
  • the second viewpoint is the cost required when taking security measures.
  • the measure selection unit 150 calculates a cost necessary for implementing the security measure and preferentially selects a security measure with a low cost.
  • the cost may be time or money, and the time may be converted into money and evaluated on a common scale.
  • the countermeasure database 112 is a database that stores a set of cost and implementation contents for each security countermeasure that can be implemented for the system 200. Therefore, it is possible to select security measures from the viewpoint of cost.
  • whether or not a threat is a threat to be dealt with is determined based on how many unsatisfied conditions exist in a combination of one or more conditions that cause a threat that affects the system 200. Is done. If it is determined that the threat should be dealt with, a security measure that can change at least one satisfied condition to an unsatisfied condition is selected as the security countermeasure to be implemented. Is done. Thus, potential risks in the system 200 can be reduced.
  • the countermeasure selection unit 150 compares the number of unsatisfied conditions included in the combination of the conditions pij in which each threat ri occurs with a threshold th greater than “0”, and the threshold th A threat ri that includes a small number of unsatisfied conditions in the combination is identified as a threat to be dealt with. Therefore, even when the risk of threats is not obvious, it is possible to detect and deal with potential risks.
  • the countermeasure selection unit 150 gives priority to a security countermeasure that can change two or more satisfied conditions included in a combination of conditions in which the identified threat occurs to two or more unsatisfied conditions. Select security measures to be implemented. Desirably, the countermeasure selection unit 150 should prioritize security countermeasures that can change the satisfied conditions included in the combination of the conditions for generating the identified threats to more unsatisfied conditions. Select security measures. Thereby, an increase in the number of security measures to be implemented can be suppressed.
  • the countermeasure selection unit 150 selects a security countermeasure to be implemented with priority given to a security countermeasure implemented at a lower cost. Thereby, the increase in the cost concerning implementation of a security measure can be suppressed.
  • the function of “unit” is realized by software.
  • the function of “unit” may be realized by a combination of software and hardware. That is, a part of the function of “unit” may be realized by a dedicated electronic circuit, and the rest may be realized by software.
  • the dedicated electronic circuit is a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA, an FPGA, or an ASIC.
  • GA is an abbreviation for Gate Array.
  • FPGA is an abbreviation for Field-Programmable Gate Array.
  • ASIC is an abbreviation for Application Specific Integrated Circuit.
  • the processor 101, the memory 102, and the dedicated electronic circuit are collectively referred to as a “processing circuit”. That is, regardless of whether the function of “part” is realized by software or a combination of software and hardware, the function of “part” is realized by a processing circuit.
  • Part may be read as “Process”, “Procedure”, or “Process”.
  • Embodiment 2 FIG. The difference between the present embodiment and the first embodiment will be mainly described with reference to FIG.
  • the security measure determining apparatus 100 includes a configuration extracting unit 120, an information extracting unit 130, a risk analyzing unit 140, a measure selecting unit 150, a measure applying unit 160, and an impact reflecting unit 170 as functional elements.
  • Functions of “units” such as the configuration extraction unit 120, the information extraction unit 130, the risk analysis unit 140, the countermeasure selection unit 150, the countermeasure application unit 160, and the influence reflection unit 170 are realized by software.
  • pij in the above-described expression 2 is currently “0” and safe, but unless the pij is set to “1”. It may not be possible. However, if the value of ri becomes “1” by setting pij to “1”, another pij must be set to “0” in ri. Therefore, the influence reflecting unit 170 changes pij that needs to be “1” to “1”. The contents of this change are input to the risk analysis unit 140, and thereafter, the same processing as in the first embodiment is performed.
  • the impact reflection unit 170 is a condition that should be satisfied in the system 200 in order for the system 200 to provide a service among unsatisfied conditions included in a combination of one or more conditions in which a threat occurs.
  • the information is changed to information indicating that the essential condition is satisfied in the system 200.
  • the countermeasure selecting unit 150 refers to the threat information 111 after being changed by the influence reflecting unit 170, and determines whether or not the threat is a threat to be dealt with. When it is determined that the threat is to be dealt with, the countermeasure selecting unit 150 changes at least one condition different from the essential condition among the satisfied conditions included in the combination to an unsatisfied condition. Select security measures that can be implemented as security measures to be implemented.
  • the impact reflection unit 170 satisfies the threat information 111 generated by the risk analysis unit 140 in the system 200 in order for the system 200 to provide a service among unsatisfied conditions included in each threat combination.
  • the information is changed to information indicating that the indispensable condition, which is a condition to be performed, is satisfied in the system 200.
  • the countermeasure selecting unit 150 refers to the threat information 111 after being changed by the influence reflecting unit 170 and identifies a threat to be dealt with. Then, the countermeasure selection unit 150 can change at least one condition different from the essential condition among the satisfied conditions included in the combination of the conditions in which the identified threat occurs to an unsatisfied condition. Select security measures as security measures to be implemented.
  • the function of “unit” is realized by software.
  • the function of “unit” is software and hardware. It may be realized by a combination.
  • 100 security countermeasure determination device 101 processor, 102 memory, 103 auxiliary storage device, 104 input interface, 105 screen output interface, 111 threat information, 112 countermeasure database, 120 configuration extraction unit, 130 information extraction unit, 140 risk analysis unit, 150 Countermeasure selection section, 160 countermeasure application section, 170 impact reflection section.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A risk analysis unit (140) of a security countermeasure determination device (100) generates threat information (111). The threat information (111) is information that indicates, for each of a plurality of threats affecting a system (200), whether or not the system (200) meets a combination of one or more conditions under which the threat occurs, and whether or not the system (200) meets each individual condition included in this threat-causing condition combination. A countermeasure selection unit (150) of the security countermeasure determination device (100) refers to the threat information (111) and identifies a threat to be dealt with, from among the plurality of threats, on the basis of the number of conditions that are included in the threat-causing condition combination for each threat and that are not currently met by the system (200). The countermeasure selection unit (150) then selects, as a security countermeasure to be taken, a security countermeasure with which the system (200) can be changed so as not to meet at least one condition included in the threat-causing condition combination for the identified threat, said at least one condition being currently met by the system (200).

Description

セキュリティ対策決定装置、セキュリティ対策決定方法およびセキュリティ対策決定プログラムSecurity measure determining device, security measure determining method, and security measure determining program
 本発明は、セキュリティ対策決定装置、セキュリティ対策決定方法およびセキュリティ対策決定プログラムに関するものである。 The present invention relates to a security measure determining device, a security measure determining method, and a security measure determining program.
 情報社会の広がりにより、企業の内部情報等を守るために、適切なセキュリティ対策の決定が重要となっている。しかし、情報技術が高度になり、システムが複雑に連携することや、頻繁に変化するネットワーク構成のために、適切にセキュリティ対策を決定することは容易ではない。そのため、自動的に対象のシステムのリスクを算出し、適切なセキュリティ対策を決定する技術が必要となっている。 Due to the spread of information society, it is important to determine appropriate security measures in order to protect internal information of companies. However, it is not easy to appropriately determine security measures because of advanced information technology, complicated system cooperation, and frequently changing network configurations. Therefore, a technology for automatically calculating the risk of the target system and determining appropriate security measures is required.
 特許文献1には、システムと資産の構成情報を収集し、脅威の発生条件を表す論理式を用いて、リスク評価指標を算出し、脆弱な個所に対して対策を実施する技術が開示されている。 Patent Document 1 discloses a technology that collects system and asset configuration information, calculates a risk evaluation index using a logical expression that represents a threat generation condition, and implements countermeasures against vulnerable locations. Yes.
 特許文献2には、システムに対するアタックツリーを導出することで、脆弱な個所を見つけ出し、リスク軽減策を提示する技術が開示されている。 Patent Document 2 discloses a technique for finding a vulnerable part by deriving an attack tree for a system and presenting a risk mitigation measure.
 特許文献3には、リスク低減率の高い対策を選択し、同じ低減率の場合はコストが小さい対策を選択する技術が開示されている。 Patent Document 3 discloses a technique for selecting a measure with a high risk reduction rate and selecting a measure with a low cost when the reduction rate is the same.
特開2011-022903号公報JP 2011-022903 A 特表2011-519435号公報Special table 2011-519435 gazette 特開2002-24526号公報JP 2002-24526 A 国際公開第2009/037897号International Publication No. 2009/037897
 従来技術では、システムを、セキュリティ上不適切な管理が行われている状態から、適切な管理が行われている状態へと遷移させるためのセキュリティ対策が実施される。しかし、従来技術では、現在は適切なセキュリティ管理が行われているが、攻撃者による多少の手続きにより脅威が発生するような、潜在的リスクが存在する状態を認識することができない。そのため、従来技術では、多少の障害であればコストをかけて執拗に攻撃を仕掛ける標的型攻撃に対するセキュリティ対策を決定することができない。 In the prior art, security measures are implemented to transition the system from a state where management is inappropriate in terms of security to a state where management is appropriate. However, in the prior art, appropriate security management is currently performed, but it is impossible to recognize a state where a potential risk exists such that a threat is generated by some procedure by an attacker. For this reason, the conventional technology cannot determine a security measure against a target-type attack in which attacks are relentlessly costly if there is a slight failure.
 本発明は、システムにおける潜在的リスクを低減することを目的とする。 The present invention aims to reduce potential risks in the system.
 本発明の一態様に係るセキュリティ対策決定装置は、
 システムに影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、前記組み合わせに含まれている条件が前記システムにおいて充足されているか未充足であるかを示す脅威情報を生成し、生成した脅威情報をメモリに格納するリスク分析部と、
 前記メモリにアクセスして、前記リスク分析部により生成された脅威情報を参照し、前記組み合わせに含まれている未充足の条件の数に応じて、前記脅威が、対処すべき脅威であるかどうかを判定し、対処すべき脅威であると判定した場合、前記組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する対策選定部とを備える。 A security measure determining apparatus according to an aspect of the present invention includes:
A combination of one or more conditions in which a threat affecting the system is generated, and threat information indicating whether the conditions included in the combination are satisfied or unsatisfied in the system are generated and generated. A risk analysis unit that stores threat information in memory;
Whether the threat is a threat to be dealt with by accessing the memory, referring to the threat information generated by the risk analysis unit, and according to the number of unsatisfied conditions included in the combination Security measures that can change at least one satisfied condition included in the combination to an unsatisfied condition if the threat is determined to be a threat to be addressed. And a measure selection section to select.
 本発明では、システムに影響を与える脅威が発生する1つ以上の条件の組み合わせの中に未充足の条件がいくつあるかによって、その脅威が、対処すべき脅威であるかどうかが判定される。対処すべき脅威であると判定された場合、その脅威が発生する条件のうち、充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策が、実施すべきセキュリティ対策に選定される。このため、システムにおける潜在的リスクを低減することができる。 In the present invention, whether or not the threat is a threat to be dealt with is determined based on how many unsatisfied conditions are present in a combination of one or more conditions that cause a threat that affects the system. If it is determined that the threat should be dealt with, a security measure that can change at least one satisfied condition to an unsatisfied condition is selected as the security countermeasure to be implemented. Is done. For this reason, the potential risk in the system can be reduced.
実施の形態1に係るセキュリティ対策決定装置の構成を示すブロック図。FIG. 2 is a block diagram showing a configuration of a security measure determination device according to the first embodiment. 実施の形態1に係るセキュリティ対策決定装置の動作を示すフローチャート。5 is a flowchart showing the operation of the security measure determining apparatus according to the first embodiment. 実施の形態1に係るセキュリティ対策決定装置の対策選定部の動作例を示すフローチャート。6 is a flowchart showing an operation example of a countermeasure selection unit of the security countermeasure determining apparatus according to the first embodiment. 実施の形態2に係るセキュリティ対策決定装置の構成を示すブロック図。FIG. 4 is a block diagram illustrating a configuration of a security measure determining apparatus according to a second embodiment.
 以下、本発明の実施の形態について、図を用いて説明する。なお、各図中、同一または相当する部分には、同一符号を付している。実施の形態の説明において、同一または相当する部分については、説明を適宜省略または簡略化する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals. In the description of the embodiments, the description of the same or corresponding parts will be omitted or simplified as appropriate.
 実施の形態1.
 本実施の形態について、図1から図3を用いて説明する。 Embodiment 1 FIG.
This embodiment will be described with reference to FIGS.
 ***構成の説明***
 図1を参照して、本実施の形態に係るセキュリティ対策決定装置100の構成を説明する。 *** Explanation of configuration ***
With reference to FIG. 1, the structure of the security measure determination device 100 according to the present embodiment will be described.
 セキュリティ対策決定装置100は、コンピュータである。セキュリティ対策決定装置100は、プロセッサ101を備えるとともに、メモリ102、補助記憶装置103、入力インタフェース104、画面出力インタフェース105といった他のハードウェアを備える。プロセッサ101は、信号線を介して他のハードウェアと接続され、これら他のハードウェアを制御する。 The security measure determining apparatus 100 is a computer. The security measure determining apparatus 100 includes a processor 101 and other hardware such as a memory 102, an auxiliary storage device 103, an input interface 104, and a screen output interface 105. The processor 101 is connected to other hardware via a signal line, and controls these other hardware.
 セキュリティ対策決定装置100は、機能要素として、構成抽出部120と、情報抽出部130と、リスク分析部140と、対策選定部150と、対策適用部160とを備える。構成抽出部120、情報抽出部130、リスク分析部140、対策選定部150、対策適用部160といった「部」の機能は、ソフトウェアにより実現される。 The security measure determining apparatus 100 includes a configuration extracting unit 120, an information extracting unit 130, a risk analyzing unit 140, a measure selecting unit 150, and a measure applying unit 160 as functional elements. Functions of “units” such as the configuration extraction unit 120, the information extraction unit 130, the risk analysis unit 140, the countermeasure selection unit 150, and the countermeasure application unit 160 are realized by software.
 プロセッサ101は、プロセッシングを行うICである。「IC」は、Integrated Circuitの略語である。プロセッサ101は、具体的には、CPUである。「CPU」は、Central Processing Unitの略語である。 The processor 101 is an IC that performs processing. “IC” is an abbreviation for Integrated Circuit. Specifically, the processor 101 is a CPU. “CPU” is an abbreviation for Central Processing Unit.
 メモリ102には、脅威情報111が記憶される。脅威情報111は、システム200に影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、その組み合わせに含まれている条件がシステム200において充足されているか未充足であるかを示す情報である。考慮される脅威の数は、1つでもよいが、本実施の形態では、複数である。すなわち、本実施の形態では、脅威情報111は、システム200に影響を与える複数の脅威について、各脅威が発生する1つ以上の条件の組み合わせ、および、各脅威の組み合わせに含まれている条件がシステム200において充足されているか未充足であるかを示す情報である。メモリ102は、具体的には、フラッシュメモリまたはRAMである。「RAM」は、Random Access Memoryの略語である。 The threat information 111 is stored in the memory 102. The threat information 111 is information indicating a combination of one or more conditions in which a threat that affects the system 200 occurs and whether the conditions included in the combination are satisfied or not satisfied in the system 200. is there. Although the number of threats considered may be one, in the present embodiment, there are a plurality of threats. In other words, in the present embodiment, the threat information 111 includes, for a plurality of threats affecting the system 200, a combination of one or more conditions for generating each threat, and conditions included in each threat combination. This is information indicating whether the system 200 is satisfied or not satisfied. Specifically, the memory 102 is a flash memory or a RAM. “RAM” is an abbreviation for Random Access Memory.
 補助記憶装置103には、対策データベース112が記憶されている。対策データベース112は、システム200に対して実施可能なセキュリティ対策ごとに、コストと実施内容との組を格納するデータベースである。対策データベース112は、適宜メモリ102に展開され、プロセッサ101によって参照または操作される。補助記憶装置103には、さらに、「部」の機能を実現するプログラムが記憶されている。このプログラムは、メモリ102にロードされ、プロセッサ101によって実行される。補助記憶装置103には、OSも記憶されている。「OS」は、Operating Systemの略語である。プロセッサ101は、OSを実行しながら、「部」の機能を実現するプログラムを実行する。なお、「部」の機能を実現するプログラムの一部または全部がOSに組み込まれていてもよい。補助記憶装置103は、具体的には、フラッシュメモリまたはHDDである。「HDD」は、Hard Disk Driveの略語である。 In the auxiliary storage device 103, a countermeasure database 112 is stored. The countermeasure database 112 is a database that stores a set of cost and implementation contents for each security countermeasure that can be implemented for the system 200. The countermeasure database 112 is appropriately expanded in the memory 102 and is referred to or operated by the processor 101. The auxiliary storage device 103 further stores a program for realizing the function of “unit”. This program is loaded into the memory 102 and executed by the processor 101. The auxiliary storage device 103 also stores an OS. “OS” is an abbreviation for Operating System. The processor 101 executes a program for realizing the function of “unit” while executing the OS. A part or all of the program for realizing the function of “unit” may be incorporated in the OS. Specifically, the auxiliary storage device 103 is a flash memory or an HDD. “HDD” is an abbreviation for Hard Disk Drive.
 入力インタフェース104は、図示していない入力装置が接続されるポートである。入力インタフェース104は、具体的には、USB端子である。「USB」は、Universal Serial Busの略語である。入力装置は、具体的には、マウス、キーボード、または、タッチパネルである。 The input interface 104 is a port to which an input device (not shown) is connected. Specifically, the input interface 104 is a USB terminal. “USB” is an abbreviation for Universal Serial Bus. Specifically, the input device is a mouse, a keyboard, or a touch panel.
 画面出力インタフェース105は、図示していないディスプレイが接続されるポートである。画面出力インタフェース105は、具体的には、USB端子である。ディスプレイは、具体的には、LCDである。「LCD」は、Liquid Crystal Displayの略語である。 The screen output interface 105 is a port to which a display (not shown) is connected. Specifically, the screen output interface 105 is a USB terminal. Specifically, the display is an LCD. “LCD” is an abbreviation for Liquid Crystal Display.
 セキュリティ対策決定装置100は、ハードウェアとして、通信装置を備えていてもよい。 The security measure determining apparatus 100 may include a communication device as hardware.
 通信装置は、データを受信するレシーバおよびデータを送信するトランスミッタを含む。通信装置は、具体的には、通信チップまたはNICである。「NIC」は、Network Interface Cardの略語である。 The communication device includes a receiver that receives data and a transmitter that transmits data. Specifically, the communication device is a communication chip or a NIC. “NIC” is an abbreviation for Network Interface Card.
 セキュリティ対策決定装置100は、プロセッサ101を代替する複数のプロセッサを備えていてもよい。これら複数のプロセッサは、「部」の機能を実現するプログラムの実行を分担する。それぞれのプロセッサは、プロセッサ101と同じように、プロセッシングを行うICである。 The security measure determining apparatus 100 may include a plurality of processors that replace the processor 101. The plurality of processors share the execution of a program that realizes the function of “unit”. Each processor is an IC that performs processing in the same manner as the processor 101.
 「部」の処理の結果を示す情報、データ、信号値、および、変数値は、メモリ102、補助記憶装置103、または、プロセッサ101内のレジスタまたはキャッシュメモリに記憶される。 Information, data, signal values, and variable values indicating the processing results of “unit” are stored in the memory 102, the auxiliary storage device 103, or a register or cache memory in the processor 101.
 「部」の機能を実現するプログラムは、磁気ディスク、光ディスクといった可搬記録媒体に記憶されてもよい。 The program for realizing the function of “unit” may be stored in a portable recording medium such as a magnetic disk or an optical disk.
 ***動作の説明***
 図2を参照して、本実施の形態に係るセキュリティ対策決定装置100の動作を説明する。セキュリティ対策決定装置100の動作は、本実施の形態に係るセキュリティ対策決定方法に相当する。セキュリティ対策決定装置100の動作は、本実施の形態に係るセキュリティ対策決定プログラムの処理手順に相当する。 *** Explanation of operation ***
With reference to FIG. 2, the operation of the security measure determining apparatus 100 according to the present embodiment will be described. The operation of the security measure determining apparatus 100 corresponds to the security measure determining method according to the present embodiment. The operation of the security countermeasure determining apparatus 100 corresponds to the processing procedure of the security countermeasure determining program according to the present embodiment.
 ステップS11において、構成抽出部120は、管理対象のシステム200に対して調査を行い、システム200の構成を示すシステム構成情報を抽出する。システム構成情報は、ネットワーク構成や、OSのバージョンといった情報を含む。具体例として、システム構成情報は、特許文献4に記載されている「診断項目」と同じように定義および取得される。構成抽出部120は、抽出したシステム構成情報をリスク分析部140に入力する。 In step S11, the configuration extraction unit 120 investigates the management target system 200, and extracts system configuration information indicating the configuration of the system 200. The system configuration information includes information such as the network configuration and the OS version. As a specific example, the system configuration information is defined and acquired in the same manner as the “diagnostic item” described in Patent Document 4. The configuration extraction unit 120 inputs the extracted system configuration information to the risk analysis unit 140.
 ステップS12において、情報抽出部130は、管理対象のシステム200に対して調査を行い、システム200によって保持されている資産価値のある情報の配置を示す資産情報を抽出する。資産情報は、管理対象のシステム200内の機密情報、顧客情報といった資産価値のある情報の配置を示す情報である。具体例として、資産情報は、特許文献1に記載されている「配置情報」と同じように定義および取得される。情報抽出部130は、抽出した資産情報をリスク分析部140に入力する。 In step S12, the information extraction unit 130 investigates the system 200 to be managed, and extracts asset information indicating the arrangement of information with asset value held by the system 200. The asset information is information indicating the arrangement of information having asset value such as confidential information and customer information in the system 200 to be managed. As a specific example, asset information is defined and acquired in the same manner as “placement information” described in Patent Document 1. The information extraction unit 130 inputs the extracted asset information to the risk analysis unit 140.
 ステップS13において、対策データベース112に、セキュリティ対策の内容とコストとの組が入力される。この入力は、データをインポートすることによって自動で行われてもよいが、本実施の形態では人手で行われる。 In step S13, a set of the contents and cost of the security countermeasure is input to the countermeasure database 112. This input may be automatically performed by importing data, but is manually performed in the present embodiment.
 ステップS14およびステップS15において、リスク分析部140は、脅威情報111を生成し、生成した脅威情報111をメモリ102に格納する。具体的には、ステップS14において、リスク分析部140は、構成抽出部120および情報抽出部130から入力されたシステム構成情報および資産情報を用いて、管理対象のシステム200のアタックツリーを抽出する。アタックツリーは、リスク分析手法の一種である。具体例として、アタックツリーは、特許文献2に記載されているものと同じように定義および取得される。ステップS15において、リスク分析部140は、アタックツリーをもとに脅威発生条件の論理式を得る。この論理式は、加法標準形により表現され、脅威情報111としてメモリ102に保存される。脅威発生条件の論理式の具体例については、後述する。 In step S14 and step S15, the risk analysis unit 140 generates the threat information 111 and stores the generated threat information 111 in the memory 102. Specifically, in step S14, the risk analysis unit 140 extracts an attack tree of the management target system 200 using the system configuration information and asset information input from the configuration extraction unit 120 and the information extraction unit 130. The attack tree is a kind of risk analysis technique. As a specific example, the attack tree is defined and acquired in the same manner as that described in Patent Document 2. In step S15, the risk analysis unit 140 obtains a logical expression of the threat occurrence condition based on the attack tree. This logical expression is expressed in an additive standard form and stored in the memory 102 as threat information 111. A specific example of the logical expression of the threat generation condition will be described later.
 ステップS16およびステップS17において、対策選定部150は、メモリ102にアクセスして、リスク分析部140により生成された脅威情報111を参照する。前述したように、脅威情報111は、システム200に影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、その組み合わせに含まれている条件がシステム200において充足されているか未充足であるかを示す情報である。対策選定部150は、その組み合わせに含まれている未充足の条件の数に応じて、上記脅威が、対処すべき脅威であるかどうかを判定する。対処すべき脅威であると判定した場合、対策選定部150は、上記組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する。本実施の形態では、脅威情報111は、システム200に影響を与える複数の脅威について、各脅威が発生する1つ以上の条件の組み合わせ、および、各脅威の組み合わせに含まれている条件がシステム200において充足されているか未充足であるかを示す情報である。そのため、対策選定部150は、各脅威の組み合わせに含まれている未充足の条件の数に応じて、各脅威が、対処すべき脅威であるかどうかを個別に判定する。すなわち、対策選定部150は、各脅威の組み合わせに含まれている未充足の条件の数に応じて、複数の脅威の中から、対処すべき脅威を特定する。そして、対策選定部150は、特定した脅威の組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する。具体的には、ステップS16において、対策選定部150は、リスク分析部140で得られた脅威発生条件の論理式をもとに解析を行い、セキュリティ対策が必要であるかを判定する。セキュリティ対策が必要である場合、ステップS17において、対策選定部150は、対策データベース112を参照して、コストを考慮しつつ、どのセキュリティ対策が実施可能であるかを判断し、実際に行うセキュリティ対策を対策適用部160に指示する。 In step S16 and step S17, the countermeasure selection unit 150 accesses the memory 102 and refers to the threat information 111 generated by the risk analysis unit 140. As described above, the threat information 111 is a combination of one or more conditions in which a threat that affects the system 200 occurs, and the conditions included in the combination are satisfied or not satisfied in the system 200. It is the information which shows. The measure selection unit 150 determines whether the threat is a threat to be dealt with according to the number of unsatisfied conditions included in the combination. When it is determined that the threat should be dealt with, the countermeasure selection unit 150 performs security countermeasures that can implement a security countermeasure that can change at least one satisfied condition included in the combination to an unsatisfied condition. Select measures. In the present embodiment, the threat information 111 includes, for a plurality of threats affecting the system 200, a combination of one or more conditions in which each threat occurs and a condition included in each threat combination. It is the information which shows whether it is satisfied in (2). Therefore, the countermeasure selection unit 150 individually determines whether each threat is a threat to be dealt with according to the number of unsatisfied conditions included in each combination of threats. That is, the countermeasure selection unit 150 identifies a threat to be addressed from a plurality of threats according to the number of unsatisfied conditions included in each threat combination. Then, the measure selection unit 150 selects a security measure that can change at least one satisfied condition included in the identified combination of threats to an unsatisfied condition as a security measure to be implemented. Specifically, in step S <b> 16, the measure selection unit 150 performs analysis based on the logical expression of the threat generation condition obtained by the risk analysis unit 140 and determines whether security measures are necessary. If a security measure is necessary, in step S17, the measure selection unit 150 refers to the measure database 112, determines which security measure can be implemented while considering the cost, and actually implements the security measure. To the countermeasure application unit 160.
 ステップS18において、対策適用部160は、対策選定部150の指示を受け、実際に行うセキュリティ対策を対策データベース112から呼び出し、そのセキュリティ対策を管理対象のシステム200に対して実施する。セキュリティ対策の一例としては、管理対象のシステム200が有するセキュリティ機器の設定を変更するという対策がある。具体例として、セキュリティ対策は、特許文献1に記載されているものと同じように定義および実施される。 In step S18, the countermeasure application unit 160 receives an instruction from the countermeasure selection unit 150, calls the actually implemented security countermeasure from the countermeasure database 112, and implements the security countermeasure on the management target system 200. As an example of the security measure, there is a measure to change the setting of the security device included in the system 200 to be managed. As a specific example, security measures are defined and implemented in the same manner as described in Patent Document 1.
 図3を参照して、ステップS16およびステップS17における対策選定部150の動作例を説明する。 With reference to FIG. 3, the operation example of the measure selection unit 150 in step S16 and step S17 will be described.
 ここでは、リスク分析部140において得られた脅威発生条件の論理式を次のように表す。
 式1:R=r1∨r2∨・・・∨rn
 式2:ri=pi1∧pi2∧・・・∧pim Here, the logical expression of the threat generation condition obtained in the risk analysis unit 140 is expressed as follows.
Formula 1: R = r1∨r2∨ ... ∨rn
Formula 2: ri = pi1∧pi2∧ ・ ・ ・ ∧pim i
 式1は、評価対象のシステム200における脅威発生条件の論理式である。脅威が発生する場合はR=1、発生しない場合はR=0となる。i=1,2,・・・,nとしたとき、rは脅威の一つ一つを示しており、nは脅威の数を示している。j=1,2,・・・,mとしたとき、pijは脅威riが発生するための条件の一つ一つを示しており、mは脅威riが発生するための条件の数を示している。条件の具体例としては、ネットワークに接続されているといった条件がある。ここで、「∨」は論理和、「∧」は論理積を示す。 Expression 1 is a logical expression of threat generation conditions in the system 200 to be evaluated. When a threat occurs, R = 1, and when it does not occur, R = 0. When i = 1, 2,..., n, r i represents each threat, and n represents the number of threats. j = 1, 2, · · ·, when the m i, pij denotes one one of the conditions for threat ri occurs, the number of conditions for m i is the threat ri occurs Show. As a specific example of the condition, there is a condition of being connected to a network. Here, “∨” represents a logical sum, and “∧” represents a logical product.
 ステップS21において、対策選定部150は、脅威発生条件の論理式である式1の値を調べる。ここで、R=1である場合はステップS22、R=0である場合はステップS23が実行される。 In step S21, the countermeasure selection unit 150 checks the value of Expression 1, which is a logical expression of the threat occurrence condition. Here, when R = 1, step S22 is executed, and when R = 0, step S23 is executed.
 ステップS22において、対策選定部150は、どの項が「1」となっているかを評価し、該当する項を特定する。ここで、関数f(ri)を、脅威riが発生するための条件pijにおいて、「0」の個数を数え上げる関数と定義する。関数f(ri)を用いてステップS22を説明すると、f(ri)=0となるriを特定することとなる。ステップS22の後は、ステップS24が実行される。なお、ステップS22で特定されるriが複数個存在する場合、該当するすべてのriについてステップS24が実行される。 In step S22, the measure selection unit 150 evaluates which item is “1” and identifies the corresponding item. Here, the function f (ri) is defined as a function for counting up the number of “0” in the condition pij for the threat ri to occur. If step S22 is described using the function f (ri), ri for which f (ri) = 0 is specified. After step S22, step S24 is executed. If there are a plurality of ri specified in step S22, step S24 is executed for all corresponding ri.
 ステップS23において、対策選定部150は、すべてのriに対してf(ri)を計算し、計算した値が閾値thよりも小さいものが存在する場合はステップS24を実行する。閾値thは、「0」よりも大きい任意の値に設定される。なお、ステップS22で該当するriが複数個存在する場合、該当するすべてのriについてステップS24が実行される。 In step S23, the measure selection unit 150 calculates f (ri) for all ri, and if there is a value whose calculated value is smaller than the threshold th, executes step S24. The threshold th is set to an arbitrary value larger than “0”. If there are a plurality of corresponding ri in step S22, step S24 is executed for all corresponding ri.
 ステップS24において、対策選定部150は、ステップS22またはステップS23で特定した脅威riに対処するためのセキュリティ対策を選定し、対策適用部160に通知する。選定されるセキュリティ対策は、「1」であるpijが「0」になるような手続きである。具体例として、脅威r1の発生条件の1つp11が、ネットワークに接続されていることであれば、セキュリティ対策として、「ネットワークの遮断」が選定される。1<k<nかつk≠iとしたとき、実施するセキュリティ対策としては、その1つのセキュリティ対策を実施することで他の脅威rkにも対処でき、かつ、その1つのセキュリティ対策を実施するためのコストが低いことが望ましい。なお、選定されるセキュリティ対策は、複数であってもよい。 In step S24, the countermeasure selecting unit 150 selects a security countermeasure for dealing with the threat ri identified in step S22 or step S23, and notifies the countermeasure applying section 160 of it. The selected security measure is a procedure such that “1” is changed to “0”. As a specific example, if one of the generation conditions p11 of the threat r1 is connected to a network, “blocking the network” is selected as a security measure. When 1 <k <n and k ≠ i, the security measures to be implemented are to deal with other threats rk by implementing that one security measure, and to implement that one security measure. It is desirable that the cost of A plurality of security measures may be selected.
 ステップS23で特定された脅威riに対処するためのセキュリティ対策の選定について、詳細に説明する。 The selection of security measures for dealing with the threat ri identified in step S23 will be described in detail.
 まず、対策選定部150は、ステップS23で特定したriにおいて、値が「1」であるpijをすべて抽出する。具体例として、次の式3のようにraが与えられている場合を説明する。
 式3:ra=pa1∧pa2∧pa3∧pa4∧pa5=1∧0∧1∧1∧0 First, the countermeasure selection unit 150 extracts all pij whose values are “1” in ri specified in step S23. As a specific example, a case where ra is given as in the following Expression 3 will be described.
Expression 3: ra = pa1∧pa2∧pa3∧pa4∧pa5 = 1∧0∧1∧1∧0
 riからpijの値が「1」である要素を抽出する関数g(ri)を定義すると、raからpajの値が「1」である要素を抽出した集合Eは、次の式4のようになる。
 式4:E=g(ra)={pa1,pa3,pa4} When a function g (ri) for extracting an element having a value of “1” from ri is defined, a set E obtained by extracting an element having a value of “1” from pa from ra is represented by the following Expression 4. Become.
Formula 4: E = g (ra) = {pa1, pa3, pa4}
 上記のように、関数g(ri)によって、式3のようにraが与えられれば、脅威raについてセキュリティ対策が必要な条件を抽出することができる。 As described above, if ra is given by the function g (ri) as shown in Equation 3, a condition that requires security measures can be extracted for the threat ra.
 次に、対策選定部150は、対策データベース112から、集合Eの要素eを1つ以上「0」にすることができるセキュリティ対策を選定する。ここで、選定されるセキュリティ対策は、2つの観点から選定される。1つ目の観点は、1つのセキュリティ対策の実施により「0」にできる要素eの数が多いかどうかである。これは、1つのセキュリティ対策で複数の攻撃条件をつぶすことができるものが、良い対策であるためである。2つ目の観点は、セキュリティ対策を講じる際に必要なコストである。対策選定部150は、セキュリティ対策の実施の際に必要なコストを計算し、コストが低いセキュリティ対策を優先的に選定する。ここで、コストは、時間でも金銭でもよく、時間を金銭に換算して共通の尺度で評価してもよい。前述したように、対策データベース112は、システム200に対して実施可能なセキュリティ対策ごとに、コストと実施内容との組を格納するデータベースである。そのため、コストの観点からセキュリティ対策を選定することが可能である。 Next, the countermeasure selection unit 150 selects a security countermeasure that can set one or more elements e of the set E to “0” from the countermeasure database 112. Here, the security measures to be selected are selected from two viewpoints. The first viewpoint is whether or not the number of elements e that can be set to “0” by implementing one security measure is large. This is because it is a good countermeasure that can eliminate a plurality of attack conditions with one security countermeasure. The second viewpoint is the cost required when taking security measures. The measure selection unit 150 calculates a cost necessary for implementing the security measure and preferentially selects a security measure with a low cost. Here, the cost may be time or money, and the time may be converted into money and evaluated on a common scale. As described above, the countermeasure database 112 is a database that stores a set of cost and implementation contents for each security countermeasure that can be implemented for the system 200. Therefore, it is possible to select security measures from the viewpoint of cost.
 ***実施の形態の効果の説明***
 以上の動作により、管理対象のシステム200における潜在的なリスクを特定し、その結果をもとにセキュリティ対策を実施することが可能となり、システム200を安全に保つことが可能となる。すなわち、本実施の形態によれば、管理対象のシステム200に対して、潜在的なリスクを洗い出し、セキュリティ対策を自動で行うことで標的型攻撃に対しても安全性を確保することができる。 *** Explanation of the effect of the embodiment ***
With the above operation, it is possible to identify a potential risk in the system 200 to be managed, implement security measures based on the result, and keep the system 200 safe. In other words, according to the present embodiment, it is possible to ensure safety against targeted attacks by identifying potential risks for the management target system 200 and automatically performing security measures.
 本実施の形態では、システム200に影響を与える脅威が発生する1つ以上の条件の組み合わせの中に未充足の条件がいくつあるかによって、その脅威が、対処すべき脅威であるかどうかが判定される。対処すべき脅威であると判定された場合、その脅威が発生する条件のうち、充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策が、実施すべきセキュリティ対策に選定される。このため、システム200における潜在的リスクを低減することができる。 In the present embodiment, whether or not a threat is a threat to be dealt with is determined based on how many unsatisfied conditions exist in a combination of one or more conditions that cause a threat that affects the system 200. Is done. If it is determined that the threat should be dealt with, a security measure that can change at least one satisfied condition to an unsatisfied condition is selected as the security countermeasure to be implemented. Is done. Thus, potential risks in the system 200 can be reduced.
 本実施の形態において、対策選定部150は、各脅威riが発生する条件pijの組み合わせに含まれている未充足の条件の数を、「0」よりも大きい閾値thと比較し、閾値thよりも少ない数の未充足の条件が組み合わせに含まれている脅威riを、対処すべき脅威として特定する。そのため、脅威が発生するリスクが顕在化していない場合であっても、潜在的なリスクを検出して対処することができる。 In the present embodiment, the countermeasure selection unit 150 compares the number of unsatisfied conditions included in the combination of the conditions pij in which each threat ri occurs with a threshold th greater than “0”, and the threshold th A threat ri that includes a small number of unsatisfied conditions in the combination is identified as a threat to be dealt with. Therefore, even when the risk of threats is not obvious, it is possible to detect and deal with potential risks.
 本実施の形態において、対策選定部150は、特定した脅威が発生する条件の組み合わせに含まれている充足されている条件を2つ以上未充足の条件に変えることができるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する。望ましくは、対策選定部150は、特定した脅威が発生する条件の組み合わせに含まれている充足されている条件をより多く未充足の条件に変えることができるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する。これにより、実施されるセキュリティ対策の数の増大を抑えることができる。 In the present embodiment, the countermeasure selection unit 150 gives priority to a security countermeasure that can change two or more satisfied conditions included in a combination of conditions in which the identified threat occurs to two or more unsatisfied conditions. Select security measures to be implemented. Desirably, the countermeasure selection unit 150 should prioritize security countermeasures that can change the satisfied conditions included in the combination of the conditions for generating the identified threats to more unsatisfied conditions. Select security measures. Thereby, an increase in the number of security measures to be implemented can be suppressed.
 本実施の形態において、対策選定部150は、より低いコストで実施されるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する。これにより、セキュリティ対策の実施にかかるコストの増大を抑えることができる。 In the present embodiment, the countermeasure selection unit 150 selects a security countermeasure to be implemented with priority given to a security countermeasure implemented at a lower cost. Thereby, the increase in the cost concerning implementation of a security measure can be suppressed.
 ***他の構成***
 本実施の形態では、「部」の機能がソフトウェアにより実現されるが、変形例として、「部」の機能がソフトウェアとハードウェアとの組み合わせにより実現されてもよい。すなわち、「部」の機能の一部が専用の電子回路により実現され、残りがソフトウェアにより実現されてもよい。 *** Other configurations ***
In the present embodiment, the function of “unit” is realized by software. However, as a modification, the function of “unit” may be realized by a combination of software and hardware. That is, a part of the function of “unit” may be realized by a dedicated electronic circuit, and the rest may be realized by software.
 専用の電子回路は、具体的には、単一回路、複合回路、プログラム化したプロセッサ、並列プログラム化したプロセッサ、ロジックIC、GA、FPGA、または、ASICである。「GA」は、Gate Arrayの略語である。「FPGA」は、Field-Programmable Gate Arrayの略語である。「ASIC」は、Application Specific Integrated Circuitの略語である。 Specifically, the dedicated electronic circuit is a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA, an FPGA, or an ASIC. “GA” is an abbreviation for Gate Array. “FPGA” is an abbreviation for Field-Programmable Gate Array. “ASIC” is an abbreviation for Application Specific Integrated Circuit.
 プロセッサ101、メモリ102、および、専用の電子回路を、総称して「プロセッシングサーキットリ」という。つまり、「部」の機能がソフトウェアにより実現されるか、ソフトウェアとハードウェアとの組み合わせにより実現されるかに関わらず、「部」の機能は、プロセッシングサーキットリにより実現される。 The processor 101, the memory 102, and the dedicated electronic circuit are collectively referred to as a “processing circuit”. That is, regardless of whether the function of “part” is realized by software or a combination of software and hardware, the function of “part” is realized by a processing circuit.
 「部」を「工程」、「手順」、または、「処理」に読み替えてもよい。 “Part” may be read as “Process”, “Procedure”, or “Process”.
 実施の形態2.
 本実施の形態について、主に実施の形態1との差異を、図4を用いて説明する。 Embodiment 2. FIG.
The difference between the present embodiment and the first embodiment will be mainly described with reference to FIG.
 セキュリティ対策決定装置100は、機能要素として、構成抽出部120と、情報抽出部130と、リスク分析部140と、対策選定部150と、対策適用部160とのほか、影響反映部170を備える。構成抽出部120、情報抽出部130、リスク分析部140、対策選定部150、対策適用部160、影響反映部170といった「部」の機能は、ソフトウェアにより実現される。 The security measure determining apparatus 100 includes a configuration extracting unit 120, an information extracting unit 130, a risk analyzing unit 140, a measure selecting unit 150, a measure applying unit 160, and an impact reflecting unit 170 as functional elements. Functions of “units” such as the configuration extraction unit 120, the information extraction unit 130, the risk analysis unit 140, the countermeasure selection unit 150, the countermeasure application unit 160, and the influence reflection unit 170 are realized by software.
 管理対象のシステム200が提供する何らかのサービスにおいて、ユーザに対する利便性等を与えるために、前述した式2におけるpijが現在は「0」であり安全であるが、そのpijを「1」にしなければならない場合がある。しかし、pijを「1」にすることで、riの値が「1」になってしまう場合、riにおいて別のpijを「0」にしなければならない。そこで、影響反映部170は、「1」にする必要があるpijを「1」に変更する。この変更の内容は、リスク分析部140に入力され、以降、実施の形態1と同様の処理が行われる。 In any service provided by the system 200 to be managed, in order to give convenience to the user and the like, pij in the above-described expression 2 is currently “0” and safe, but unless the pij is set to “1”. It may not be possible. However, if the value of ri becomes “1” by setting pij to “1”, another pij must be set to “0” in ri. Therefore, the influence reflecting unit 170 changes pij that needs to be “1” to “1”. The contents of this change are input to the risk analysis unit 140, and thereafter, the same processing as in the first embodiment is performed.
 つまり、影響反映部170は、脅威が発生する1つ以上の条件の組み合わせに含まれている未充足の条件のうち、システム200がサービスを提供するためにシステム200において充足されるべき条件である必須条件がシステム200において充足されていることを示す情報に変更する。対策選定部150は、影響反映部170により変更された後の脅威情報111を参照して、上記脅威が、対処すべき脅威であるかどうかを判定する。対処すべき脅威であると判定した場合、対策選定部150は、上記組み合わせに含まれている充足されている条件のうち、必須条件とは別の条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する。考慮される脅威の数は、1つでもよいが、本実施の形態では、複数である。そのため、影響反映部170は、リスク分析部140により生成された脅威情報111を、各脅威の組み合わせに含まれている未充足の条件のうち、システム200がサービスを提供するためにシステム200において充足されるべき条件である必須条件がシステム200において充足されていることを示す情報に変更する。対策選定部150は、影響反映部170により変更された後の脅威情報111を参照して、対処すべき脅威を特定する。そして、対策選定部150は、特定した脅威が発生する条件の組み合わせに含まれている充足されている条件のうち、必須条件とは別の条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する。 That is, the impact reflection unit 170 is a condition that should be satisfied in the system 200 in order for the system 200 to provide a service among unsatisfied conditions included in a combination of one or more conditions in which a threat occurs. The information is changed to information indicating that the essential condition is satisfied in the system 200. The countermeasure selecting unit 150 refers to the threat information 111 after being changed by the influence reflecting unit 170, and determines whether or not the threat is a threat to be dealt with. When it is determined that the threat is to be dealt with, the countermeasure selecting unit 150 changes at least one condition different from the essential condition among the satisfied conditions included in the combination to an unsatisfied condition. Select security measures that can be implemented as security measures to be implemented. Although the number of threats considered may be one, in the present embodiment, there are a plurality of threats. Therefore, the impact reflection unit 170 satisfies the threat information 111 generated by the risk analysis unit 140 in the system 200 in order for the system 200 to provide a service among unsatisfied conditions included in each threat combination. The information is changed to information indicating that the indispensable condition, which is a condition to be performed, is satisfied in the system 200. The countermeasure selecting unit 150 refers to the threat information 111 after being changed by the influence reflecting unit 170 and identifies a threat to be dealt with. Then, the countermeasure selection unit 150 can change at least one condition different from the essential condition among the satisfied conditions included in the combination of the conditions in which the identified threat occurs to an unsatisfied condition. Select security measures as security measures to be implemented.
 以上の動作により、管理対象のシステム200が提供する何らかのサービスを、安全に提供することが可能になる。 Through the above operation, it is possible to safely provide some service provided by the system 200 to be managed.
 本実施の形態では、実施の形態1と同じように、「部」の機能がソフトウェアにより実現されるが、実施の形態1の変形例と同じように、「部」の機能がソフトウェアとハードウェアとの組み合わせにより実現されてもよい。 In the present embodiment, as in the first embodiment, the function of “unit” is realized by software. However, as in the modification of the first embodiment, the function of “unit” is software and hardware. It may be realized by a combination.
 以上、本発明の実施の形態について説明したが、これらの実施の形態のうち、2つ以上の実施の形態を組み合わせて実施しても構わない。あるいは、これらの実施の形態のうち、1つの実施の形態または2つ以上の実施の形態の組み合わせを部分的に実施しても構わない。具体的には、これらの実施の形態に係るセキュリティ対策決定装置100の機能要素のうち、一部の機能要素のみを採用してもよい。なお、本発明は、これらの実施の形態に限定されるものではなく、必要に応じて種々の変更が可能である。 Although the embodiments of the present invention have been described above, two or more embodiments of these embodiments may be combined. Alternatively, among these embodiments, one embodiment or a combination of two or more embodiments may be partially implemented. Specifically, only some of the functional elements of the security countermeasure determining apparatus 100 according to these embodiments may be employed. In addition, this invention is not limited to these embodiment, A various change is possible as needed.
 100 セキュリティ対策決定装置、101 プロセッサ、102 メモリ、103 補助記憶装置、104 入力インタフェース、105 画面出力インタフェース、111 脅威情報、112 対策データベース、120 構成抽出部、130 情報抽出部、140 リスク分析部、150 対策選定部、160 対策適用部、170 影響反映部。 100 security countermeasure determination device, 101 processor, 102 memory, 103 auxiliary storage device, 104 input interface, 105 screen output interface, 111 threat information, 112 countermeasure database, 120 configuration extraction unit, 130 information extraction unit, 140 risk analysis unit, 150 Countermeasure selection section, 160 countermeasure application section, 170 impact reflection section.

Claims (8)

  1.  システムに影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、前記組み合わせに含まれている条件が前記システムにおいて充足されているか未充足であるかを示す脅威情報を生成し、生成した脅威情報をメモリに格納するリスク分析部と、
     前記メモリにアクセスして、前記リスク分析部により生成された脅威情報を参照し、前記組み合わせに含まれている未充足の条件の数に応じて、前記脅威が、対処すべき脅威であるかどうかを判定し、対処すべき脅威であると判定した場合、前記組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する対策選定部と
    を備えるセキュリティ対策決定装置。     A combination of one or more conditions in which a threat affecting the system is generated, and threat information indicating whether the conditions included in the combination are satisfied or unsatisfied in the system are generated and generated. A risk analysis unit that stores threat information in memory;
    Whether the threat is a threat to be dealt with by accessing the memory, referring to the threat information generated by the risk analysis unit, and according to the number of unsatisfied conditions included in the combination Security measures that can change at least one satisfied condition included in the combination to an unsatisfied condition if the threat is determined to be a threat to be addressed. A security measure determination device including a measure selection unit to be selected.
  2.  前記対策選定部は、前記組み合わせに含まれている未充足の条件の数を、0よりも大きい閾値と比較し、前記閾値よりも少ない数の未充足の条件が前記組み合わせに含まれている場合、前記脅威が、対処すべき脅威であると判定する請求項1に記載のセキュリティ対策決定装置。 The measure selection unit compares the number of unsatisfied conditions included in the combination with a threshold value greater than 0, and the combination includes fewer unsatisfied conditions than the threshold value. The security measure determining apparatus according to claim 1, wherein the threat is determined to be a threat to be dealt with.
  3.  前記対策選定部は、前記組み合わせに含まれている充足されている条件を2つ以上未充足の条件に変えることができるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する請求項1または2に記載のセキュリティ対策決定装置。 The said countermeasure selection part selects the security countermeasure which should be implemented giving priority to the security countermeasure which can change the satisfying conditions included in the said combination into two or more unsatisfied conditions. 2. The security measure determination device according to 2.
  4.  前記対策選定部は、前記組み合わせに含まれている充足されている条件をより多く未充足の条件に変えることができるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する請求項3に記載のセキュリティ対策決定装置。 The said countermeasure selection part gives priority to the security countermeasure which can change the satisfying conditions contained in the said combination into more unsatisfied conditions, and selects it as the security countermeasure which should be implemented. Security measure decision device.
  5.  前記対策選定部は、より低いコストで実施されるセキュリティ対策を優先して、実施すべきセキュリティ対策に選定する請求項1から4のいずれか1項に記載のセキュリティ対策決定装置。 The security measure determining device according to any one of claims 1 to 4, wherein the measure selection unit selects a security measure to be implemented by giving priority to a security measure to be implemented at a lower cost.
  6.  前記リスク分析部により生成された脅威情報を、前記組み合わせに含まれている未充足の条件のうち、前記システムがサービスを提供するために前記システムにおいて充足されるべき条件である必須条件が前記システムにおいて充足されていることを示す情報に変更する影響反映部をさらに備え、
     前記対策選定部は、前記影響反映部により変更された後の脅威情報を参照して、前記脅威が、対処すべき脅威であるかどうかを判定し、対処すべき脅威であると判定した場合、前記組み合わせに含まれている充足されている条件のうち、前記必須条件とは別の条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する請求項1から5のいずれか1項に記載のセキュリティ対策決定装置。     Among the unsatisfied conditions included in the combination, threat conditions generated by the risk analysis unit are essential conditions that are conditions that should be satisfied in the system in order for the system to provide services. In addition, an impact reflecting unit for changing to information indicating that
    The countermeasure selecting unit refers to the threat information after being changed by the influence reflecting unit, determines whether the threat is a threat to be addressed, and determines that the threat is a threat to be addressed, A security measure capable of changing at least one condition different from the essential condition among satisfied conditions included in the combination to an unsatisfied condition is selected as a security countermeasure to be implemented. The security measure determination device according to any one of 1 to 5.
  7.  リスク分析部が、システムに影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、前記組み合わせに含まれている条件が前記システムにおいて充足されているか未充足であるかを示す脅威情報を生成し、生成した脅威情報をメモリに格納し、
     対策選定部が、前記メモリに格納された脅威情報を参照し、前記組み合わせに含まれている未充足の条件の数に応じて、前記脅威が、対処すべき脅威であるかどうかを判定し、対処すべき脅威であると判定した場合、前記組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定するセキュリティ対策決定方法。     The risk analysis unit includes a combination of one or more conditions in which a threat affecting the system is generated, and threat information indicating whether the conditions included in the combination are satisfied or unsatisfied in the system. Generate, store the generated threat information in memory,
    The measure selection unit refers to the threat information stored in the memory, determines whether the threat is a threat to be dealt with according to the number of unsatisfied conditions included in the combination, When it is determined that the threat should be dealt with, a security measure that selects a security measure that can change at least one satisfied condition included in the combination to an unsatisfied condition is selected as a security measure to be implemented Decision method.
  8.  コンピュータに、
     システムに影響を与える脅威が発生する1つ以上の条件の組み合わせ、および、前記組み合わせに含まれている条件が前記システムにおいて充足されているか未充足であるかを示す脅威情報を生成し、生成した脅威情報をメモリに格納する処理と、
     前記メモリに格納された脅威情報を参照し、前記組み合わせに含まれている未充足の条件の数に応じて、前記脅威が、対処すべき脅威であるかどうかを判定し、対処すべき脅威であると判定した場合、前記組み合わせに含まれている充足されている条件を少なくとも1つ未充足の条件に変えることができるセキュリティ対策を、実施すべきセキュリティ対策に選定する処理と
    を実行させるセキュリティ対策決定プログラム。     On the computer,
    A combination of one or more conditions in which a threat affecting the system is generated, and threat information indicating whether the conditions included in the combination are satisfied or unsatisfied in the system are generated and generated. Storing threat information in memory;
    With reference to the threat information stored in the memory, it is determined whether the threat is a threat to be dealt with according to the number of unsatisfied conditions included in the combination, and the threat to be dealt with If it is determined that there is a security measure that executes a process for selecting a security measure that can be changed to at least one unsatisfied condition included in the combination as a security measure to be implemented Decision program.
PCT/JP2016/068266 2016-06-20 2016-06-20 Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program WO2017221299A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2018506453A JP6324646B1 (en) 2016-06-20 2016-06-20 Security measure determining device, security measure determining method, and security measure determining program
PCT/JP2016/068266 WO2017221299A1 (en) 2016-06-20 2016-06-20 Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/068266 WO2017221299A1 (en) 2016-06-20 2016-06-20 Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program

Publications (1)

Publication Number Publication Date
WO2017221299A1 true WO2017221299A1 (en) 2017-12-28

Family

ID=60784282

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/068266 WO2017221299A1 (en) 2016-06-20 2016-06-20 Security countermeasure determination device, security countermeasure determination method, and security countermeasure determination program

Country Status (2)

Country Link
JP (1) JP6324646B1 (en)
WO (1) WO2017221299A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022162821A1 (en) * 2021-01-28 2022-08-04 日本電気株式会社 Display device, display system, display method, and non-transitory computer-readable medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7258801B2 (en) 2020-03-10 2023-04-17 株式会社東芝 Information processing device, information processing method and program

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008004498A1 (en) * 2006-07-06 2008-01-10 Nec Corporation Security risk management system, device, method, and program
JP2016045736A (en) * 2014-08-22 2016-04-04 株式会社日立製作所 Security design support device and security design support method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060030993A (en) * 2004-10-07 2006-04-12 한국전자통신연구원 Method for analyzing the security grade of information property
JP5020776B2 (en) * 2007-10-29 2012-09-05 株式会社エヌ・ティ・ティ・データ Information security measure decision support apparatus and method, and computer program
JP5413010B2 (en) * 2009-07-17 2014-02-12 日本電気株式会社 Analysis apparatus, analysis method, and program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008004498A1 (en) * 2006-07-06 2008-01-10 Nec Corporation Security risk management system, device, method, and program
JP2016045736A (en) * 2014-08-22 2016-04-04 株式会社日立製作所 Security design support device and security design support method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NATIONAL CENTER OF INCIDENT READINESS AND STRATEGY FOR CYBERSECURITY, 25 June 2014 (2014-06-25) - 2 September 2016 (2016-09-02), pages 27 - 59 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022162821A1 (en) * 2021-01-28 2022-08-04 日本電気株式会社 Display device, display system, display method, and non-transitory computer-readable medium

Also Published As

Publication number Publication date
JP6324646B1 (en) 2018-05-16
JPWO2017221299A1 (en) 2018-06-28

Similar Documents

Publication Publication Date Title
KR101928908B1 (en) Systems and Methods for Using a Reputation Indicator to Facilitate Malware Scanning
US9531746B2 (en) Generating accurate preemptive security device policy tuning recommendations
US10089473B2 (en) Software nomenclature system for security vulnerability management
JP6353498B2 (en) System and method for generating an antivirus record set for detecting malware on user equipment
CN109155774B (en) System and method for detecting security threats
CN111552973B (en) Method and device for risk assessment of equipment, electronic equipment and medium
KR20180032566A (en) Systems and methods for tracking malicious behavior across multiple software entities
KR102116573B1 (en) Dynamic reputation indicators for optimizing computer security operations
US10936714B1 (en) Systems and methods for preventing code insertion attacks
JP2006053788A (en) Software operation monitoring device and software operation monitoring method
EP2663944B1 (en) Malware detection
CN110546936B (en) Personalized threat protection
US11522901B2 (en) Computer security vulnerability assessment
US20230068721A1 (en) Method and system for dynamic testing with diagnostic assessment of software security vulnerability
US11874925B2 (en) Data processing method for coping with ransomware, program for executing the method, and computer-readable recording medium storing the program
JP6324646B1 (en) Security measure determining device, security measure determining method, and security measure determining program
Lim et al. CVE records of known exploited vulnerabilities
JP6800744B2 (en) Whitelisting device
US20230367884A1 (en) Cyber attack scenario generation method and device
US11539737B2 (en) Adaptive security for resource constraint devices
JP7292505B1 (en) Attack scenario generation device, attack scenario generation method, and attack scenario generation program
JP7427146B1 (en) Attack analysis device, attack analysis method, and attack analysis program
WO2024121950A1 (en) Placement location selection device, placement location selection method, and placement location selection program
US8825651B1 (en) Determining a group of related products on a computing device
JPWO2023032203A5 (en)

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2018506453

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16906218

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16906218

Country of ref document: EP

Kind code of ref document: A1