WO2021014596A1 - 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム - Google Patents
検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム Download PDFInfo
- Publication number
- WO2021014596A1 WO2021014596A1 PCT/JP2019/028922 JP2019028922W WO2021014596A1 WO 2021014596 A1 WO2021014596 A1 WO 2021014596A1 JP 2019028922 W JP2019028922 W JP 2019028922W WO 2021014596 A1 WO2021014596 A1 WO 2021014596A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- verification information
- software
- verification
- hash value
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Definitions
- the present invention relates to a verification information creation system, a verification information creation method, and a verification information creation program.
- the software is updated by changing settings, applying security patches, and the like. For this reason, the system operator needs to confirm the integrity as appropriate in daily operations in addition to when installing the software.
- the collation information (verification information) used for the above-mentioned integrity confirmation is not necessarily highly reliable because it can only confirm the integrity at a certain point in time, and is not compatible with general software. There was a problem. Further, when trying to generate verification information corresponding to general software while ensuring reliability, there is a problem that a lot of manual work is required and it takes time and effort.
- the present invention installs the software to be verified on the device, acquires the directory of the installation destination of the software from the device, and based on the type of the file stored in the acquired directory.
- a first acquisition unit that identifies a file from which a hash value can be acquired and acquires the file path of the file from which the hash value can be acquired and the hash value of the file, and a file acquired by the first acquisition unit. It is characterized by including a first verification information creation unit that creates verification information used for verification of the software, including a file path and a hash value of the file.
- FIG. 1 is a diagram showing a configuration example of a verification information creation system.
- FIG. 2 is a diagram illustrating information obtained by executing the zipinfo command.
- FIG. 3 is a diagram illustrating information obtained by executing the zipinfo command.
- FIG. 4 is a diagram showing an example of a verification information list.
- FIG. 5 is a diagram showing an example of a signed verification information list.
- FIG. 6 is a flowchart showing an example of a processing procedure of the verification information creating device according to the first embodiment.
- FIG. 7 is a flowchart showing an example of the analysis process of S112 of FIG.
- FIG. 8 is a flowchart showing an example of verification processing using the hash value in the verification information.
- FIG. 1 is a diagram showing a configuration example of a verification information creation system.
- FIG. 2 is a diagram illustrating information obtained by executing the zipinfo command.
- FIG. 3 is a diagram illustrating information obtained by executing the zipinfo command.
- FIG. 4 is
- FIG. 9 is a flowchart showing an example of additional verification processing of unnecessary files using the verification information.
- FIG. 10 is a flowchart showing an example of a verification process for deleting a file having an essential configuration using verification information.
- FIG. 11 is a flowchart showing an example of the verification process of the access source using the verification information.
- FIG. 12 is a flowchart showing an example of a processing procedure of the verification information creating device according to the second embodiment.
- FIG. 13 is a diagram showing an example of a computer that executes a verification information creation program.
- FIG. 14 is a diagram showing an example of a collation information list.
- the verification information explained below is the basic information for verifying whether the files related to the software installed on the device have been changed or tampered with, and the files are actually changed or tampered with.
- the collation information is defined as the information modified according to the device for which verification is performed.
- the verification information creating device of each embodiment operates the software on the verification device in which the software is installed, for example, in order to create the above verification information. Then, the verification information creation device analyzes the actual behavior of the file or directory when the software is operated, and creates verification information.
- the user when installing software on a verification device using a tar file that summarizes software source files and metadata for installation, the user can specify the installation destination directory.
- the installation directory specified by the user during installation is saved in config.nice or config.status in the source directory where the above tar file is extracted. Therefore, the verification information creation device identifies the software installation directory based on config.nice or config.status in the source directory where the tar file is extracted. Then, the verification information creation device creates verification information using the information of each file stored in the specified installation directory.
- the verification information creation device determines whether or not each file is a real file based on the type of each file stored in the specified installation directory. Then, the verification information creation device identifies the actual file as a file that can take a hash value. After that, the verification information creation device calculates a hash value for a file that can take a hash value, and creates verification information including the file path of the file and the calculated hash value (see FIG. 4).
- the verification information creation device can create verification information regarding a software package in which the user specifies the software installation destination and a software package whose various setting information is changed depending on the installed environment. ..
- the verification information creation device installs the software in the verification device and analyzes the actual behavior of the files and directories when the software is operated. , As appropriate referred to as "dynamic analysis”.
- the verification information creation system includes, for example, a verification information creation device 10 that creates verification information of a software package, and a verification device 20 that performs verification processing of software installed in its own verification device 20 using the verification information. ..
- the verification information creation device 10 includes a data processing unit 11 and a data storage unit 12.
- the verification information creating device 10 is connected to the user terminal via a network such as the Internet.
- the data processing unit 11 includes a processing receiving unit 111, a dynamic analysis processing unit 112, and a signature giving unit 113.
- the data storage unit 12 includes a verification information list storage unit 121, a signed verification information list storage unit 122, and a dynamic analysis rule storage unit 123.
- the static analysis processing unit 115 and the static analysis rule storage unit 124 shown by the broken line may or may not be equipped in the verification information creation device 10. In the case where they are equipped, the second embodiment. Described in.
- the processing reception unit 111 receives a request for creating verification information of the software package from the user terminal, and returns the result.
- the dynamic analysis processing unit 112 performs dynamic analysis on the software package for which verification information is created, and creates verification information.
- the dynamic analysis processing unit 112 includes a first analysis unit (first acquisition unit) 1121 and a first verification information creation unit 1122.
- the first analysis unit 1121 reads a rule for performing dynamic analysis of the software package for which verification information is created from the dynamic analysis rule storage unit 123. Then, the first analysis unit 1121 installs the software package in the verification device 20 according to the read rule, and acquires the directory of the installation destination of the software of the software package from the verification device 20. After that, the first analysis unit 1121 identifies a file from which a hash value can be acquired based on the type of file stored in the acquired directory. Then, the first analysis unit 1121 acquires the file path of the file from which the hash value can be acquired and the hash value of the file.
- the first analysis unit 1121 specifies the software installation directory based on, for example, config.nice or config.status included in the tar file. Then, the first analysis unit 1121 determines whether or not the file is a real file based on the type of the file stored in the specified installation directory.
- the first analysis unit 1121 identifies the file that is determined to have an entity as a file that can take a hash value. After that, the first analysis unit 1121 calculates the hash value of the file for the file that can take the hash value, and acquires the file path of the file and the calculated hash value of the file.
- the first analysis unit 1121 also acquires the package name and verification information ID (for example, serial number) of the software package from the tar file.
- the first analysis unit 1121 can specify the type of each file stored in the installation directory by executing the command shown below, and for a file whose hash value can be obtained, the hash value of the file. To calculate.
- the file from which the above hash value can be obtained is a text file
- the file may be rewritten due to a setting change or the like after the software is installed. Therefore, when the file from which the hash value can be obtained is a text file, the first analysis unit 1121 recalculates the hash value of the file after changing the software settings in the verification device 20. Then, the first verification information creation unit 1122 rewrites the hash value related to the file in the verification information to the recalculated value.
- the software package to be analyzed by the first analysis unit 1121 may be a compressed file.
- the compressed file is, for example, a zip file or a war file.
- a zip file is an archive format that handles a plurality of files as one file.
- the war file is a package of Java (registered trademark) Platform Enterprise Edition (Java EE) application and is compressed in zip format.
- the file format (t: text file, b: binary file) of the file stored in the compressed file can be confirmed by the zipinfo command (see FIGS. 2 and 3).
- the first analysis unit 1121 may rewrite the file. Therefore, the first analysis unit 1121 sets the software in the verification device 20. After the change, the hash value of the file is recalculated.
- the first verification information creation unit 1122 creates the verification information of the software package based on the information acquired by the analysis of the software package by the first analysis unit 1121.
- the first verification information creation unit 1122 has the package name, verification information ID (for example, serial number) of the software package, and the file of the file to be verified acquired by the analysis of the software package by the first analysis unit 1121. Verification information (see FIG. 4) is created using the path or directory, the hash value of the file, and the like. After that, the first verification information creation unit 1122 stores the created verification information in the verification information list storage unit 121, and returns to the user terminal that the creation of the verification information is completed.
- verification information ID for example, serial number
- Verification information (see FIG. 4) is created using the path or directory, the hash value of the file, and the like.
- the processing reception unit 111 When the processing reception unit 111 receives the verification information read instruction via the user terminal, the processing reception unit 111 reads the verification information to be read from the verification information list storage unit 121 and transmits it to the user terminal. To do. After that, when the processing reception unit 111 receives the correction of the verification information from the user terminal, the verification information reflecting the correction is stored in the verification information list storage unit 121.
- the processing reception unit 111 adds an access source (executable file path of the program to be accessed) permitted to the access source permission list (see FIG. 4) in the verification information to the verification information from the user terminal.
- the verification information corrected based on the instruction is stored in the verification information list storage unit 121.
- the processing reception unit 111 may store the verification information transmitted from the external device (for example, the user terminal) in the verification information list storage unit 121.
- the signature granting unit 113 grants the user-signed public key certificate to the verification information. For example, when the signature giving unit 113 receives a request for giving a signature to the verification information from the user terminal, the processing receiving unit 111 selects the corresponding verification information from the verification information list storage unit 121 and verifies it to the signature giving unit 113. Pass information. Then, the signature giving unit 113 stores the verification information for the information in which the verification information ID is replaced with the package ID (package name + verification information ID + device identification information in which the verification information is stored) among the verification information. The verification information (see FIG. 5) to which the user signature of the device to be used and the public key certificate of the user signature are given is stored in the signed verification information list storage unit 122.
- the signature granting unit 113 assigns the user signature of the verification device 20 on which the software package is installed and the public key certificate of the user signature to the verification information (see FIG. 5), and the signed verification information list storage unit. Store in 122.
- the verification information list storage unit 121 of the data storage unit 12 stores a list of verification information (verification information list).
- the verification information includes the package name of the software package, the verification information ID, the file path or directory path information of the file to be verified, the hash value (hash value) of the file, the required existence attribute, and the like.
- the verification information may include a configuration confirmation target attribute, an access source permission list, and the like.
- the existence required attribute is attribute information indicating whether or not the file shown in the file path / directory path information of the verification information is a required file in the device in which the software package is installed.
- the configuration confirmation target attribute is attribute information indicating whether or not the file shown in the file path / directory path information of the verification information is the target of the configuration confirmation.
- the access source permission list is information indicating the execution file path of the program to which access is permitted for the file shown in the file path / directory path information of the verification information.
- the above-mentioned information of the required existence attribute, the configuration confirmation target attribute, and the access source permission list is, for example, the information input from the user terminal.
- the signed verification information list storage unit 122 stores a list of signed verification information (see FIG. 5).
- This list of signed verification information is a list of verification information with the user signature of the device on which the software package is installed and the public key certificate of the user signature.
- the verification information ID is replaced with the package name + the verification information ID + the identification information of the device in which the verification information is stored as the package ID for each of the verification information shown in FIG.
- the user signature of the verification device 20 in which the verification information is stored and the public key certificate of the user signature are added to the information.
- the dynamic analysis rule storage unit 123 stores information (dynamic analysis rule) indicating the dynamic analysis method used for creating the verification information of the software package for each software package.
- the dynamic analysis rules are as follows, for example. That is, when the first analysis unit 1121 performs dynamic analysis on the tar file, first, for the tar file, the software installation directory is set based on the config.nice or config.status included in the tar file. Identify. Next, the first analysis unit 1121 determines whether or not each file is a real file based on the type of each file stored in the specified installation directory. Then, the first analysis unit 1121 identifies the file that is determined to have an entity as a file that can take a hash value, and acquires the file path of the file and the hash value of the file. is there.
- the first analysis unit 1121 of the verification information creation device 10 installs the software package for which the verification information is created in the device (S111), and dynamically of the software package based on the dynamic analysis rule of the software package. Execute the analysis (S112). After that, the first verification information creation unit 1122 creates the verification information of the software package based on the analysis result of the software package by the first analysis unit 1121 (S113). Then, the first verification information creation unit 1122 stores the verification information created in S113 in the verification information list storage unit 121.
- the processing reception unit 111 receives the correction input of the verification information from the user terminal or the like (Yes in S114), the verification information is corrected (S115), and the processing after S111 is executed again.
- the signature giving unit 113 uses the user signature and the public key of the user signature in the verification information stored in the verification information list storage unit 121.
- a certificate is attached and stored in the signed verification information list storage unit 122 (S116: signature assignment of verification information).
- the first analysis unit 1121 specifies the directory where the software of the software package is installed based on the dynamic analysis rule of the software package (S121). After that, the first analysis unit 1121 identifies the type of each file in the directory (S122). Here, with respect to the file determined by the first analysis unit 1121 to be a real file (Yes in S123) based on the type of each file in the directory, the first analysis unit 1121 is the software of the software package. Acquires the package name, verification information ID, file path of the file, and hash value of the file from the device on which the device is installed (S124: Acquires the package name, verification information ID, file path, and hash value). On the other hand, the file that the first analysis unit 1121 determines that it is not a real file (No in S123) based on the type of each file in the directory is not processed in S124.
- the verification information creation device 10 can create verification information of the software package by dynamic analysis of the software package.
- the above-mentioned verification information creation process may be executed, for example, when the verification information creation device 10 receives a software package verification information creation instruction from a user terminal or the like, or the existing verification information may be used. It may be executed when the input that the correction has been made is accepted.
- the verification device 20 shown in FIG. 1 acquires the verification information of its own verification device 20 from the verification information creating device 10, and executes the verification processing shown in FIGS. 8 to 11.
- the verification information created by the verification information creating device 10 is stored in the verification device 20.
- the verification device 20 confirms that the received verification information has not been tampered with based on the user signature or the user-signed public key certificate.
- the verification device 20 compares the software installed in the verification device 20 with the verification information, and stores the information matching the verification device 20 as collation information.
- the required existence attribute of the software packages of tomcat-9.0.4 and clamav-0.100 is described as "not required”.
- the contents shown in FIG. 14 are saved as the collation information. .. That is, the verification device 20 stores the information obtained by deleting the verification information of the software file that is not actually installed in the verification device 20 from the signed verification information list as the verification information.
- the verification device 20 determines that the hash value of the file whose access is detected matches the hash value of the corresponding path of the collation information (Yes in S13), the determination result of the integrity of the file is OK (not tampered with). ) (S15). Then, the verification device 20 outputs the result of the determination to the log (S17).
- the verification device 20 detects an access to a file in the device, it determines whether or not the file for which the access is detected is a file to be checked for configuration in the collation information (S21).
- the verification device 20 determines that the file whose access is detected is the file to be checked for configuration in the collation information (Yes in S21)
- the path of the file whose access is detected is registered in the collation information. It is determined whether or not it exists under the directory (S22).
- the verification device 20 determines that the path of the file whose access is detected matches the file name or directory name directly under the directory for which the configuration of the verification information is to be confirmed (Yes in S23), the determination result of the completeness of the file is It is determined that it is OK (unnecessary files have not been added) (S25). Then, the verification device 20 outputs the result of the determination to the log (S27).
- the verification device 20 determines in S22 that the path of the file whose access is detected does not exist under the configuration confirmation target directory registered in the collation information (No in S22), the file is not protected. The determination is made (S26), and the result of the determination is output to the log (S27).
- the verification device 20 detects access to a file in the device, and when the file that detects the access is a file to be checked for configuration in the collation information (Yes in S31), the file that detects the access is registered in the collation information. It is determined whether or not the file exists under the directory (S32).
- the verification device 20 determines in S32 that the file whose access is detected exists under the directory registered in the collation information (Yes in S32), the integrity judgment result of the file is OK (the file has been deleted). It is determined (S34). Then, the verification device 20 outputs the result of the determination to the log (S36).
- the verification device 20 determines that the file whose access is detected does not exist under the directory registered in the collation information (No in S32), the integrity determination result is NG because the file has been deleted. (S33). Then, the verification device 20 outputs the result of the determination to the log (S36).
- the verification device 20 determines in S42 that the access source permission list is set in the corresponding path of the collation information (Yes in S42), the access source process path of the file detected in the access is collated. It is determined whether or not the information matches the path described in the access source permission list of the corresponding path (S43).
- the access source is permitted. Since it has not been done, the determination result of completeness is determined to be NG (S47). Then, the verification device 20 outputs the result of the determination to the log (S49).
- the file whose access is detected by the verification device 20 in S42 determines that the access source permission list is not set in the corresponding path of the collation information (No in S42), it is also determined that the file is not protected (No). S48), the result of the determination is output to the log (S49).
- the verification device 20 uses various verification processes based on the verification information created by the verification information creation device 10 and using the collation information modified according to the software file installed in the verification device 20. It can be performed.
- the above verification process may be performed by, for example, the verification information creation device 10.
- the directory where the software is installed is specified in advance.
- the installation destination directory is specified in advance for the Linux (registered trademark) rpm package and deb package. Therefore, the verification information creating device 10 can specify the software installation destination by analyzing the software package itself without installing the above rpm package, deb package, etc. in the device.
- static analysis the analysis of the software package as described above is referred to as static analysis.
- the rpm package is a system for managing software packages developed by Red Hat.
- the deb package is a binary package used in Linux (registered trademark) such as Debian and Ubuntu.
- various information can be obtained by executing the rpm command as shown below after completing the settings.
- the verification information creation device 10 executes the rpm command to start from the rpm package, the package name, the file name packed in the package, the file mode, and the file type (d: directory / c: character device / s:). Socket /-: file), permissions (r: readable file or directory / w: writable file or directory / x: executeable file), whether the file is flagged as a document or config file, The hash value (MD5), the numerical value of the verification flag for each file, etc. can be acquired.
- the verification information creation device 10 can acquire each of the above information by executing the above rpm command for the rpm package, for example.
- the verification information creation device uses a file in which the value obtained by taking the logical product of the above% ⁇ fileverifyflags: hex ⁇ (0x******) and 0x00000001 is 1 as verification information. And.
- the verification information creation device refers to the value of% ⁇ fileflags ⁇ , and sets the file that is a config file and is not writable as the verification information.
- the verification information creation device 10 creates, for example, the verification information shown in FIG. 4 by performing the above processing. That is, the verification information creating device 10 has, for example, the package name of the software package for which verification information is created, the verification information ID, the file path or directory path information of the file to be verified in the device, and the file, as shown in FIG. Create verification information including hash value, required existence attribute, etc.
- the file path and hash value (MD5) of the files included in each package can be obtained with the following command after installation. Therefore, the verification information creation device may be used as the verification information acquired by the following command.
- the verification information creating device 10 creates the verification information by the static analysis and the verification information by the static analysis. If it is a software package that cannot be created, verification information may be created by dynamic analysis.
- the verification information creating device 10 described above will be described as the verification information creating device 10 of the second embodiment. The same configurations as those of the first embodiment are designated by the same reference numerals, and the description thereof will be omitted.
- the verification information creating device 10 in the second embodiment further includes a determination unit 114, a static analysis processing unit 115, and a static analysis rule storage unit 124, as shown by the broken line in FIG.
- the determination unit 114 determines whether or not the software package for which verification information is created is the software package for which static analysis is to be performed. For example, if the software package for which verification information is created is an rpm package or a deb package, the determination unit 114 determines that the software package is a software package for static analysis. On the other hand, if the software package for which the verification information is created is neither the rpm package nor the deb package, the determination unit 114 determines that the software package is the software package for which the dynamic analysis is to be performed.
- the static analysis processing unit 115 performs static analysis on the software package and creates verification information using the analysis result.
- the static analysis processing unit 115 includes a second analysis unit (second acquisition unit) 1151 and a second verification information creation unit 1152.
- the second analysis unit 1151 reads a rule for performing static analysis on the software package for which verification information is created from the static analysis rule storage unit 124. Then, the second analysis unit 1151 acquires the information of the file that is unlikely to be changed in the daily operation from the file included in the software package according to the read rule.
- the second analysis unit 1151 executes the file path of a file (for example, a binary file) to be confirmed using a hash value at the time of verification among the files included in the software by executing a predetermined command, and the file. Get the hash value of and the file path of the non-rewritable config file. In addition, the second analysis unit 1151 also acquires the package name and verification information ID (for example, serial number) of the software package.
- a file for example, a binary file
- the second analysis unit 1151 also acquires the package name and verification information ID (for example, serial number) of the software package.
- the second verification information creation unit 1152 creates the verification information of the software package based on the information acquired by the analysis of the software package by the second analysis unit 1151. For example, the second verification information creation unit 1152 uses the package name, verification information ID, and file to be verified of the software package based on the information acquired by the static analysis of the software package by the second analysis unit 1151. Create verification information (see FIG. 4) showing the file path or directory path information of the file, the hash value of the file, the required attributes of existence, and the like. After that, the second verification information creation unit 1152 stores the created verification information in the verification information list storage unit 121, and returns to the user terminal that the creation of the verification information is completed.
- the static analysis rule storage unit 124 stores information (static analysis rule) indicating how to perform static analysis on the software package for each software package. For example, the static analysis rule executes the rpm command for the rpm package, acquires the information of the binary file that performs hash confirmation at the time of file verification, and is a config file and is not writable. It's like getting information.
- the determination unit 114 of the verification information creation device 10 determines whether the software package for which the verification information is created is the package software for static analysis (S130).
- the determination unit 114 determines that the software package for which verification information is created is the package software for static analysis (Yes in S130)
- the verification information creation device 10 acquires the software package (S131). ..
- the second analysis unit 1151 executes the analysis of the software package based on the static analysis rule of the software package (S132).
- the second verification information creation unit 1152 creates the verification information of the software package based on the analysis result of the software package by the second analysis unit 1151 (S133). Then, the second verification information creation unit 1152 stores the verification information created in S133 in the verification information list storage unit 121. After that, when the processing reception unit 111 accepts the correction input of the verification information (Yes in S144), the verification information is corrected to an appropriate content (S145), and the process proceeds to S141.
- the signature giving unit 113 uses the user signature and the user signature of the verification information stored in the verification information list storage unit 121.
- the public key certificate of the above is attached and stored in the signed verification information list storage unit 122 (S146: signature assignment of verification information).
- the verification information creating device 10 is the target for creating the verification information. Install the software package of (S141) on the device. Then, the first analysis unit 1121 executes the dynamic analysis of the software package based on the dynamic analysis rule of the software package (S142). After that, the first verification information creation unit 1122 creates the verification information of the software package based on the analysis result of the software package by the first analysis unit 1121 (S143). Then, the process proceeds to S144.
- the verification information creation device 10 can create verification information by static analysis for a software package that can create verification information by static analysis.
- the verification device 20 uses the above verification information to perform a software package verification process in the same manner as in the first embodiment.
- the information processing device can function as the verification information creation device 10 by causing the information processing device to execute the above program provided as package software or online software.
- the information processing device referred to here includes a desktop type or notebook type personal computer, a rack-mounted server computer, and the like.
- the information processing device includes smartphones, mobile phones, mobile communication terminals such as PHS (Personal Handyphone System), and PDA (Personal Digital Assistants).
- the verification information creation device 10 may be mounted on the cloud server.
- the computer 1000 has, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. Each of these parts is connected by a bus 1080.
- the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM (Random Access Memory) 1012.
- the ROM 1011 stores, for example, a boot program such as a BIOS (Basic Input Output System).
- BIOS Basic Input Output System
- the hard disk drive interface 1030 is connected to the hard disk drive 1090.
- the disk drive interface 1040 is connected to the disk drive 1100.
- a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100.
- a mouse 1110 and a keyboard 1120 are connected to the serial port interface 1050.
- a display 1130 is connected to the video adapter 1060, for example.
- the hard disk drive 1090 stores, for example, OS1091, application program 1092, program module 1093, and program data 1094.
- the data storage unit described in the above-described embodiment is provided in, for example, the hard disk drive 1090 or the memory 1010.
- the CPU 1020 reads the program module 1093 and the program data 1094 stored in the hard disk drive 1090 into the RAM 1012 as needed, and executes each of the above-described procedures.
- the program module 1093 and program data 1094 related to the above verification information creation program are not limited to the case where they are stored in the hard disk drive 1090, for example, they are stored in a removable storage medium and are stored via a disk drive 1100 or the like. It may be read by the CPU 1020. Alternatively, the program module 1093 and the program data 1094 related to the above program are stored in another computer connected via a network such as LAN or WAN (Wide Area Network), and read by the CPU 1020 via the network interface 1070. May be done.
- LAN or WAN Wide Area Network
- Verification information creation device 20 Verification device 11 Data processing unit 12 Data storage unit 111 Processing reception unit 112 Dynamic analysis processing unit 113 Signing unit 114 Judgment unit 115 Static analysis processing unit 121 Verification information list storage unit 122 Signed verification information List storage unit 123 Dynamic analysis rule storage unit 124 Static analysis rule storage unit 1121 First analysis unit 1122 First verification information creation unit 1151 Second analysis unit 1152 Second verification information creation unit
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
以下に、各実施形態の検証情報作成装置(検証情報作成システム)の概要を説明する。各実施形態の検証情報作成装置は、例えば、上記の検証情報を作成するため、ソフトウェアがインストールされた検証装置で当該ソフトウェアを動作させる。そして、検証情報作成装置は、当該ソフトウェアを動作させたときのファイルやディレクトリの実際の振る舞いを解析し、検証情報を作成する。
[構成]
次に、図1を用いて、第1の実施形態の検証情報作成システムの構成例を説明する。検証情報作成システムは、例えば、ソフトウェアパッケージの検証情報を作成する検証情報作成装置10と、当該検証情報を用いて自身の検証装置20にインストールされたソフトウェアの検証処理を行う検証装置20とを備える。
次に、図6を用いて検証情報作成装置10の処理手順の例を説明する。例えば、検証情報作成装置10が、利用者端末等から、ソフトウェアパッケージの検証情報を作成する旨の入力を受け付けると以下の処理を実行する。
次に、検証情報作成装置10により作成された検証情報を用いた検証処理の例を説明する。例えば、図1に示す検証装置20は、検証情報作成装置10から、自身の検証装置20の検証情報を取得し、図8~図11に示す検証処理を実行する。まず、図8を用いて、検証情報におけるhash値を用いた検証処理の例について説明する。検証情報作成装置10で作成された検証情報は、検証装置20に格納される。検証装置20は、ユーザ署名やユーザ署名公開鍵証明書に基づき、受領した検証情報が改ざんされていないことを確認する。検証装置20では、当該検証装置20にインストールされているソフトウェアと検証情報とを比較し、当該検証装置20に合致するものを照合情報として格納する。これがファイルの変更や改ざんのチェックに使われるものとなる。例えば、図5に示す署名付き検証情報リストでは、tomcat-9.0.4とclamav-0.100のソフトウェアパッケージの存在必須属性が「必須でない」と記されている。ここで、検証装置20には、tomcat-9.0.4はインストールされているが、clamav-0.100はインストールされていないとすると、照合情報としては図14に記載された内容が保存されることになる。つまり、検証装置20は、署名付き検証情報リストから、実際には当該検証装置20にインストールされていないソフトウェアのファイルの検証情報を削除した情報を、照合情報として格納する。
まず、検証装置20が当該検証装置20内のファイルへのアクセスを検知すると、アクセスを検知したファイルのパスが、照合情報に登録されているパスと一致するか否かを判定する(S11)。ここで、検証装置20が、アクセスを検知したファイルのパスが、照合情報に登録されているパスと一致すると判定し(S11でYes)、かつ、当該照合情報の該当パスにhash値が存在する場合(S12でYes)、アクセスを検知したファイルのhash値が照合情報の該当パスのhash値と一致するか否かを判定する(S13)。
次に、図9を用いて、不要なファイルの追加の検証処理の例について説明する。まず、検証装置20が機器内のファイルへのアクセスを検知すると、アクセスを検知したファイルが、照合情報において構成確認対象のファイルであるか否かを判定する(S21)。ここで、検証装置20が、アクセスを検知したファイルが、照合情報において構成確認対象のファイルであると判定した場合(S21でYes)、アクセスを検知したファイルのパスが照合情報に登録されているディレクトリの配下に存在するか否かを判定する(S22)。
次に、図10を用いて、必須構成のファイルの削除の検証処理の例について説明する。まず検証装置20が機器内のファイルへのアクセスを検知し、アクセスを検知したファイルが、照合情報において構成確認対象のファイルである場合(S31でYes)、アクセスを検知したファイルが照合情報に登録されているディレクトリの配下に存在するか否かを判定する(S32)。
次に、図11を用いて、アクセス元の検証処理の例について説明する。まず、検証装置20が機器内のファイルへのアクセスを検知し、アクセスを検知したファイルのパスが、照合情報に登録されているパスと一致する場合(S41でYes)、照合情報の該当パスにアクセス元許可リストが設定されているか否かを判定する(S42)。
ソフトウェアパッケージの中には、ソフトウェアのインストール先のディレクトリが予め指定されているものがある。例えば、Linux(登録商標)のrpmパッケージ、debパッケージには、インストール先のディレクトリが予め指定されている。よって、検証情報作成装置10は、上記のrpmパッケージ、debパッケージ等については、機器にインストールしなくても、ソフトウェアパッケージ自体を解析することで、ソフトウェアのインストール先を特定することができる。以下、上記のようなソフトウェアパッケージの解析を静的解析と呼ぶ。
次に、図12を用いて第2の実施形態の検証情報作成装置10の処理手順の例を説明する。例えば、検証情報作成装置10が、利用者端末等から、ソフトウェアパッケージの検証情報を作成する旨の入力を受け付けると以下の処理を実行する。
また、上記の実施形態で述べた検証情報作成装置10の機能を実現するプログラムを所望の情報処理装置(コンピュータ)にインストールすることによって実装できる。例えば、パッケージソフトウェアやオンラインソフトウェアとして提供される上記のプログラムを情報処理装置に実行させることにより、情報処理装置を検証情報作成装置10として機能させることができる。ここで言う情報処理装置には、デスクトップ型またはノート型のパーソナルコンピュータ、ラック搭載型のサーバコンピュータ等が含まれる。また、その他にも、情報処理装置にはスマートフォン、携帯電話機やPHS(Personal Handyphone System)等の移動体通信端末、さらには、PDA(Personal Digital Assistants)等がその範疇に含まれる。また、検証情報作成装置10を、クラウドサーバに実装してもよい。
20 検証装置
11 データ処理部
12 データ格納部
111 処理受付部
112 動的解析処理部
113 署名付与部
114 判定部
115 静的解析処理部
121 検証情報リスト格納部
122 署名付き検証情報リスト格納部
123 動的解析ルール格納部
124 静的解析ルール格納部
1121 第1の解析部
1122 第1の検証情報作成部
1151 第2の解析部
1152 第2の検証情報作成部
Claims (8)
- 検証対象のソフトウェアを機器にインストールし、前記機器から前記ソフトウェアのインストール先のディレクトリを取得し、前記取得したディレクトリに格納されるファイルの種類に基づき、ハッシュ値を取得可能なファイルを特定し、前記ハッシュ値を取得可能なファイルのファイルパスおよび前記ファイルのハッシュ値を取得する第1の取得部と、
前記第1の取得部により取得されたファイルのファイルパスおよび前記ファイルのハッシュ値を含む、前記ソフトウェアの検証に用いる検証情報を作成する第1の検証情報作成部と、
を備えることを特徴とする検証情報作成システム。 - 前記第1の取得部は、
前記ハッシュ値を取得可能なファイルがテキストファイルである場合、前記機器において前記ソフトウェアの設定変更の実施後に前記テキストファイルのハッシュ値を取得すること
を特徴する請求項1に記載の検証情報作成システム。 - 前記ソフトウェアが、tarファイルによりインストールされるソフトウェアである場合、前記第1の取得部は、前記機器において前記tarファイルを展開したディレクトリに保存されるconfig.niceまたはconfig.statusから、前記ソフトウェアのインストール先のディレクトリを取得する
ことを特徴とする請求項1に記載の検証情報作成システム。 - 前記検証対象のソフトウェアが、rpmパッケージまたはdebパッケージのソフトウェアであるか否かを判定する判定部と、
前記検証対象のソフトウェアが、rpmパッケージまたはdebパッケージのソフトウェアであると判定された場合、前記ソフトウェアのソフトウェアパッケージに対し所定のコマンドを実行することにより、前記ソフトウェアパッケージに含まれるファイルのうち、当該ファイルの検証時にハッシュ値を用いて確認を行うファイルのファイルパスおよび前記ファイルのハッシュ値を取得する第2の取得部と、
前記第2の取得部により取得されたファイルパスおよび前記ファイルのハッシュ値を含む前記ソフトウェアパッケージの検証情報を作成する第2の検証情報作成部と、
をさらに備えることを特徴とする請求項1に記載の検証情報作成システム。 - 前記検証情報の作成後、前記検証情報が変更された場合、前記第1の取得部は、再度、前記ソフトウェアを機器にインストールし、前記ハッシュ値を取得可能なファイルのファイルパスおよび前記ファイルのハッシュ値を取得し、
前記第1の検証情報作成部は、前記第1の取得部により取得されたファイルのファイルパスおよび前記ファイルのハッシュ値を含む、前記ソフトウェアの検証情報を作成する
ことを特徴とする請求項1~請求項4のいずれか1項に記載の検証情報作成システム。 - 前記検証情報に、前記ソフトウェアがインストールされた機器のユーザのユーザ署名と、前記ユーザの公開鍵証明書とを付与する署名付与部
をさらに備えることを特徴とする請求項1に記載の検証情報作成システム。 - 検証情報作成システムにより実行される検証情報作成方法であって、
検証対象のソフトウェアを機器にインストールし、前記機器から前記ソフトウェアのインストール先のディレクトリを取得し、前記取得したディレクトリに格納されるファイルの種類に基づき、ハッシュ値を取得可能なファイルを特定し、前記ハッシュ値を取得可能なファイルのファイルパスおよび前記ファイルのハッシュ値を取得する工程と、
前記取得したファイルのファイルパスおよび前記ファイルのハッシュ値を含む、前記ソフトウェアの検証に用いる検証情報を作成する工程と、
を含むことを特徴とする検証情報作成方法。 - 検証対象のソフトウェアを機器にインストールし、前記機器から前記ソフトウェアのインストール先のディレクトリを取得し、前記取得したディレクトリに格納されるファイルの種類に基づき、ハッシュ値を取得可能なファイルを特定し、前記ハッシュ値を取得可能なファイルのファイルパスおよび前記ファイルのハッシュ値を取得するステップと、
前記取得したファイルのファイルパスおよび前記ファイルのハッシュ値を含む、前記ソフトウェアの検証に用いる検証情報を作成するステップと、
をコンピュータに実行させることを特徴とする検証情報作成プログラム。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201980098649.2A CN114175034A (zh) | 2019-07-23 | 2019-07-23 | 验证信息生成系统、验证信息生成方法以及验证信息生成程序 |
EP19938814.1A EP3989095B1 (en) | 2019-07-23 | 2019-07-23 | Verification information creation system, verification information creation method, and verification information creation program |
AU2019458656A AU2019458656B2 (en) | 2019-07-23 | 2019-07-23 | Verification information generating system, verification information generating method, and verification information generating program |
US17/626,504 US20220292224A1 (en) | 2019-07-23 | 2019-07-23 | Verification information generating system, verification information generating method, and verification information generating program |
JP2021534472A JP7222428B2 (ja) | 2019-07-23 | 2019-07-23 | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム |
PCT/JP2019/028922 WO2021014596A1 (ja) | 2019-07-23 | 2019-07-23 | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2019/028922 WO2021014596A1 (ja) | 2019-07-23 | 2019-07-23 | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021014596A1 true WO2021014596A1 (ja) | 2021-01-28 |
Family
ID=74193572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2019/028922 WO2021014596A1 (ja) | 2019-07-23 | 2019-07-23 | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US20220292224A1 (ja) |
EP (1) | EP3989095B1 (ja) |
JP (1) | JP7222428B2 (ja) |
CN (1) | CN114175034A (ja) |
AU (1) | AU2019458656B2 (ja) |
WO (1) | WO2021014596A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022259477A1 (ja) | 2021-06-10 | 2022-12-15 | 日本電信電話株式会社 | 監視装置、監視方法及び監視プログラム |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019008376A (ja) * | 2017-06-20 | 2019-01-17 | 日本電信電話株式会社 | ファイル管理装置及びファイル管理方法 |
JP2019008738A (ja) | 2017-06-28 | 2019-01-17 | 日本電信電話株式会社 | 検証装置 |
JP2019008377A (ja) | 2017-06-20 | 2019-01-17 | 日本電信電話株式会社 | 照合情報生成装置、管理システム及び照合情報生成方法 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100062844A1 (en) * | 2003-03-05 | 2010-03-11 | Bally Gaming, Inc. | Authentication and validation systems for gaming devices |
CN105706060B (zh) * | 2013-09-04 | 2018-11-27 | 惠普发展公司,有限责任合伙企业 | 数据包的报头部分下载 |
US10284374B2 (en) * | 2015-06-10 | 2019-05-07 | Arris Enterprises Llc | Code signing system with machine to machine interaction |
WO2018004596A1 (en) * | 2016-06-30 | 2018-01-04 | Intel Corporation | Technologies for serializable binary data distribution |
CN106485139B (zh) * | 2016-09-29 | 2019-06-04 | 商客通尚景科技(上海)股份有限公司 | 一种应用程序的安全验证方法 |
CN110059475A (zh) * | 2018-01-18 | 2019-07-26 | 伊姆西Ip控股有限责任公司 | 用于数据保护的方法、设备和计算机程序产品 |
US11438139B2 (en) * | 2018-02-07 | 2022-09-06 | Raouf Boutaba | Blockchain based secure naming and update verification |
CN111046436A (zh) * | 2018-10-11 | 2020-04-21 | 中国人民解放军战略支援部队航天工程大学 | 基于系统级包管理的签名认证方法及服务器 |
JP7056514B2 (ja) * | 2018-10-30 | 2022-04-19 | 日本電信電話株式会社 | 管理システム、取得装置及び管理方法 |
CN114175033A (zh) * | 2019-07-23 | 2022-03-11 | 日本电信电话株式会社 | 验证信息生成系统、验证信息生成方法以及验证信息生成程序 |
CN114830117A (zh) * | 2019-12-17 | 2022-07-29 | 日本电信电话株式会社 | 验证信息修正装置、验证信息修正方法和验证信息修正程序 |
AU2021414143A1 (en) * | 2020-12-30 | 2023-07-06 | Virsec Systems, Inc. | Zero dwell time process library and script monitoring |
US20240129194A1 (en) * | 2021-03-25 | 2024-04-18 | Intel Corporation | Multiradio interface data model and radio application package container format for reconfigurable radio systems |
CN114444027A (zh) * | 2021-12-27 | 2022-05-06 | 北京升明科技有限公司 | 软件签名植入方法、验证方法、装置、电子设备及介质 |
CN116340932A (zh) * | 2023-03-29 | 2023-06-27 | 北京科银京成技术有限公司 | 具有隔离功能的应用程序包生成方法、管理方法及装置 |
-
2019
- 2019-07-23 WO PCT/JP2019/028922 patent/WO2021014596A1/ja unknown
- 2019-07-23 AU AU2019458656A patent/AU2019458656B2/en active Active
- 2019-07-23 EP EP19938814.1A patent/EP3989095B1/en active Active
- 2019-07-23 JP JP2021534472A patent/JP7222428B2/ja active Active
- 2019-07-23 US US17/626,504 patent/US20220292224A1/en active Pending
- 2019-07-23 CN CN201980098649.2A patent/CN114175034A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019008376A (ja) * | 2017-06-20 | 2019-01-17 | 日本電信電話株式会社 | ファイル管理装置及びファイル管理方法 |
JP2019008377A (ja) | 2017-06-20 | 2019-01-17 | 日本電信電話株式会社 | 照合情報生成装置、管理システム及び照合情報生成方法 |
JP2019008738A (ja) | 2017-06-28 | 2019-01-17 | 日本電信電話株式会社 | 検証装置 |
Non-Patent Citations (3)
Title |
---|
"Intel TXT Enhances Security in Virtual Environments", NIKKEI XTECH, 11 July 2019 (2019-07-11), Retrieved from the Internet <URL:https://tech.nikkeibp.co.jp/it/article/COLUMN/20071114/287197/> |
NISHIMURA, MEGUMI: "All techniques for package management!. Master for rpm/deb/tgz", LINUX WORLD, IDG JAPAN, JP, vol. 5, no. 9, 1 September 2001 (2001-09-01), JP, pages 107 - 123, XP009533105 * |
TRIPWIRE, 11 July 2019 (2019-07-11), Retrieved from the Internet <URL:https://www.tripwire.co.jp/about> |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022259477A1 (ja) | 2021-06-10 | 2022-12-15 | 日本電信電話株式会社 | 監視装置、監視方法及び監視プログラム |
Also Published As
Publication number | Publication date |
---|---|
JP7222428B2 (ja) | 2023-02-15 |
US20220292224A1 (en) | 2022-09-15 |
EP3989095A4 (en) | 2022-12-21 |
AU2019458656B2 (en) | 2023-06-08 |
EP3989095A1 (en) | 2022-04-27 |
CN114175034A (zh) | 2022-03-11 |
AU2019458656A1 (en) | 2022-02-24 |
JPWO2021014596A1 (ja) | 2021-01-28 |
EP3989095B1 (en) | 2023-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8332909B2 (en) | Automated software restriction policy rule generation | |
CN102521081B (zh) | 修复遭破坏的软件 | |
US8082442B2 (en) | Securely sharing applications installed by unprivileged users | |
CN105989306B (zh) | 操作系统的文件签名方法、文件校验方法及装置 | |
US9767280B2 (en) | Information processing apparatus, method of controlling the same, information processing system, and information processing method | |
US8353041B2 (en) | Secure application streaming | |
US20060236122A1 (en) | Secure boot | |
JP2007200102A (ja) | 不正コードおよび不正データのチェックシステム、プログラムおよび方法 | |
US8656494B2 (en) | System and method for optimization of antivirus processing of disk files | |
CN111052117B (zh) | 在没有多元化创作的情况下安全地定义操作系统组成 | |
JP6713954B2 (ja) | ファイル管理装置及びファイル管理方法 | |
CN110298171B (zh) | 移动互联网大数据应用的智能检测与安全防护方法 | |
US6915433B1 (en) | Securely extensible component meta-data | |
JP2007148962A (ja) | サブプログラム、そのサブプログラムを実行する情報処理装置、及びそのサブプログラムを実行する情報処理装置におけるプログラム制御方法 | |
RU2491623C1 (ru) | Система и способ проверки файлов на доверенность | |
RU2357287C2 (ru) | Безопасная идентификация исполняемого файла для определяющего доверие логического объекта | |
WO2021014596A1 (ja) | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム | |
JP6744256B2 (ja) | 確認システム、制御装置及び確認方法 | |
JP7184198B2 (ja) | 検証情報作成システム、検証情報作成方法、および、検証情報作成プログラム | |
WO2021124460A1 (ja) | 検証情報修正装置、検証情報修正方法、および、検証情報修正プログラム | |
JP2018005613A (ja) | 更新方法、プログラム、情報処理装置、及び更新データ生成装置 | |
US11526609B1 (en) | System and method for recent file malware scanning | |
AU2019420941B2 (en) | Update device and update method | |
KR20190020999A (ko) | 악성프로그램 처리장치 및 처리방법 | |
WO2020027159A1 (ja) | 情報処理装置、検証方法および検証プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19938814 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021534472 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2019938814 Country of ref document: EP Effective date: 20220119 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2019458656 Country of ref document: AU Date of ref document: 20190723 Kind code of ref document: A |