WO2024069876A1 - Evaluation device, evaluation method, and recording medium - Google Patents

Evaluation device, evaluation method, and recording medium Download PDF

Info

Publication number
WO2024069876A1
WO2024069876A1 PCT/JP2022/036510 JP2022036510W WO2024069876A1 WO 2024069876 A1 WO2024069876 A1 WO 2024069876A1 JP 2022036510 W JP2022036510 W JP 2022036510W WO 2024069876 A1 WO2024069876 A1 WO 2024069876A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
evaluation
trust
trust evaluation
result
Prior art date
Application number
PCT/JP2022/036510
Other languages
French (fr)
Japanese (ja)
Inventor
衣緒 古山
一彰 中島
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/036510 priority Critical patent/WO2024069876A1/en
Publication of WO2024069876A1 publication Critical patent/WO2024069876A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention relates to the evaluation of systems such as networks.
  • reliability is a score for the device calculated based on the strength of the device's security, etc.
  • Patent Document 1 does not disclose the evaluation of the trust set for the network.
  • the object of the present invention is to provide an evaluation device that outputs the results of a network trust evaluation.
  • the evaluation device in one embodiment of the present invention includes an evaluation result acquisition means for acquiring the trust evaluation results of each device, a target information acquisition means for acquiring configuration information of the network to be evaluated, device information on the devices constituting the network, and a trust evaluation index of the network, a trust evaluation means for evaluating the trust of the network based on the configuration information, device information, the trust evaluation index, and the trust evaluation results of the devices, and an output means for outputting the trust evaluation results of the network.
  • the evaluation method obtains the trust evaluation results for each device, obtains configuration information of the network to be evaluated, device information about the devices that make up the network, and a trust evaluation index for the network, evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices, and outputs the trust evaluation results for the network.
  • the recording medium records a program that causes a computer to execute the following processes: acquiring the trust evaluation results for each device; acquiring configuration information of the network to be evaluated, device information about the devices that make up the network, and a trust evaluation index for the network; evaluating the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices; and outputting the trust evaluation results for the network.
  • the present invention has the effect of outputting the results of a trust evaluation of a network.
  • FIG. 1 is a block diagram showing an example of a configuration of an evaluation device according to a first embodiment.
  • 2 is a block diagram showing an example of a configuration of a trust evaluation unit;
  • FIG. FIG. 4 is a flow chart showing an example of an operation of the evaluation device.
  • FIG. 11 is a block diagram showing an example of a configuration of an evaluation device according to a second embodiment.
  • FIG. 13 is a block diagram showing an example of a configuration of an evaluation device according to a third embodiment.
  • FIG. 13 is a block diagram showing an example of a configuration of an evaluation device according to a fourth embodiment.
  • FIG. 2 is a block diagram showing an example of a hardware configuration of an evaluation device.
  • FIG. 1 is a block diagram illustrating an example of a configuration of a system that uses an evaluation device.
  • Equipment manufacturers provide reliability related to the security of the device when it is operating alone in a standard evaluation environment. For example, device manufacturers provide a score for the device as reliability, calculated based on the strength of the security of the device when it is operating alone in a standard evaluation environment.
  • the network configuration and the services provided using the network are different, the operation of the devices that make up the network will differ. For example, even if the same device is used, the device will operate differently if the network configuration, such as the number of devices included in the network and the connections between the devices, is different. Furthermore, the device will operate differently if the services provided are different. For this reason, the trust required by service providers that use networks is different from the reliability related to security provided by device manufacturers that assume a general evaluation environment.
  • network trust refers to the reliability of the network, and for example, the reliability of maintaining stable operation of the network. For example, network trust is used by service recipients to decide whether or not to use a service that uses the service provider's network.
  • an embodiment of the present invention evaluates the trustworthiness of a network used by a service provider or the like, and outputs the results of the network trustworthiness evaluation.
  • the embodiment evaluates the trustworthiness of a network.
  • this is only one example of an evaluation target.
  • the embodiment is not limited to networks, and may also evaluate the trustworthiness of a system composed of multiple devices, such as factory equipment.
  • First Embodiment 1 is a block diagram showing an example of a configuration of an evaluation device 10 according to the first embodiment.
  • the evaluation device 10 includes an evaluation result acquisition unit 110, a target information acquisition unit 120, a trust evaluation unit 130, and an output unit 140.
  • the evaluation result acquisition unit 110 acquires the trust evaluation result of each device.
  • the evaluation result acquisition unit 110 acquires the trust evaluation result of the device from an organization that has previously evaluated the trust of the device from an objective standpoint, such as a consortium.
  • the evaluation result acquisition unit 110 may store the acquired trust evaluation result of the device in a storage device not shown.
  • the evaluation device 10 may evaluate the trust of at least some of the devices and store the evaluation result in a storage device not shown. In this case, the evaluation result acquisition unit 110 may acquire the trust evaluation result of the device from the storage device.
  • Trustworthiness refers to the reliability of a network or device, for example, the reliability of maintaining stable operation of the network or device.
  • the trustworthiness evaluation index is a viewpoint for evaluating the reliability of a network or device, such as the presence or absence of unauthorized functions of the network or device, the inspection status, and the visualization status of configuration information.
  • the trustworthiness evaluation result is the result of evaluating the network or device based on the trustworthiness evaluation index. It is desirable that the trustworthiness evaluation result is a numerical value that is easy to handle.
  • the trustworthiness evaluation result is not limited to a numerical value, and may be data in a format other than a numerical value, such as "excellent/good/fair/not good" or "large/medium/small”. Specific examples of trustworthiness are as follows. In the following, trustworthiness will be explained using a network. The trustworthiness of a device can be explained by replacing the network in the following explanation with the device as appropriate.
  • Outage Risk Trustworthiness regarding outage risk is the possibility of a network outage and the predicted outage time in the event of an outage.
  • outage risk is the average outage interval or the average recovery time.
  • Outage risk may be the outage risk of a part of a network. For example, a network with a low outage risk is more trustworthy than a network with a high outage risk.
  • Information Leakage Risk Trustworthiness regarding information leakage risk is the presence or absence or possibility of information leakage in a network providing a service, and the status of measures against information leakage, etc.
  • the status of measures against information leakage is, for example, that all measures against information leakage have been implemented, that measures against serious information leakage have been implemented, that measures against information leakage have been identified, or that measures are not identified, etc.
  • a network with a low risk of information leakage is more trustworthy than a network with a high risk of information leakage.
  • the trust of a backdoor is the presence or absence of a backdoor in a network, or the possibility of the existence of a backdoor.
  • the trust of a backdoor may be the backdoor inspection state, such as the inspection method, inspection range, or inspection time of a backdoor in a network.
  • the backdoor inspection method is, for example, inspection using an inspection application, binary inspection of a program running on a device constituting the network, or source code inspection of a program. For example, a network that has been inspected for a backdoor is more trustworthy than a network that has not been inspected for a backdoor.
  • the reliability of risk assessment refers to whether a risk assessment inspection of network vulnerabilities has been conducted, the inspection results, the implementation status of countermeasures, the time of inspection, or the time elapsed since the inspection, etc.
  • the implementation status of vulnerability countermeasures may be that countermeasures have been implemented for all vulnerabilities, that countermeasures for serious vulnerabilities have been implemented, that countermeasures for vulnerabilities are known, or that countermeasures are not known, etc. For example, a network that has been inspected for risk assessment is more reliable than a network that has not been inspected for risk assessment.
  • Incident Response reliability is the defined state of a response when an incident occurs in a network.
  • Incident response reliability may include a range of incidents for which responses are defined, such as responses for major incidents being defined. For example, a network with defined incident responses is more reliable than a network without defined incident responses.
  • the reliability of the performance evaluation test results is the presence or absence of the performance evaluation test results and the performance content in the test results.
  • the reliability of the performance evaluation test results may be the performance evaluation test status, such as the performance evaluation test method, the test scope, the test time, or the elapsed time since the test was conducted. For example, a network whose performance evaluation has been tested is more reliable than a network whose performance evaluation has not been tested.
  • the trustworthiness of a business is the state of understanding of a business for providing a service or the entire business of the service provider, and the state of preparation for recovery work of the business.
  • the state of understanding of a business is, for example, the state of understanding of the scope of impact of each business, or the state of understanding of the priority of each business.
  • a network in which the business is understood is more trustworthy than a network in which the business is not understood.
  • the state of preparation for recovery work is, for example, the state of preparation for recovery from a business with a large scope of impact or a business with a high priority when an incident occurs.
  • a network in which recovery work is prepared is more trustworthy than a network in which recovery work is not prepared.
  • the trustworthiness of a developer is the state of understanding of the attributes of developers such as networks and devices.
  • the understanding state may be, for example, that the attributes of all developers are understood, that some attributes are not understood, or that some developers' attributes are not understood.
  • the attributes may be, for example, nationality, affiliation, development location, or past career.
  • the developer attributes are not limited to the attributes of individuals, but may also be the attributes of corporations or organizations such as development manufacturers. For example, a network in which the developer attributes are understood is more trustworthy than a network in which the developer attributes are not understood.
  • the trustworthiness of a supply chain is the trustworthiness of companies related to the supply chain of a network that provides a service.
  • Companies related to the supply chain are, for example, companies that design, provide, maintain, and manage the network that provides the service.
  • the trustworthiness of a company is, for example, the implementation status of a trustworthiness inspection in each company and the contents of the inspection results.
  • the implementation status of an inspection is whether or not an inspection has been conducted, the extent to which an inspection has been conducted, or the extent to which an inspection has not been conducted. For example, a network in which the trustworthiness of companies that make up the supply chain has been inspected is more trustworthy than a network in which the trustworthiness of companies that make up the supply chain has not been inspected.
  • the target information acquisition unit 120 acquires configuration information of the network to be evaluated, and device information about the devices that make up the network. Furthermore, the target information acquisition unit 120 acquires a trust evaluation index for the network. For example, the target information acquisition unit 120 may acquire configuration information, device information, and a trust evaluation index from a device operated by a service provider or the like.
  • the network trust evaluation index is a viewpoint for evaluating the trust of the network, such as the presence or absence of unauthorized functions of the device, the inspection status, and the visualization status of the configuration information.
  • the network trust evaluation index includes the presence or absence of unauthorized functions of the network, the inspection status, and the visualization status of the configuration information.
  • the network trust evaluation index is an evaluation index that meets the needs of the service provider, such as a service provider showing the trust of the network to the service recipient, such as the user who provides the service.
  • the trust evaluation index is an evaluation index for the above trust items such as "possibility of a backdoor".
  • the trust evaluation index may be a single evaluation index, a collection of multiple evaluation indexes, an integration of multiple evaluation indexes, or an evaluation index calculated using multiple evaluation indexes such as an average.
  • the service provider may create a trust evaluation index based on the service provided and the network used. Alternatively, the service provider may obtain a trust evaluation index from the service recipient, or may create a trust evaluation index according to the request from the service recipient.
  • Configuration information is information about the configuration of the devices included in the network. Examples of configuration information include the connection topology of the devices that make up the network, routes, communication protocols including wired and wireless, and equipment such as connection cables in the case of wired connections.
  • Device information is information about each device that makes up the network. Examples of device information include the manufacturer name, product name, model number, availability of options, purchase date, and firmware version of each device that makes up the network.
  • the target information acquisition unit 120 may acquire information related to the service provider.
  • the information related to the service provider is, for example, the size of the service provider, the business type of the service provider, the industry or business type in which the service provider is included, and stakeholders such as affiliates and competitors of the service provider.
  • the trust evaluation unit 130 evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation result of the device. If the target information acquisition unit 120 has acquired information related to the service provider as described above, the trust evaluation unit 130 may use the information related to the service provider in evaluating the trust. The trust evaluation unit 130 may use an evaluation method that corresponds to the network and evaluation index to be evaluated.
  • FIG. 2 is a block diagram showing an example of the configuration of the trust evaluation unit 130.
  • the trust evaluation unit 130 includes an inspection item creation unit 131, an inspection item determination unit 132, and an evaluation result creation unit 133.
  • the test item creation unit 131 creates test items for devices to evaluate the trustworthiness of the network based on the configuration information and the trust evaluation index. For example, the test item creation unit 131 uses the configuration information to identify one or more devices that correspond to the trust evaluation index of the network from among the devices that make up the network. Then, the test item creation unit 131 creates test items for evaluating the trust evaluation index for the identified devices.
  • the test item creation unit 131 creates an item as a test item to check the presence or absence of a performance evaluation test result for each device to be tested.
  • the test item creation unit 131 creates an item as a test item to test the possibility of a backdoor for the device to be tested.
  • the test item creation unit 131 may create multiple test items for one trust evaluation index, or may create one test item for multiple trust evaluation indexes.
  • the test item creation unit 131 may use device information when creating the test items.
  • the inspection item determination unit 132 determines the inspection items created above based on the device information and the trust evaluation results of the devices. For example, when the inspection item is the presence or absence of an inspection result for the performance evaluation of each device, the inspection item determination unit 132 first determines the performance evaluation items of each device based on the device information. Then, the inspection item determination unit 132 determines the presence or absence of an inspection result for the performance evaluation items of each device based on the trust evaluation results of the devices. Alternatively, when inspecting the possibility of a backdoor in a network, the inspection item determination unit 132 determines the possibility of a backdoor for each device based on the device information and the trust evaluation results of the devices. The inspection item determination unit 132 may use configuration information when determining the inspection items.
  • the evaluation result creation unit 133 creates the network trust evaluation result based on the trust evaluation index and the analysis result of the inspection item. For example, the evaluation result creation unit 133 creates the network trust evaluation result by integrating or replacing the analysis results of the above inspection items.
  • the format of the analysis result of the inspection item may be different for each inspection item. Or, the analysis result of the inspection item may be in a data format that is difficult for people other than experts to judge. Or, multiple analysis results may be related to one trust evaluation index. Or, one analysis result may be related to multiple trust evaluation indexes. Therefore, the evaluation result creation unit 133 integrates or replaces the analysis results to correspond to the trust evaluation index, and creates the network trust evaluation result.
  • the network trust evaluation result is the reliability of the network, and is the result of evaluating the network based on the network trust evaluation index, which is a viewpoint for evaluating the trust of the network.
  • the output unit 140 outputs the network trust evaluation result.
  • the output unit 140 outputs the network trust evaluation result to a device of a service provider that uses the network.
  • the output unit 140 may output the network trust evaluation result to a device of an insurance company that accepts insurance for service providers that use the network.
  • the output unit 140 may output the network trust evaluation result to a storage device that can be accessed by service providers and service recipients, such as a storage device on the cloud.
  • the output unit 140 may output the network trust evaluation result to a location that can be referenced by service providers and service recipients, such as a homepage on the Internet.
  • FIG. 3 is a flow diagram showing an example of the operation of the evaluation device 10.
  • the evaluation result acquisition unit 110 acquires the trust evaluation result of each device (step S301).
  • the target information acquisition unit 120 acquires configuration information of the network to be evaluated, device information on the devices that make up the network, and a trust evaluation index for the network (step S302).
  • the trust evaluation unit 130 evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation result of the devices (step S303).
  • the output unit 140 outputs the trust evaluation result of the network.
  • the evaluation device 10 stores the trust evaluation results for each device.
  • the evaluation device 10 then acquires configuration information of the network to be evaluated, device information on the devices that make up the network, and a trust evaluation index for the network.
  • the evaluation device 10 evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices, and outputs the network trust evaluation results.
  • the evaluation device 10 outputs a network trust evaluation result that meets the needs of service providers and the like, rather than the reliability related to the security of devices provided by device manufacturers and the like.
  • service providers and the like can acquire a network trust evaluation result that meets the needs of the service providers and the like from the evaluation device 10.
  • Second Embodiment 4 is a block diagram showing an example of the configuration of the evaluation device 11 according to the second embodiment.
  • the evaluation device 11 includes a certificate creation unit 150 in addition to the configuration of the evaluation device 10.
  • the certificate creation unit 150 creates a certificate for the results of the network trust evaluation.
  • the certificate is data that indicates that the results of the network trust evaluation have not been tampered with.
  • the certificate creation unit 150 creates the certificate using, for example, electronic authentication or a blockchain.
  • the certificate is often provided to the service recipient, etc., together with the network trust evaluation result. Therefore, the certificate may include both the trust evaluation result and data indicating that the network trust evaluation result has not been tampered with. For ease of explanation, the certificate will be described below as including the network trust evaluation result.
  • the output unit 140 then outputs the certificate to the service provider, etc.
  • the evaluation device 10 of the first embodiment outputs the network trust evaluation result evaluated based on the trust evaluation index obtained from the service provider or the like.
  • the network trust evaluation result in the first embodiment does not have a mechanism for preventing tampering. Therefore, the network trust evaluation result in the first embodiment is not necessarily data in an appropriate format as a certificate to be submitted to a service recipient who receives a service from the service provider. Therefore, the evaluation device 11 creates and outputs a certificate as data indicating that the network trust evaluation result has not been tampered with.
  • the service provider can provide the certificate output by the evaluation device 11 to the service recipient or the like to indicate that the network trust evaluation result has not been tampered with.
  • Third Embodiment 5 is a block diagram showing an example of the configuration of the evaluation device 12 according to the third embodiment.
  • the evaluation device 12 includes an improvement plan formulation unit 160 in addition to the configuration of the evaluation device 10.
  • the evaluation device 12 may also include a certificate creation unit 150.
  • the improvement plan formulation unit 160 formulates an improvement plan for the trustworthiness of the network based on the results of the network trust evaluation.
  • the formulation of an improvement plan for the trustworthiness of the network is to determine measures to modify at least one of the network configuration and the devices that constitute the network in order to improve the results of the network trust evaluation.
  • the improvement plan may be, for example, a change in the network configuration, including the addition or removal of devices, or a change in the devices.
  • the improvement plan may be an improvement of the trust evaluation results of the devices.
  • the trust evaluation index is the presence or absence of a performance evaluation test result
  • the results of the network trust evaluation include a result that there is a device that does not have a performance evaluation test result.
  • the improvement plan formulation unit 160 may formulate an improvement plan that includes conducting an inspection of the device that does not have an inspection result as an improvement plan.
  • the improvement plan formulation unit 160 may formulate an improvement plan for the network by referring to standard evaluation results in the industry in which the service provider is included, or improvement plans used by other companies. For example, the improvement plan formulation unit 160 may formulate an improvement plan for an item that deviates greatly from the standard evaluation result.
  • the improvement plan formulation unit 160 may formulate an improvement plan for the devices included in the network by referring to the improvement plan provided by the manufacturer of the devices included in the network. For example, if the firmware of the device has been updated, the improvement plan formulation unit 160 may formulate an improvement plan to apply the latest firmware provided by the device manufacturer. Then, the output unit 140 outputs the improvement plan to the service provider. As a result, the service provider can improve the reliability of the network by referring to the improvement plan output by the evaluation device 12.
  • Fourth Embodiment 6 is a block diagram showing an example of the configuration of the evaluation device 13 according to the fourth embodiment.
  • the evaluation device 13 includes a validity determination unit 170 in addition to the configuration of the evaluation device 10.
  • the evaluation device 13 may include a certificate creation unit 150, may include an improvement plan formulation unit 160, or may include both the certificate creation unit 150 and the improvement plan formulation unit 160.
  • the validity determination unit 170 determines the validity of the trust evaluation index of the network.
  • the validity of the trust evaluation index indicates whether the trust evaluation index is appropriate as a criterion for determining the trust of the network.
  • the validity determination unit 170 may determine the validity of the trust evaluation index, for example, by using the total value or average value of items included in the trust evaluation result of the network. Alternatively, the validity determination unit 170 may determine that the trust evaluation index is not valid when the trust evaluation result of the network includes an item that cannot be determined, such as when there is no trust evaluation result of the corresponding device. Alternatively, the validity determination unit 170 may determine that the trust evaluation index is not valid when at least a part of the trust evaluation results does not satisfy a threshold value.
  • the validity determination unit 170 may determine the validity of the trust evaluation index by comparing it with a standard trust evaluation index of the industry in which the service provider is included, or an average of trust evaluation indexes used by other companies. Alternatively, the validity determination unit 170 may determine the validity based on the consistency or reciprocity between items included in the trust evaluation index. Alternatively, the validity determination unit 170 may determine the validity based on the ratio of devices related to the trust evaluation index to the entire network in the network configuration, or the range of related devices. The validity determination unit 170 may divide the trust evaluation index into multiple groups and determine the validity of each group. Then, the output unit 140 outputs the validity of the trust evaluation index to the service provider. As a result, the service provider can understand the validity of the trust evaluation index based on the validity output by the evaluation device 13.
  • the result of the judgment of the validity of the trust evaluation index may be expressed as validity or not, or may be expressed using a numerical value such as 0.0 to 1.0. Furthermore, if the trust evaluation index is not valid, such as the validity being lower than the threshold, the validity judgment unit 170 may output to the service provider via the output unit 140 that the trust evaluation index is not valid. At that time, the validity judgment unit 170 may output to the service provider the judged validity value and the judgment content used to calculate the validity value. In this case, the service provider may, for example, reset the trust evaluation index and output it to the evaluation device 13. The validity judgment unit 170 may repeat the above operation until the trust evaluation index becomes valid, such as when the validity of the trust evaluation index becomes equal to or higher than the threshold. Then, when the trust evaluation index becomes valid, the validity judgment unit 170 may notify the trust evaluation unit 130 that the trust evaluation index is valid.
  • the trust evaluation unit 130 may acquire the trust evaluation index from the validity determination unit 170.
  • the target information acquisition unit 120 outputs the acquired trust evaluation index to the validity determination unit 170.
  • the validity determination unit 170 judges the validity of the trust evaluation index, and when the trust evaluation index is not valid, outputs information indicating the need to reset the trust evaluation index to a service provider or the like via the output unit 140.
  • the information indicating the need to reset indicates that resetting is necessary or the degree to which resetting is necessary.
  • the validity determination unit 170 may output an instruction to reset to the service provider via the output unit 140, or may output the determined validity value and threshold value.
  • the validity determination unit 170 judges the validity of the trust evaluation index reacquired by the target information acquisition unit 120.
  • the validity determination unit 170 executes the operation of resetting the trust evaluation index until the trust evaluation index becomes valid. Then, when the trust evaluation index becomes valid, the validity determination unit 170 may output the trust evaluation index to the trust evaluation unit 130.
  • the trust evaluation unit 130 may obtain validity from the validity determination unit 170 and execute the operation of resetting the trust evaluation index as described above.
  • the trust evaluation unit 130 may use the validity of the trust evaluation index when evaluating the trust. For example, when the analysis results of the test items are the same, the trust evaluation unit 130 may evaluate the network's trust evaluation result when the validity is low as a lower evaluation result than the network's trust evaluation result when the validity is high.
  • evaluation device 10 Each component of the evaluation device 10, etc. may be configured with a hardware circuit. Alternatively, in the evaluation device 10, etc., each component may be configured using multiple devices connected via a network. For example, the evaluation device 10, etc. may be configured using cloud computing. Alternatively, in the evaluation device 10, etc., multiple components may be configured with a single piece of hardware.
  • the evaluation device 10 etc. may be realized as a computer device including a central processing unit (CPU), a read only memory (ROM), a random access memory (RAM), and a network interface card (NIC).
  • Figure 7 is a block diagram showing the configuration of a computer device 600, which is an example of a hardware configuration of the evaluation device 10 etc.
  • the computer device 600 includes a CPU 610, a ROM 620, a RAM 630, a storage device 640, and a NIC 650.
  • the CPU 610 reads a program from at least one of the ROM 620 and the storage device 640. The CPU 610 then controls the RAM 630, the storage device 640, and the NIC 650 based on the read program.
  • the computer device 600 controls these components to realize the functions of the evaluation result acquisition unit 110, the target information acquisition unit 120, the trust evaluation unit 130, the output unit 140, the certificate creation unit 150, the improvement plan formulation unit 160, and the validity determination unit 170. In this way, the evaluation device 10 and the like may realize functions as a combination of hardware and software.
  • the CPU 610 may read a program contained in the recording medium 690 that stores a computer-readable program using a recording medium reading device (not shown). Alternatively, the CPU 610 may receive a program from an external device (not shown) via the NIC 650, save it in the RAM 630 or the storage device 640, and operate based on the saved program.
  • the ROM 620 stores programs and fixed data executed by the CPU 610.
  • the ROM 620 is, for example, a programmable ROM (P-ROM) or a flash ROM.
  • the RAM 630 temporarily stores programs and data executed by the CPU 610.
  • the RAM 630 is, for example, a dynamic RAM (D-RAM).
  • the storage device 640 stores data and programs that the computer device 600 stores for the long term.
  • the storage device 640 may store the results of the device trust evaluation acquired by the evaluation result acquisition unit 110.
  • the storage device 640 may also operate as a temporary storage device for the CPU 610.
  • the storage device 640 is, for example, a hard disk device, a magneto-optical disk device, a solid state drive (SSD), or a disk array device.
  • ROM 620 and storage device 640 are non-volatile (non-transitory) recording media.
  • RAM 630 is a volatile (transitory) recording medium.
  • CPU 610 can operate based on programs stored in ROM 620, storage device 640, and RAM 630. In other words, CPU 610 can operate using either non-volatile recording media or volatile recording media. When realizing each function, CPU 610 may use at least one of RAM 630 and storage device 640 as a temporary storage medium for programs and data.
  • the NIC 650 relays data exchange with external devices (not shown) via the network.
  • the NIC 650 relays communication with a service provider's device.
  • the NIC 650 is, for example, a local area network (LAN) card.
  • the NIC 650 is not limited to being wired, and may be wireless.
  • the computer device 600 configured in this manner executes the operations of each component in the evaluation device 10, etc., to realize the functions of the evaluation device 10, etc.
  • FIG. 8 is a block diagram for explaining an example of the configuration of a system 60 using the evaluation device 11.
  • the system 60 includes the evaluation device 11, a network 20 used by a service provider to provide a service, a terminal 30 used by the service provider, and a terminal 40 used by a service recipient.
  • the service provider operates the terminal 30 to output configuration information, device information, and a trust evaluation index for the network 20 to the evaluation device 11.
  • the evaluation device 11 operates as described above to create a certificate regarding the trust of the network and output it to the terminal 30 of the service provider.
  • the certificate is data including both data indicating that no tampering has been performed on the trust evaluation result of the network and the trust evaluation result of the network.
  • the service provider operates terminal 30 to output the acquired certificate to terminal 40 of the service recipient on network 20.
  • the service recipient decides whether or not to receive the service provided from network 20 based on the certificate acquired by terminal 40. If the service recipient decides to receive the service, he or she operates terminal 40 to receive the service provided from network 20.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Human Resources & Organizations (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Hardware Design (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Health & Medical Sciences (AREA)
  • Game Theory and Decision Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

To output an evaluation result regarding trustworthiness of a network, an evaluation device according to the present invention includes: an evaluation result acquisition means that acquires a trustworthiness evaluation result for each instrument; a target information acquisition means that acquires configuration information pertaining to the network to be evaluated, instrument information pertaining to the instrument forming the network, and a trustworthiness evaluation index of the network; a trustworthiness evaluation means that evaluates the trustworthiness of the network on the basis of the configuration information, the instrument information, the trustworthiness evaluation index, and the trustworthiness evaluation result for the instrument; and an output means that outputs a trustworthiness evaluation result for the network.

Description

評価装置、評価方法、及び、記録媒体Evaluation device, evaluation method, and recording medium
 本発明は、ネットワークなどのシステムの評価に関する。 The present invention relates to the evaluation of systems such as networks.
 インターネットのようなネットワークに接続された機器の情報として、特許文献1に記載のように、ネットワークに接続された機器についてのセキュリティに関連する信頼性の提供が行われている。なお、特許文献において、信頼性は、機器のセキュリティの強さなどに基づいて算定された機器についてのスコアである。 As described in Patent Document 1, information on devices connected to a network such as the Internet is provided that relates to the reliability of the security of the devices connected to the network. In the patent document, reliability is a score for the device calculated based on the strength of the device's security, etc.
国際公開第2020/184535号International Publication No. 2020/184535
 ネットワークを介してサービスを提供するサービス提供者が必要するトラスト性は、機器のセキュリティに関連する信頼性とは異なり、サービスの提供に用いるネットワークの稼働維持に対する信頼性のようなトラスト性である。しかし、特許文献1は、ネットワークについて設定されたトラスト性の評価について、開示していない。 The trust required by service providers who provide services via a network is different from the trust related to the security of the equipment, and is the trust in maintaining the operation of the network used to provide the service. However, Patent Document 1 does not disclose the evaluation of the trust set for the network.
 本発明の目的は、ネットワークのトラスト性評価結果を出力する評価装置などを提供することにある。 The object of the present invention is to provide an evaluation device that outputs the results of a network trust evaluation.
 本発明の一形態における評価装置は、機器それぞれのトラスト性評価結果を取得する評価結果取得手段と、評価対象であるネットワークの構成情報、ネットワークを構成する機器についての機器情報、及び、ネットワークのトラスト性評価指標を取得する対象情報取得手段と、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークのトラスト性を評価するトラスト性評価手段と、ネットワークのトラスト性評価結果を出力する出力手段とを含む。 The evaluation device in one embodiment of the present invention includes an evaluation result acquisition means for acquiring the trust evaluation results of each device, a target information acquisition means for acquiring configuration information of the network to be evaluated, device information on the devices constituting the network, and a trust evaluation index of the network, a trust evaluation means for evaluating the trust of the network based on the configuration information, device information, the trust evaluation index, and the trust evaluation results of the devices, and an output means for outputting the trust evaluation results of the network.
 本発明の一形態における評価方法は、機器それぞれのトラスト性評価結果を取得し、評価対象であるネットワークの構成情報、ネットワークを構成する機器についての機器情報、及び、ネットワークのトラスト性評価指標を取得し、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークのトラスト性を評価し、ネットワークのトラスト性評価結果を出力する。 In one embodiment of the present invention, the evaluation method obtains the trust evaluation results for each device, obtains configuration information of the network to be evaluated, device information about the devices that make up the network, and a trust evaluation index for the network, evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices, and outputs the trust evaluation results for the network.
 本発明の一形態における記録媒体は、機器それぞれのトラスト性評価結果を取得する処理と、評価対象であるネットワークの構成情報、ネットワークを構成する機器についての機器情報、及び、ネットワークのトラスト性評価指標を取得する処理と、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークのトラスト性を評価する処理と、ネットワークのトラスト性評価結果を出力する処理とをコンピュータに実行させるプログラムを記録する。 In one embodiment of the present invention, the recording medium records a program that causes a computer to execute the following processes: acquiring the trust evaluation results for each device; acquiring configuration information of the network to be evaluated, device information about the devices that make up the network, and a trust evaluation index for the network; evaluating the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices; and outputting the trust evaluation results for the network.
 本発明によれば、ネットワークについてのトラスト性評価結果を出力するとの効果を得ることができる。 The present invention has the effect of outputting the results of a trust evaluation of a network.
第1実施形態にかかる評価装置の構成の一例を示すブロック図である。1 is a block diagram showing an example of a configuration of an evaluation device according to a first embodiment. トラスト性評価部の構成の一例を示すブロック図である。2 is a block diagram showing an example of a configuration of a trust evaluation unit; FIG. 評価装置の動作の一例を示すフロー図である。FIG. 4 is a flow chart showing an example of an operation of the evaluation device. 第2実施形態にかかる評価装置の構成の一例を示すブロック図である。FIG. 11 is a block diagram showing an example of a configuration of an evaluation device according to a second embodiment. 第3実施形態にかかる評価装置の構成の一例を示すブロック図である。FIG. 13 is a block diagram showing an example of a configuration of an evaluation device according to a third embodiment. 第4実施形態にかかる評価装置の構成の一例を示すブロック図である。FIG. 13 is a block diagram showing an example of a configuration of an evaluation device according to a fourth embodiment. 評価装置のハードウェア構成の一例を示すブロック図である。FIG. 2 is a block diagram showing an example of a hardware configuration of an evaluation device. 評価装置を利用するシステムの構成の一例を説明するブロック図である。FIG. 1 is a block diagram illustrating an example of a configuration of a system that uses an evaluation device.
 機器メーカーは、標準的に設定された評価環境における、機器単体動作でのセキュリティに関連する信頼性を提供している。例えば、機器メーカーは、信頼性として、標準的な評価環境での機器単体動作におけるセキュリティの強さなどに基づいて算定した機器のスコアを提供している。しかし、ネットワーク構成、及び、ネットワークを用いて提供するサービスが異なれば、ネットワークを構成する機器の動作は異なる。例えば、同じ機器を用いても、ネットワークに含まれる機器の数、及び、機器同士の接続関係などのネットワーク構成が異なれば、機器の動作は異なる。また、提供するサービスが異なれば、機器の動作は異なる。そのため、ネットワークを用いるサービス提供者が必要とするトラスト性は、一般的な評価環境を前提とした機器メーカーが提供するセキュリティに関連する信頼性とは異なる。  Equipment manufacturers provide reliability related to the security of the device when it is operating alone in a standard evaluation environment. For example, device manufacturers provide a score for the device as reliability, calculated based on the strength of the security of the device when it is operating alone in a standard evaluation environment. However, if the network configuration and the services provided using the network are different, the operation of the devices that make up the network will differ. For example, even if the same device is used, the device will operate differently if the network configuration, such as the number of devices included in the network and the connections between the devices, is different. Furthermore, the device will operate differently if the services provided are different. For this reason, the trust required by service providers that use networks is different from the reliability related to security provided by device manufacturers that assume a general evaluation environment.
 さらに、ネットワークなどのシステムの動作は、システムを構成する複数の機器が相互に関連した動作である。そのため、ネットワークを用いてサービスを提供する場合、サービス提供者が必要とするトラスト性は、ネットワークを構成する機器単体のトラスト性ではなく、サービスの提供に用いられるネットワーク全体としてのトラスト性であることが望ましい。なお、ネットワークのトラスト性とは、ネットワークに対する信頼性であって、例えば、ネットワークの安定した稼働維持に対する信頼性を指す。例えば、ネットワークのトラスト性とは、サービス享受者がサービス提供者におけるネットワークを用いたサービスを利用するか否の判断するための用いられるものである。 Furthermore, the operation of a system such as a network is the mutual interaction of multiple devices that make up the system. Therefore, when providing a service using a network, it is desirable that the trust required by the service provider is not the trust of each individual device that makes up the network, but the trust of the entire network used to provide the service. Note that network trust refers to the reliability of the network, and for example, the reliability of maintaining stable operation of the network. For example, network trust is used by service recipients to decide whether or not to use a service that uses the service provider's network.
 そこで、本発明における実施形態は、以下で説明するように、サービス提供者などが用いるネットワークのトラスト性を評価し、ネットワークのトラスト性評価結果を出力する。以下の説明において、実施形態は、ネットワークのトラスト性を評価する。ただし、これは、評価対象の一例である。実施形態は、ネットワークに限られず、工場設備など、複数の機器から構成されたシステムについてのトラスト性を評価してもよい。 As described below, an embodiment of the present invention evaluates the trustworthiness of a network used by a service provider or the like, and outputs the results of the network trustworthiness evaluation. In the following description, the embodiment evaluates the trustworthiness of a network. However, this is only one example of an evaluation target. The embodiment is not limited to networks, and may also evaluate the trustworthiness of a system composed of multiple devices, such as factory equipment.
 <第1実施形態>
図1は、第1実施形態にかかる評価装置10の構成の一例を示すブロック図である。評価装置10は、評価結果取得部110と、対象情報取得部120と、トラスト性評価部130と、出力部140とを含む。 First Embodiment
1 is a block diagram showing an example of a configuration of an evaluation device 10 according to the first embodiment. The evaluation device 10 includes an evaluation result acquisition unit 110, a target information acquisition unit 120, a trust evaluation unit 130, and an output unit 140.
 評価結果取得部110は、機器それぞれのトラスト性評価結果を取得する。例えば、評価結果取得部110は、予め、コンソーシアムなどの客観的な立場において機器のトラスト性を評価した団体から、機器のトラスト性評価結果を取得する。評価結果取得部110は、取得した機器のトラスト性評価結果を、図示しない記憶装置に保存してもよい。なお、評価装置10は、少なくとも一部の機器のトラスト性を評価して、図示しない記憶装置に保存しておいてもよい。この場合、評価結果取得部110は、その記憶装置から、機器のトラスト性評価結果を取得すればよい。 The evaluation result acquisition unit 110 acquires the trust evaluation result of each device. For example, the evaluation result acquisition unit 110 acquires the trust evaluation result of the device from an organization that has previously evaluated the trust of the device from an objective standpoint, such as a consortium. The evaluation result acquisition unit 110 may store the acquired trust evaluation result of the device in a storage device not shown. The evaluation device 10 may evaluate the trust of at least some of the devices and store the evaluation result in a storage device not shown. In this case, the evaluation result acquisition unit 110 may acquire the trust evaluation result of the device from the storage device.
 トラスト性とは、ネットワーク又は機器に対する信頼性であって、例えば、ネットワーク又は機器の安定した稼働維持に対する信頼性を指す。トラスト性評価指標は、ネットワーク又は機器の不正な機能の有無、検査状態、及び、構成情報の可視化状態などのネットワーク又は機器のトラスト性を評価するための観点である。そして、トラスト性評価結果は、トラスト性評価指標に基づいてネットワーク又は機器を評価した結果である。なお、トラスト性評価結果は、取り扱いが容易な数値であることが望ましい。しかし、トラスト性評価結果は、数値に限られず、「優/良/可/不可」又は「大/中/小」のような数値とは異なる形式のデータでもよい。トラスト性は、具体的には、例えば、以下のようなものである。なお、以下、ネットワークを用いてトラスト性を説明する。機器のトラスト性は、以下の説明におけるネットワークを、適宜、機器に置き換えればよい。 Trustworthiness refers to the reliability of a network or device, for example, the reliability of maintaining stable operation of the network or device. The trustworthiness evaluation index is a viewpoint for evaluating the reliability of a network or device, such as the presence or absence of unauthorized functions of the network or device, the inspection status, and the visualization status of configuration information. The trustworthiness evaluation result is the result of evaluating the network or device based on the trustworthiness evaluation index. It is desirable that the trustworthiness evaluation result is a numerical value that is easy to handle. However, the trustworthiness evaluation result is not limited to a numerical value, and may be data in a format other than a numerical value, such as "excellent/good/fair/not good" or "large/medium/small". Specific examples of trustworthiness are as follows. In the following, trustworthiness will be explained using a network. The trustworthiness of a device can be explained by replacing the network in the following explanation with the device as appropriate.
 (1)停止リスク
停止リスクについてのトラスト性は、ネットワークが停止する可能性、及び、停止した場合における予測停止時間などである。あるいは、停止リスクは、平均停止間隔、又は、平均復旧時間などである。停止リスクは、ネットワークの一部における停止リスクでもよい。例えば、停止リスクが低いネットワークは、停止リスクが高いネットワークより、トラスト性が高い。 (1) Outage Risk Trustworthiness regarding outage risk is the possibility of a network outage and the predicted outage time in the event of an outage. Alternatively, outage risk is the average outage interval or the average recovery time. Outage risk may be the outage risk of a part of a network. For example, a network with a low outage risk is more trustworthy than a network with a high outage risk.
 (2)情報漏洩リスク
情報漏洩リスクについてのトラスト性は、サービスを提供するネットワークについての情報漏洩の有無又は可能性、及び、情報漏洩の対策状態などである。情報漏洩の対策状態は、例えば、全ての情報漏洩の対策を実施済み、重大の情報漏洩の対策を実施済み、情報漏洩の対策を把握済み、又は、対策を把握していない、などである。例えば、情報漏洩リスクが低いネットワークは、情報漏洩リスクが高いネットワークより、トラスト性が高い。 (2) Information Leakage Risk Trustworthiness regarding information leakage risk is the presence or absence or possibility of information leakage in a network providing a service, and the status of measures against information leakage, etc. The status of measures against information leakage is, for example, that all measures against information leakage have been implemented, that measures against serious information leakage have been implemented, that measures against information leakage have been identified, or that measures are not identified, etc. For example, a network with a low risk of information leakage is more trustworthy than a network with a high risk of information leakage.
 (3)バックドア
バックドアについてのトラスト性は、ネットワークにおけるバックドアの有無、又は、バックドアの存在の可能性である。あるいは、バックドアについてのトラスト性は、ネットワークにおけるバックドアの検査手法、検査範囲、又は、検査時期など、バックドアの検査状態でもよい。バックドアの検査手法は、例えば、検査アプリケーションを用いた検査、ネットワークを構成する機器で動作するプログラムのバイナリ検査、又は、プログラムのソースコード検査である。例えば、バックドアが検査されたネットワークは、バックドアが検査されていないネットワークより、トラスト性が高い。 (3) Backdoor The trust of a backdoor is the presence or absence of a backdoor in a network, or the possibility of the existence of a backdoor. Alternatively, the trust of a backdoor may be the backdoor inspection state, such as the inspection method, inspection range, or inspection time of a backdoor in a network. The backdoor inspection method is, for example, inspection using an inspection application, binary inspection of a program running on a device constituting the network, or source code inspection of a program. For example, a network that has been inspected for a backdoor is more trustworthy than a network that has not been inspected for a backdoor.
 (4)リスクアセスメント
リスクアセスメントのトラスト性は、ネットワークの脆弱性についてのリスクアセスメントの検査実施の有無、検査結果、対策の実施状態、検査時期、又は、検査の実施からの経過時間などである。脆弱性の対策の実施状態は、全ての脆弱性の対策を実施済み、重大の脆弱性の対策を実施済み、脆弱性の対策を把握済み、又は、対策を把握していない、などである。例えば、リスクアセスメントの検査が実施されたネットワークは、リスクアセスメントの検査が実施されていないネットワークより、トラスト性が高い。 (4) Risk Assessment The reliability of risk assessment refers to whether a risk assessment inspection of network vulnerabilities has been conducted, the inspection results, the implementation status of countermeasures, the time of inspection, or the time elapsed since the inspection, etc. The implementation status of vulnerability countermeasures may be that countermeasures have been implemented for all vulnerabilities, that countermeasures for serious vulnerabilities have been implemented, that countermeasures for vulnerabilities are known, or that countermeasures are not known, etc. For example, a network that has been inspected for risk assessment is more reliable than a network that has not been inspected for risk assessment.
 (5)インシデントレスポンス
インシデントレスポンスのトラスト性は、ネットワークにおいてインシデントが発生した場合のレスポンスの定義状態である。インシデントレスポンスのトラスト性は、重大なインシデントのレスポンスは定義されているなど、レスポンスが定義されているインシデントの範囲を含んでいてもよい。例えば、インシデントのレスポンスが定義されたネットワークは、インシデントのレスポンスが定義されていないネットワークより、トラスト性が高い。 (5) Incident Response Incident response reliability is the defined state of a response when an incident occurs in a network. Incident response reliability may include a range of incidents for which responses are defined, such as responses for major incidents being defined. For example, a network with defined incident responses is more reliable than a network without defined incident responses.
 (6)性能評価の検査結果
性能評価の検査結果のトラスト性は、性能評価の検査結果の有無、及び、検査結果における性能内容である。性能評価の検査結果のトラスト性は、性能評価の検査手法、検査範囲、検査時期、又は、検査の実施からの経過時間など、性能評価の検査状態でもよい。例えば、性能評価が検査されたネットワークは、性能評価が検査されていないネットワークより、トラスト性が高い。 (6) Performance Evaluation Test Results The reliability of the performance evaluation test results is the presence or absence of the performance evaluation test results and the performance content in the test results. The reliability of the performance evaluation test results may be the performance evaluation test status, such as the performance evaluation test method, the test scope, the test time, or the elapsed time since the test was conducted. For example, a network whose performance evaluation has been tested is more reliable than a network whose performance evaluation has not been tested.
 (7)業務
業務のトラスト性は、サービス提供者などにおいて、サービスを提供するための業務又はサービス提供者の業務全体における、業務の把握状態、及び、業務の復旧作業の準備状態である。業務の把握状態は、例えば、各業務の影響範囲についての把握状態、又は、業務それぞれについての優先度の把握状態である。例えば、業務が把握されているネットワークは、業務が把握されていないネットワークより、トラスト性が高い。復旧作業の準備状態は、例えば、インシデント発生時において、影響範囲の大きい業務又は優先度が高い業務から復旧するための準備状態である。例えば、復旧作業が準備されているネットワークは、復旧作業が準備されていないネットワークより、トラスト性が高い。 (7) Business The trustworthiness of a business is the state of understanding of a business for providing a service or the entire business of the service provider, and the state of preparation for recovery work of the business. The state of understanding of a business is, for example, the state of understanding of the scope of impact of each business, or the state of understanding of the priority of each business. For example, a network in which the business is understood is more trustworthy than a network in which the business is not understood. The state of preparation for recovery work is, for example, the state of preparation for recovery from a business with a large scope of impact or a business with a high priority when an incident occurs. For example, a network in which recovery work is prepared is more trustworthy than a network in which recovery work is not prepared.
 (8)開発者
開発者のトラスト性は、ネットワーク及び機器などの開発者の属性についての把握状態である。把握状態は、例えば、全ての開発者についての属性を把握済み、一部の属性を未把握、又は、一部の開発者について属性を未把握などである。属性は、例えば、国籍、所属、開発場所、又は、過去の経歴などである。開発者の属性は、個人など人の属性に限らず、開発メーカーなどの法人又は団体の属性でもよい。例えば、開発者の属性が把握されているネットワークは、開発者の属性が把握されていないネットワークより、トラスト性が高い。 (8) Developer The trustworthiness of a developer is the state of understanding of the attributes of developers such as networks and devices. The understanding state may be, for example, that the attributes of all developers are understood, that some attributes are not understood, or that some developers' attributes are not understood. The attributes may be, for example, nationality, affiliation, development location, or past career. The developer attributes are not limited to the attributes of individuals, but may also be the attributes of corporations or organizations such as development manufacturers. For example, a network in which the developer attributes are understood is more trustworthy than a network in which the developer attributes are not understood.
 (9)サプライチェーン
サプライチェーンのトラスト性は、サービスを提供するネットワークのサプライチェーンに関連する企業などのトラスト性である。サプライチェーンに関連する企業は、例えば、サービスを提供するネットワークについての設計、提供、維持、及び、管理などの企業である。また、企業のトラスト性は、例えば、企業それぞれにおけるトラスト性の検査の実施状態、及び、検査結果の内容などである。検査の実施状態は、検査の実施の有無、検査の実施済み範囲の把握、又は、検査の未実施範囲の把握などである。例えば、サプライチェーンを構成する企業についてのトラスト性が検査されているネットワークは、サプライチェーンを構成する企業についてのトラスト性が検査されていないネットワークより、トラスト性が高い。 (9) Supply Chain The trustworthiness of a supply chain is the trustworthiness of companies related to the supply chain of a network that provides a service. Companies related to the supply chain are, for example, companies that design, provide, maintain, and manage the network that provides the service. Furthermore, the trustworthiness of a company is, for example, the implementation status of a trustworthiness inspection in each company and the contents of the inspection results. The implementation status of an inspection is whether or not an inspection has been conducted, the extent to which an inspection has been conducted, or the extent to which an inspection has not been conducted. For example, a network in which the trustworthiness of companies that make up the supply chain has been inspected is more trustworthy than a network in which the trustworthiness of companies that make up the supply chain has not been inspected.
 対象情報取得部120は、評価対象であるネットワークの構成情報、及び、そのネットワークを構成する機器についての機器情報を取得する。さらに、対象情報取得部120は、ネットワークについてのトラスト性評価指標を取得する。例えば、対象情報取得部120は、サービス提供者などが操作する装置から、構成情報、機器情報、及び、トラスト性評価指標を取得してもよい。 The target information acquisition unit 120 acquires configuration information of the network to be evaluated, and device information about the devices that make up the network. Furthermore, the target information acquisition unit 120 acquires a trust evaluation index for the network. For example, the target information acquisition unit 120 may acquire configuration information, device information, and a trust evaluation index from a device operated by a service provider or the like.
 ネットワークのトラスト性評価指標は、機器の不正な機能の有無、検査状態、及び、構成情報の可視化状態などのネットワークのトラスト性を評価するための観点である。例えば、ネットワークのトラスト性評価指標は、ネットワークの不正な機能の有無、検査状態、及び、構成情報の可視化状態などを含む。さらに、ネットワークのトラスト性評価指標は、サービス提供者がサービスを提供するユーザーなどサービス享受者にネットワークのトラスト性を示すためなど、サービス提供者のニーズに対応した評価指標である。例えば、トラスト性評価指標は、「バックドアの可能性」など上記のトラスト性の項目についての評価指標である。トラスト性評価指標は、単独の評価指標でもよいし、複数の評価指標の集合でもよいし、複数の評価指標を統合したものでもよいし、平均など複数の評価指標を用いて算出される評価指標でもよい。なお、サービス提供者は、提供するサービス及び使用するネットワークに基づいて、トラスト性評価指標を作成してもよい。あるいは、サービス提供者は、サービス享受者などからトラスト性評価指標を取得してもよいし、サービス享受者などからの要望に沿ってトラスト性評価指標を作成してもよい。 The network trust evaluation index is a viewpoint for evaluating the trust of the network, such as the presence or absence of unauthorized functions of the device, the inspection status, and the visualization status of the configuration information. For example, the network trust evaluation index includes the presence or absence of unauthorized functions of the network, the inspection status, and the visualization status of the configuration information. Furthermore, the network trust evaluation index is an evaluation index that meets the needs of the service provider, such as a service provider showing the trust of the network to the service recipient, such as the user who provides the service. For example, the trust evaluation index is an evaluation index for the above trust items such as "possibility of a backdoor". The trust evaluation index may be a single evaluation index, a collection of multiple evaluation indexes, an integration of multiple evaluation indexes, or an evaluation index calculated using multiple evaluation indexes such as an average. The service provider may create a trust evaluation index based on the service provided and the network used. Alternatively, the service provider may obtain a trust evaluation index from the service recipient, or may create a trust evaluation index according to the request from the service recipient.
 構成情報は、ネットワークに含まれる機器の構成についての情報である。構成情報は、例えば、ネットワークを構成する機器の接続形態(topology)、経路、有線及び無線を含めた通信プロトコル、及び、有線の場合における接続ケーブルなどの機材である。機器情報は、ネットワークを構成する機器それぞれについての情報である。機器情報は、例えば、ネットワークを構成する機器それぞれのメーカー名、製品名、型番、オプションの有無、購入時期、及び、ファームウェアのバーションである。 Configuration information is information about the configuration of the devices included in the network. Examples of configuration information include the connection topology of the devices that make up the network, routes, communication protocols including wired and wireless, and equipment such as connection cables in the case of wired connections. Device information is information about each device that makes up the network. Examples of device information include the manufacturer name, product name, model number, availability of options, purchase date, and firmware version of each device that makes up the network.
 対象情報取得部120は、サービス提供者に関連する情報を取得してもよい。サービス提供者に関連する情報は、例えば、サービス提供者の規模、サービス提供者における業態、サービス提供者が含まれる業界又は業種、並びに、サービス提供者の関連会社及び競合他社などのステークホルダーである。 The target information acquisition unit 120 may acquire information related to the service provider. The information related to the service provider is, for example, the size of the service provider, the business type of the service provider, the industry or business type in which the service provider is included, and stakeholders such as affiliates and competitors of the service provider.
 トラスト性評価部130は、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークについてのトラスト性を評価する。対象情報取得部120が上記のようにサービス提供者に関連する情報を取得している場合、トラスト性評価部130は、トラスト性の評価において、サービス提供者に関連する情報を用いてもよい。トラスト性評価部130は、評価方法として、評価対象となるネットワーク及び評価指標などに対応した評価方法を用いればよい。 The trust evaluation unit 130 evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation result of the device. If the target information acquisition unit 120 has acquired information related to the service provider as described above, the trust evaluation unit 130 may use the information related to the service provider in evaluating the trust. The trust evaluation unit 130 may use an evaluation method that corresponds to the network and evaluation index to be evaluated.
 図面を参照して、トラスト性評価部130における評価方法の一例を説明する。図2は、トラスト性評価部130の構成の一例を示すブロック図である。トラスト性評価部130は、検査項目作成部131と、検査項目判定部132と、評価結果作成部133とを含む。 An example of an evaluation method in the trust evaluation unit 130 will be described with reference to the drawings. FIG. 2 is a block diagram showing an example of the configuration of the trust evaluation unit 130. The trust evaluation unit 130 includes an inspection item creation unit 131, an inspection item determination unit 132, and an evaluation result creation unit 133.
 検査項目作成部131は、構成情報及びトラスト性評価指標に基づいて、ネットワークのトラスト性を評価するための、機器の検査項目を作成する。例えば、検査項目作成部131は、構成情報を用いて、ネットワークを構成する機器の中から、ネットワークのトラスト性評価指標に対応する一つ又は複数の機器を特定する。そして、検査項目作成部131は、特定した機器についてのトラスト性評価指標を評価するための検査項目を作成する。 The test item creation unit 131 creates test items for devices to evaluate the trustworthiness of the network based on the configuration information and the trust evaluation index. For example, the test item creation unit 131 uses the configuration information to identify one or more devices that correspond to the trust evaluation index of the network from among the devices that make up the network. Then, the test item creation unit 131 creates test items for evaluating the trust evaluation index for the identified devices.
 例えば、トラスト性評価指標が性能評価の検査結果の有無の場合、検査項目作成部131は、検査項目として、検査対象となる機器それぞれの性能評価の検査結果の有無を確認する項目を作成する。あるいは、トラスト性評価指標がバックドアの可能性の場合、検査項目作成部131は、検査項目として、検査対象の機器についてのバックドアの可能性を検査する項目を作成する。検査項目作成部131は、一つのトラスト性評価指標に対して複数の検査項目を作成してもよいし、複数のトラスト性評価指標に対して一つの検査項目を作成してもよい。検査項目作成部131は、検査項目の作成において、機器情報を用いてもよい。 For example, if the trust evaluation index is the presence or absence of a performance evaluation test result, the test item creation unit 131 creates an item as a test item to check the presence or absence of a performance evaluation test result for each device to be tested. Alternatively, if the trust evaluation index is the possibility of a backdoor, the test item creation unit 131 creates an item as a test item to test the possibility of a backdoor for the device to be tested. The test item creation unit 131 may create multiple test items for one trust evaluation index, or may create one test item for multiple trust evaluation indexes. The test item creation unit 131 may use device information when creating the test items.
 検査項目判定部132は、機器情報、及び、機器のトラスト性評価結果に基づいて、上記で作成された検査項目を判定する。例えば、検査項目が機器それぞれの性能評価の検査結果の有無の場合、検査項目判定部132は、まず、機器情報に基づいて、機器それぞれの性能評価項目を判定する。そして、検査項目判定部132は、機器のトラスト性評価結果に基づいて、機器それぞれの性能評価項目の検査結果の有無を判定する。あるいは、ネットワークについてのバックドアの可能性を検査する場合、検査項目判定部132は、機器情報、及び、機器のトラスト性評価結果に基づいて、機器それぞれのバックドアの可能性を判定する。検査項目判定部132は、検査項目の判定において、構成情報を用いてもよい。 The inspection item determination unit 132 determines the inspection items created above based on the device information and the trust evaluation results of the devices. For example, when the inspection item is the presence or absence of an inspection result for the performance evaluation of each device, the inspection item determination unit 132 first determines the performance evaluation items of each device based on the device information. Then, the inspection item determination unit 132 determines the presence or absence of an inspection result for the performance evaluation items of each device based on the trust evaluation results of the devices. Alternatively, when inspecting the possibility of a backdoor in a network, the inspection item determination unit 132 determines the possibility of a backdoor for each device based on the device information and the trust evaluation results of the devices. The inspection item determination unit 132 may use configuration information when determining the inspection items.
 評価結果作成部133は、トラスト性評価指標、及び、検査項目の分析結果に基づいて、ネットワークのトラスト性評価結果を作成する。例えば、評価結果作成部133は、上記の検査項目の分析結果を統合又は置き換えて、ネットワークのトラスト性評価結果を作成する。例えば、検査項目の分析結果の形式は、検査項目ごとに異なる形式の場合がある。あるいは、検査項目の分析結果は、専門家以外には判定しにくいデータ形式の場合がある。あるいは、複数の分析結果が、一つのトラスト性評価指標に関連する場合がある。あるいは、一つの分析結果が、複数のトラスト性評価指標に関連する場合がある。そこで、評価結果作成部133は、トラスト性評価指標に対応するように、分析結果の統合又は置換えなどを実行して、ネットワークのトラスト性評価結果を作成する。このように、ネットワークのトラスト性評価結果は、ネットワークに対する信頼性であって、ネットワークのトラスト性を評価するための観点であるネットワークのトラスト性評価指標に基づいてネットワークを評価した結果である。 The evaluation result creation unit 133 creates the network trust evaluation result based on the trust evaluation index and the analysis result of the inspection item. For example, the evaluation result creation unit 133 creates the network trust evaluation result by integrating or replacing the analysis results of the above inspection items. For example, the format of the analysis result of the inspection item may be different for each inspection item. Or, the analysis result of the inspection item may be in a data format that is difficult for people other than experts to judge. Or, multiple analysis results may be related to one trust evaluation index. Or, one analysis result may be related to multiple trust evaluation indexes. Therefore, the evaluation result creation unit 133 integrates or replaces the analysis results to correspond to the trust evaluation index, and creates the network trust evaluation result. In this way, the network trust evaluation result is the reliability of the network, and is the result of evaluating the network based on the network trust evaluation index, which is a viewpoint for evaluating the trust of the network.
 出力部140は、ネットワークのトラスト性評価結果を出力する。例えば、出力部140は、ネットワークを用いるサービス提供者などの機器に、ネットワークのトラスト性評価結果を出力する。あるいは、出力部140は、ネットワークを用いるサービス提供者などについての保険を受け付ける保険業者の機器に、ネットワークのトラスト性評価結果を出力してもよい。あるいは、出力部140は、クラウド上の記憶装置など、サービス提供者、及び、サービス享受者などがアクセス可能な記憶装置に、ネットワークのトラスト性評価結果を出力してもよい。あるいは、出力部140は、インターネット上のホームページなど、サービス提供者、及び、サービス享受者などが参照可能な場所に、ネットワークのトラスト性評価結果を出力してもよい。 The output unit 140 outputs the network trust evaluation result. For example, the output unit 140 outputs the network trust evaluation result to a device of a service provider that uses the network. Alternatively, the output unit 140 may output the network trust evaluation result to a device of an insurance company that accepts insurance for service providers that use the network. Alternatively, the output unit 140 may output the network trust evaluation result to a storage device that can be accessed by service providers and service recipients, such as a storage device on the cloud. Alternatively, the output unit 140 may output the network trust evaluation result to a location that can be referenced by service providers and service recipients, such as a homepage on the Internet.
 図3は、評価装置10の動作の一例を示すフロー図である。評価結果取得部110は、機器それぞれのトラスト性評価結果を取得する(ステップS301)。対象情報取得部120は、評価対象であるネットワークの構成情報、ネットワークを構成する機器についての機器情報、及び、ネットワークのトラスト性評価指標を取得する(ステップS302)。トラスト性評価部130は、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークについてのトラスト性を評価する(ステップS303)。出力部140は、ネットワークのトラスト性評価結果を出力する。 FIG. 3 is a flow diagram showing an example of the operation of the evaluation device 10. The evaluation result acquisition unit 110 acquires the trust evaluation result of each device (step S301). The target information acquisition unit 120 acquires configuration information of the network to be evaluated, device information on the devices that make up the network, and a trust evaluation index for the network (step S302). The trust evaluation unit 130 evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation result of the devices (step S303). The output unit 140 outputs the trust evaluation result of the network.
 上記の通り、第1実施形態にかかる評価装置10は、機器それぞれのトラスト性評価結果を保存しておく。そして、評価装置10は、評価対象であるネットワークの構成情報、ネットワークを構成する機器についての機器情報、及び、ネットワークのトラスト性評価指標を取得する。そして、評価装置10は、構成情報、機器情報、トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、ネットワークについてのトラスト性を評価し、ネットワークのトラスト性評価結果を出力する。このように、評価装置10は、機器メーカーなど提供する機器のセキュリティに関連する信頼性でなく、サービス提供者などのニーズに対応した、ネットワークのトラスト性評価結果を出力する。その結果、例えば、サービス提供者などは、評価装置10から、サービス提供者などのニーズに対応した、ネットワークのトラスト性評価結果を取得できる。 As described above, the evaluation device 10 according to the first embodiment stores the trust evaluation results for each device. The evaluation device 10 then acquires configuration information of the network to be evaluated, device information on the devices that make up the network, and a trust evaluation index for the network. The evaluation device 10 then evaluates the trust of the network based on the configuration information, device information, trust evaluation index, and the trust evaluation results for the devices, and outputs the network trust evaluation results. In this way, the evaluation device 10 outputs a network trust evaluation result that meets the needs of service providers and the like, rather than the reliability related to the security of devices provided by device manufacturers and the like. As a result, for example, service providers and the like can acquire a network trust evaluation result that meets the needs of the service providers and the like from the evaluation device 10.
 <第2実施形態>
図4は、第2実施形態にかかる評価装置11の構成の一例を示すブロック図である。評価装置11は、評価装置10の構成に加え、証明書作成部150を含む。 Second Embodiment
4 is a block diagram showing an example of the configuration of the evaluation device 11 according to the second embodiment. The evaluation device 11 includes a certificate creation unit 150 in addition to the configuration of the evaluation device 10.
 証明書作成部150は、ネットワークのトラスト性評価結果についての証明書を作成する。証明書は、ネットワークのトラスト性評価結果において、改ざんなどが行われていないことを示すデータである。証明書作成部150は、例えば、電子認証、又は、ブロックチェーンなどを用いて、証明書を作成する。 The certificate creation unit 150 creates a certificate for the results of the network trust evaluation. The certificate is data that indicates that the results of the network trust evaluation have not been tampered with. The certificate creation unit 150 creates the certificate using, for example, electronic authentication or a blockchain.
 なお、証明書は、サービス享受者などに、ネットワークのトラスト性評価結果と共に提供される場合が多い。そのため、証明書は、ネットワークのトラスト性評価結果において改ざんなどが行われていないことを示すデータと、トラスト性評価結果との両方を含んでいてもよい。以下、説明の便宜のため、証明書は、ネットワークのトラスト性評価結果を含むとする。そして、出力部140は、サービス提供者などに、証明書を出力する。 The certificate is often provided to the service recipient, etc., together with the network trust evaluation result. Therefore, the certificate may include both the trust evaluation result and data indicating that the network trust evaluation result has not been tampered with. For ease of explanation, the certificate will be described below as including the network trust evaluation result. The output unit 140 then outputs the certificate to the service provider, etc.
 第1実施形態の評価装置10は、サービス提供者などから取得したトラスト性評価指標に基づいて評価した、ネットワークのトラスト性評価結果を出力する。ただし、第1実施形態におけるネットワークのトラスト性評価結果は、改ざんを防ぐ仕組みを備えていない。そのため、第1実施形態におけるネットワークのトラスト性評価結果は、必ずしも、サービス提供者からサービスを受けるサービス享受者などに提出する証明書としては、適切な形式のデータとは限らない。そこで、評価装置11は、ネットワークのトラスト性評価結果において改ざんなどが行われていないことを示すデータとして、証明書を作成して出力する。その結果、例えば、サービス提供者は、評価装置11が出力する証明書をサービス享受者などに提供して、ネットワークのトラスト性評価結果が改ざんなどされていないことを示すことができる。 The evaluation device 10 of the first embodiment outputs the network trust evaluation result evaluated based on the trust evaluation index obtained from the service provider or the like. However, the network trust evaluation result in the first embodiment does not have a mechanism for preventing tampering. Therefore, the network trust evaluation result in the first embodiment is not necessarily data in an appropriate format as a certificate to be submitted to a service recipient who receives a service from the service provider. Therefore, the evaluation device 11 creates and outputs a certificate as data indicating that the network trust evaluation result has not been tampered with. As a result, for example, the service provider can provide the certificate output by the evaluation device 11 to the service recipient or the like to indicate that the network trust evaluation result has not been tampered with.
 <第3実施形態>
図5は、第3実施形態にかかる評価装置12の構成の一例を示すブロック図である。評価装置12は、評価装置10の構成に加え、改善案策定部160を含む。評価装置12は、証明書作成部150を含んでもよい。 Third Embodiment
5 is a block diagram showing an example of the configuration of the evaluation device 12 according to the third embodiment. The evaluation device 12 includes an improvement plan formulation unit 160 in addition to the configuration of the evaluation device 10. The evaluation device 12 may also include a certificate creation unit 150.
 改善案策定部160は、ネットワークのトラスト性評価結果に基づいて、ネットワークのトラスト性についての改善案を策定する。ネットワークのトラスト性の改善案の策定は、ネットワークのトラスト性評価結果を向上させるため、ネットワークの構成及びネットワークを構成する機器の少なくとも一方を改める処置を定めることである。改善案は、例えば、機器の追加または削除を含むネットワークの構成の変更、又は、機器の変更でもよい。あるいは、改善案は、機器のトラスト性評価結果の改善でもよい。例えば、トラスト性評価指標が性能評価の検査結果の有無であり、ネットワークのトラスト性評価結果に性能評価の検査結果がない機器があるとの結果が含まれるとする。この場合、改善案策定部160は、改善案として、検査結果がない機器の検査実施を含む改善案を策定してもよい。改善案策定部160は、サービス提供者が含まれる業界における標準的な評価結果、又は、他社が用いている改善案などを参照して、ネットワークの改善案を策定してもよい。例えば、改善案策定部160は、標準的な評価結果との乖離が大きい項目についての改善案を策定してもよい。改善案策定部160は、ネットワークに含まれる機器のメーカーが提供している改善案を参照して、ネットワークに含まれる機器についての改善案を策定してもよい。例えば、機器のファームウェアが改版されている場合、改善案策定部160は、機器のメーカーが提供している最新のファームウェアを適用する改善案を策定してもよい。そして、出力部140は、サービス提供者に、改善案を出力する。その結果、サービス提供者は、評価装置12が出力する改善案を参照して、ネットワークのトラスト性を改善できる。 The improvement plan formulation unit 160 formulates an improvement plan for the trustworthiness of the network based on the results of the network trust evaluation. The formulation of an improvement plan for the trustworthiness of the network is to determine measures to modify at least one of the network configuration and the devices that constitute the network in order to improve the results of the network trust evaluation. The improvement plan may be, for example, a change in the network configuration, including the addition or removal of devices, or a change in the devices. Alternatively, the improvement plan may be an improvement of the trust evaluation results of the devices. For example, the trust evaluation index is the presence or absence of a performance evaluation test result, and the results of the network trust evaluation include a result that there is a device that does not have a performance evaluation test result. In this case, the improvement plan formulation unit 160 may formulate an improvement plan that includes conducting an inspection of the device that does not have an inspection result as an improvement plan. The improvement plan formulation unit 160 may formulate an improvement plan for the network by referring to standard evaluation results in the industry in which the service provider is included, or improvement plans used by other companies. For example, the improvement plan formulation unit 160 may formulate an improvement plan for an item that deviates greatly from the standard evaluation result. The improvement plan formulation unit 160 may formulate an improvement plan for the devices included in the network by referring to the improvement plan provided by the manufacturer of the devices included in the network. For example, if the firmware of the device has been updated, the improvement plan formulation unit 160 may formulate an improvement plan to apply the latest firmware provided by the device manufacturer. Then, the output unit 140 outputs the improvement plan to the service provider. As a result, the service provider can improve the reliability of the network by referring to the improvement plan output by the evaluation device 12.
 <第4実施形態>
図6は、第4実施形態にかかる評価装置13の構成の一例を示すブロック図である。評価装置13は、評価装置10の構成に加え、妥当性判定部170を含む。評価装置13は、証明書作成部150を含んでもよいし、改善案策定部160を含んでもよいし、証明書作成部150及び改善案策定部160を含んでもよい。 Fourth Embodiment
6 is a block diagram showing an example of the configuration of the evaluation device 13 according to the fourth embodiment. The evaluation device 13 includes a validity determination unit 170 in addition to the configuration of the evaluation device 10. The evaluation device 13 may include a certificate creation unit 150, may include an improvement plan formulation unit 160, or may include both the certificate creation unit 150 and the improvement plan formulation unit 160.
 妥当性判定部170は、ネットワークのトラスト性評価指標についての妥当性を判定する。トラスト性評価指標の妥当性とは、トラスト性評価指標が、ネットワークのトラスト性を判定する基準として、適切であるか否かを示すものである。妥当性判定部170は、例えば、ネットワークのトラスト性評価結果に含まれる項目の合計値又は平均値を用いて、トラスト性評価指標の妥当性を判定してもよい。あるいは、妥当性判定部170は、ネットワークのトラスト性評価結果に、対応する機器のトラスト性評価結果がないなど判定できない項目が含まれる場合に、妥当性がないと判定してもよい。あるいは、妥当性判定部170は、少なくとも一部のトラスト性評価結果が閾値を満たさない場合に、妥当性がないと判定してもよい。あるいは、妥当性判定部170は、サービス提供者が含まれる業界の標準的なトラスト性評価指標、又は、他社が用いているトラスト性評価指標の平均などと比較して、トラスト性評価指標の妥当性を判定してもよい。あるいは、妥当性判定部170は、トラスト性評価指標に含まれる項目間の整合性又は相反関係などに基づいて、妥当性を判定してもよい。あるいは、妥当性判定部170は、ネットワークの構成において、トラスト性評価指標に関連する機器のネットワーク全体に対する比率、又は、関連する機器の範囲などに基づいて、妥当性を判定してもよい。妥当性判定部170は、トラスト性評価指標を複数のグループに分割し、グループごとの妥当性を判定してもよい。そして、出力部140は、サービス提供者に、トラスト性評価指標の妥当性を出力する。その結果、サービス提供者は、評価装置13が出力する妥当性に基づいて、トラスト性評価指標の妥当性を把握できる。 The validity determination unit 170 determines the validity of the trust evaluation index of the network. The validity of the trust evaluation index indicates whether the trust evaluation index is appropriate as a criterion for determining the trust of the network. The validity determination unit 170 may determine the validity of the trust evaluation index, for example, by using the total value or average value of items included in the trust evaluation result of the network. Alternatively, the validity determination unit 170 may determine that the trust evaluation index is not valid when the trust evaluation result of the network includes an item that cannot be determined, such as when there is no trust evaluation result of the corresponding device. Alternatively, the validity determination unit 170 may determine that the trust evaluation index is not valid when at least a part of the trust evaluation results does not satisfy a threshold value. Alternatively, the validity determination unit 170 may determine the validity of the trust evaluation index by comparing it with a standard trust evaluation index of the industry in which the service provider is included, or an average of trust evaluation indexes used by other companies. Alternatively, the validity determination unit 170 may determine the validity based on the consistency or reciprocity between items included in the trust evaluation index. Alternatively, the validity determination unit 170 may determine the validity based on the ratio of devices related to the trust evaluation index to the entire network in the network configuration, or the range of related devices. The validity determination unit 170 may divide the trust evaluation index into multiple groups and determine the validity of each group. Then, the output unit 140 outputs the validity of the trust evaluation index to the service provider. As a result, the service provider can understand the validity of the trust evaluation index based on the validity output by the evaluation device 13.
 トラスト性評価指標の妥当性の判定結果は、妥当である否かで表されてもよいし、0.0から1.0までなどの数値を用いて表されてもよい。さらに、妥当性が閾値より低いなどトラスト性評価指標が妥当でない場合、妥当性判定部170は、出力部140を介して、サービス提供者に、トラスト性評価指標が妥当でないことを出力してもよい。その際、妥当性判定部170は、サービス提供者に対して、判定した妥当性の値、及び、妥当性の値の算出に用いた判定内容などを出力してもよい。この場合、サービス提供者は、例えば、トラスト性評価指標を再設定して、評価装置13に出力すればよい。妥当性判定部170は、トラスト性評価指標の妥当性が閾値以上となるなど、トラスト性評価指標が妥当となるまで、上記の動作を繰り返してもよい。そして、トラスト性評価指標が妥当となった場合に、妥当性判定部170は、トラスト性評価部130に、トラスト性評価指標が妥当であることを通知してもよい。 The result of the judgment of the validity of the trust evaluation index may be expressed as validity or not, or may be expressed using a numerical value such as 0.0 to 1.0. Furthermore, if the trust evaluation index is not valid, such as the validity being lower than the threshold, the validity judgment unit 170 may output to the service provider via the output unit 140 that the trust evaluation index is not valid. At that time, the validity judgment unit 170 may output to the service provider the judged validity value and the judgment content used to calculate the validity value. In this case, the service provider may, for example, reset the trust evaluation index and output it to the evaluation device 13. The validity judgment unit 170 may repeat the above operation until the trust evaluation index becomes valid, such as when the validity of the trust evaluation index becomes equal to or higher than the threshold. Then, when the trust evaluation index becomes valid, the validity judgment unit 170 may notify the trust evaluation unit 130 that the trust evaluation index is valid.
 トラスト性評価部130は、トラスト性評価指標が妥当となった場合に、妥当性判定部170から、トラスト性評価指標を取得してもよい。この場合の動作の一例を説明する。例えば、対象情報取得部120は、取得したトラスト性評価指標を妥当性判定部170に出力する。妥当性判定部170は、トラスト性評価指標の妥当性を判定し、トラスト性評価指標が妥当でない場合に、出力部140を介して、サービス提供者などに、トラスト性評価指標の再設定の必要性を示す情報を出力する。再設定の必要性を示す情報とは、再設定が必要であること、又は、再設定がどれほど必要であるかという度合いを示すものである。例えば、妥当性判定部170は、出力部140を介して、サービス提供者に、再設定の指示を出力してもよいし、判定した妥当性の値及び閾値を出力してもよい。そして、妥当性判定部170は、対象情報取得部120が再取得したトラスト性評価指標の妥当性を判定する。トラスト性評価指標が妥当となるまで、妥当性判定部170は、トラスト性評価指標の再設定の動作を実行する。そして、トラスト性評価指標が妥当となった場合に、妥当性判定部170は、トラスト性評価部130にトラスト性評価指標を出力してもよい。なお、トラスト性評価部130が、妥当性判定部170から妥当性を取得して、上記のようなトラスト性評価指標の再設定の動作を実行してもよい。 When the trust evaluation index becomes valid, the trust evaluation unit 130 may acquire the trust evaluation index from the validity determination unit 170. An example of the operation in this case will be described. For example, the target information acquisition unit 120 outputs the acquired trust evaluation index to the validity determination unit 170. The validity determination unit 170 judges the validity of the trust evaluation index, and when the trust evaluation index is not valid, outputs information indicating the need to reset the trust evaluation index to a service provider or the like via the output unit 140. The information indicating the need to reset indicates that resetting is necessary or the degree to which resetting is necessary. For example, the validity determination unit 170 may output an instruction to reset to the service provider via the output unit 140, or may output the determined validity value and threshold value. Then, the validity determination unit 170 judges the validity of the trust evaluation index reacquired by the target information acquisition unit 120. The validity determination unit 170 executes the operation of resetting the trust evaluation index until the trust evaluation index becomes valid. Then, when the trust evaluation index becomes valid, the validity determination unit 170 may output the trust evaluation index to the trust evaluation unit 130. Note that the trust evaluation unit 130 may obtain validity from the validity determination unit 170 and execute the operation of resetting the trust evaluation index as described above.
 トラスト性評価部130は、トラスト性の評価において、トラスト性評価指標についての妥当性を用いてもよい。例えば、検査項目の分析結果が同じ場合において、トラスト性評価部130は、妥当性が低い場合におけるネットワークのトラスト性評価結果を、妥当性が高い場合におけるネットワークのトラスト性評価結果より低い評価結果としてもよい。 The trust evaluation unit 130 may use the validity of the trust evaluation index when evaluating the trust. For example, when the analysis results of the test items are the same, the trust evaluation unit 130 may evaluate the network's trust evaluation result when the validity is low as a lower evaluation result than the network's trust evaluation result when the validity is high.
 <ハードウェア構成>
次に、評価装置10ないし13のハードウェア構成について、図面を参照して説明する。以下、評価装置10ないし13を総称して、「評価装置10など」と呼ぶ。評価装置10などの各構成部は、ハードウェア回路で構成されてもよい。あるいは、評価装置10などにおいて、各構成部は、ネットワークを介して接続した複数の装置を用いて、構成されてもよい。例えば、評価装置10などは、クラウドコンピューティングを利用して構成されてもよい。あるいは、評価装置10などにおいて、複数の構成部は、1つのハードウェアで構成されてもよい。 <Hardware Configuration>
Next, the hardware configuration of the evaluation devices 10 to 13 will be described with reference to the drawings. Hereinafter, the evaluation devices 10 to 13 will be collectively referred to as "evaluation device 10, etc." Each component of the evaluation device 10, etc. may be configured with a hardware circuit. Alternatively, in the evaluation device 10, etc., each component may be configured using multiple devices connected via a network. For example, the evaluation device 10, etc. may be configured using cloud computing. Alternatively, in the evaluation device 10, etc., multiple components may be configured with a single piece of hardware.
 あるいは、評価装置10などは、中央処理装置(CPU: Central Processing Unit)と、読み取り専用メモリ(ROM: Read Only Memory)と、ランダム・アクセス・メモリ(RAM: Random Access Memory)と、ネットワークインターフェースカード(NIC: Network Interface Card)とを含むコンピュータ装置として実現されてもよい。図7は、評価装置10などのハードウェア構成の一例であるコンピュータ装置600の構成を示すブロック図である。コンピュータ装置600は、CPU610と、ROM620と、RAM630と、記憶装置640と、NIC650とを含む。 Alternatively, the evaluation device 10 etc. may be realized as a computer device including a central processing unit (CPU), a read only memory (ROM), a random access memory (RAM), and a network interface card (NIC). Figure 7 is a block diagram showing the configuration of a computer device 600, which is an example of a hardware configuration of the evaluation device 10 etc. The computer device 600 includes a CPU 610, a ROM 620, a RAM 630, a storage device 640, and a NIC 650.
 CPU610は、ROM620及び記憶装置640の少なくとも一方からプログラムを読み込む。そして、CPU610は、読み込んだプログラムに基づいて、RAM630と、記憶装置640と、NIC650とを制御する。コンピュータ装置600は、これらの構成を制御して、評価結果取得部110、対象情報取得部120、トラスト性評価部130、出力部140、証明書作成部150、改善案策定部160、及び、妥当性判定部170としての機能を実現する。このように、評価装置10などは、ハードウェアとソフトウェアとの組合せとして、機能を実現してもよい。CPU610は、コンピュータで読み取り可能にプログラムを記憶した記録媒体690が含むプログラムを、図示しない記録媒体読み取り装置を用いて読み込んでもよい。あるいは、CPU610は、NIC650を介して、図示しない外部の装置からプログラムを受け取り、RAM630又は記憶装置640に保存して、保存したプログラムに基づいて動作してもよい。 The CPU 610 reads a program from at least one of the ROM 620 and the storage device 640. The CPU 610 then controls the RAM 630, the storage device 640, and the NIC 650 based on the read program. The computer device 600 controls these components to realize the functions of the evaluation result acquisition unit 110, the target information acquisition unit 120, the trust evaluation unit 130, the output unit 140, the certificate creation unit 150, the improvement plan formulation unit 160, and the validity determination unit 170. In this way, the evaluation device 10 and the like may realize functions as a combination of hardware and software. The CPU 610 may read a program contained in the recording medium 690 that stores a computer-readable program using a recording medium reading device (not shown). Alternatively, the CPU 610 may receive a program from an external device (not shown) via the NIC 650, save it in the RAM 630 or the storage device 640, and operate based on the saved program.
 ROM620は、CPU610が実行するプログラム及び固定的なデータを記憶する。ROM620は、例えば、プログラマブルROM(P-ROM: Programmable-ROM)又はフラッシュROMである。RAM630は、CPU610が実行するプログラム及びデータを一時的に記憶する。RAM630は、例えば、ダイナミックRAM(D-RAM: Dynamic-RAM)である。記憶装置640は、コンピュータ装置600が長期的に保存するデータ及びプログラムを記憶する。記憶装置640は、評価結果取得部110が取得した、機器のトラスト性評価結果を保存してもよい。また、記憶装置640は、CPU610の一時記憶装置として動作してもよい。記憶装置640は、例えば、ハードディスク装置、光磁気ディスク装置、ソリッド・ステート・ドライブ(SSD: Solid State Drive)、又は、ディスクアレイ装置である。 The ROM 620 stores programs and fixed data executed by the CPU 610. The ROM 620 is, for example, a programmable ROM (P-ROM) or a flash ROM. The RAM 630 temporarily stores programs and data executed by the CPU 610. The RAM 630 is, for example, a dynamic RAM (D-RAM). The storage device 640 stores data and programs that the computer device 600 stores for the long term. The storage device 640 may store the results of the device trust evaluation acquired by the evaluation result acquisition unit 110. The storage device 640 may also operate as a temporary storage device for the CPU 610. The storage device 640 is, for example, a hard disk device, a magneto-optical disk device, a solid state drive (SSD), or a disk array device.
 ROM620及び記憶装置640は、不揮発性(non-transitory)の記録媒体である。一方、RAM630は、揮発性(transitory)の記録媒体である。そして、CPU610は、ROM620、記憶装置640、及び、RAM630に記憶されているプログラムに基づいて動作可能である。つまり、CPU610は、不揮発性記録媒体及び揮発性記録媒体のどちらを用いても動作可能である。CPU610は、各機能を実現する際に、RAM630及び記憶装置640の少なくとも一方を、プログラム及びデータの一時的な記憶媒体として使用してもよい。 ROM 620 and storage device 640 are non-volatile (non-transitory) recording media. On the other hand, RAM 630 is a volatile (transitory) recording medium. CPU 610 can operate based on programs stored in ROM 620, storage device 640, and RAM 630. In other words, CPU 610 can operate using either non-volatile recording media or volatile recording media. When realizing each function, CPU 610 may use at least one of RAM 630 and storage device 640 as a temporary storage medium for programs and data.
 NIC650は、ネットワークを介した図示しない外部の装置とのデータのやり取りを中継する。NIC650は、例えば、サービス提供者の装置との通信を中継する。NIC650は、例えば、ローカル・エリア・ネットワーク(LAN: Local Area Network)カードである。さらに、NIC650は、有線に限らず、無線を用いてもよい。 The NIC 650 relays data exchange with external devices (not shown) via the network. For example, the NIC 650 relays communication with a service provider's device. The NIC 650 is, for example, a local area network (LAN) card. Furthermore, the NIC 650 is not limited to being wired, and may be wireless.
 このように構成されたコンピュータ装置600は、評価装置10などにおける各構成の動作を実行して、評価装置10などとしての機能を実現する。 The computer device 600 configured in this manner executes the operations of each component in the evaluation device 10, etc., to realize the functions of the evaluation device 10, etc.
 <利用システム例>
評価装置10などを利用するシステムの一例を、評価装置11を用いて説明する。図8は、評価装置11を利用するシステム60の構成の一例を説明するブロック図である。システム60は、評価装置11と、サービス提供者がサービスの提供に用いるネットワーク20と、サービス提供者が使用する端末30と、サービス享受者が使用する端末40とを含む。サービス提供者は、端末30を操作して、評価装置11に、ネットワーク20について構成情報、機器情報、及び、トラスト性評価指標を出力する。評価装置11は、上記の通り動作して、ネットワークのトラスト性についての証明書を作成し、サービス提供者の端末30に出力する。なお、証明書は、ネットワークのトラスト性評価結果において改ざんなどが行われていないことを示すデータと、ネットワークのトラスト性評価結果との両方を含むデータである。 <Examples of systems in use>
An example of a system using the evaluation device 10 and the like will be described using the evaluation device 11. FIG. 8 is a block diagram for explaining an example of the configuration of a system 60 using the evaluation device 11. The system 60 includes the evaluation device 11, a network 20 used by a service provider to provide a service, a terminal 30 used by the service provider, and a terminal 40 used by a service recipient. The service provider operates the terminal 30 to output configuration information, device information, and a trust evaluation index for the network 20 to the evaluation device 11. The evaluation device 11 operates as described above to create a certificate regarding the trust of the network and output it to the terminal 30 of the service provider. The certificate is data including both data indicating that no tampering has been performed on the trust evaluation result of the network and the trust evaluation result of the network.
 サービス提供者は、端末30を操作して、取得した証明書を、ネットワーク20のサービス享受者の端末40に出力する。サービス享受者は、端末40が取得した証明書に基づいて、ネットワーク20からのサービスの提供を受けるか否かを判断する。サービスの提供を受けると判断した場合、サービス享受者は、端末40を操作して、ネットワーク20からサービスの提供を受ける。 The service provider operates terminal 30 to output the acquired certificate to terminal 40 of the service recipient on network 20. The service recipient decides whether or not to receive the service provided from network 20 based on the certificate acquired by terminal 40. If the service recipient decides to receive the service, he or she operates terminal 40 to receive the service provided from network 20.
 以上、実施形態を参照して本願発明を説明したが、本願発明は上記実施形態に限定されるものではない。本願発明の構成や詳細には、本願発明のスコープ内で当業者が理解し得る様々な変更をすることができる。 The present invention has been described above with reference to the embodiments, but the present invention is not limited to the above-mentioned embodiments. Various modifications that can be understood by a person skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
 10 評価装置
 11 評価装置
 12 評価装置
 13 評価装置
 20 ネットワーク
 30 端末
 40 端末
 60 システム
 110 評価結果取得部
 120 対象情報取得部
 130 トラスト性評価部
 131 検査項目作成部
 132 検査項目判定部
 133 評価結果作成部
 140 出力部
 150 証明書作成部
 160 改善案策定部
 170 妥当性判定部
 600 コンピュータ装置
 610 CPU
 620 ROM
 630 RAM
 640 記憶装置
 650 NIC
 690 記録媒体 REFERENCE SIGNS LIST 10 Evaluation device 11 Evaluation device 12 Evaluation device 13 Evaluation device 20 Network 30 Terminal 40 Terminal 60 System 110 Evaluation result acquisition unit 120 Target information acquisition unit 130 Trustworthiness evaluation unit 131 Inspection item creation unit 132 Inspection item judgment unit 133 Evaluation result creation unit 140 Output unit 150 Certificate creation unit 160 Improvement plan formulation unit 170 Validity judgment unit 600 Computer device 610 CPU
620 ROM
630 RAM
640 Storage device 650 NIC
690 Recording medium

Claims (10)

  1.  機器それぞれのトラスト性評価結果を取得する評価結果取得手段と、
     評価対象であるネットワークの構成情報、前記ネットワークを構成する機器についての機器情報、及び、前記ネットワークのトラスト性評価指標を取得する対象情報取得手段と、
     前記構成情報、前記機器情報、前記トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、前記ネットワークのトラスト性を評価するトラスト性評価手段と、
     前記ネットワークのトラスト性評価結果を出力する出力手段と
     を含む評価装置。     An evaluation result acquisition means for acquiring a trust evaluation result of each device;
    A target information acquisition means for acquiring configuration information of a network to be evaluated, device information about devices constituting the network, and a trust evaluation index of the network;
    a trust evaluation means for evaluating the trust of the network based on the configuration information, the device information, the trust evaluation index, and a trust evaluation result of the device;
    and an output means for outputting a result of the trust evaluation of the network.
  2.  前記トラスト性評価手段は、
     前記構成情報、及び、前記トラスト性評価指標に基づいて、前記ネットワークのトラスト性を評価するための、機器の検査項目を作成する検査項目作成手段と、
     前記機器情報、及び、機器のトラスト性評価結果に基づいて、前記検査項目を判定する検査項目判定手段と、
     前記ネットワークの前記トラスト性評価指標、及び、前記検査項目の分析結果に基づいて、前記ネットワークのトラスト性評価結果を作成する評価結果作成手段と
     を含む請求項1に記載の評価装置。     The trust evaluation means includes:
    an inspection item creation means for creating inspection items for devices for evaluating the trustworthiness of the network based on the configuration information and the trustworthiness evaluation index;
    an inspection item determination means for determining the inspection item based on the device information and a result of the trust evaluation of the device;
    The evaluation device according to claim 1 , further comprising: an evaluation result generating means for generating a trust evaluation result of the network based on the trust evaluation index of the network and an analysis result of the inspection items.
  3.  前記ネットワークのトラスト性評価結果についての証明書を作成する証明書作成手段をさらに含み、
     前記出力手段は、前記証明書を出力する
     請求項1又は2に記載の評価装置。     a certificate generating unit for generating a certificate regarding the result of the trust evaluation of the network;
    The evaluation device according to claim 1 , wherein the output means outputs the certificate.
  4.  前記ネットワークのトラスト性評価結果に基づいて、前記ネットワークのトラスト性についての改善案を策定する改善案策定手段をさらに含み、
     前記出力手段は、前記改善案を出力する
     請求項1ないし3のいずれか1項に記載の評価装置。     The method further includes: developing an improvement plan for improving the reliability of the network based on a result of the trust evaluation of the network;
    The evaluation device according to claim 1 , wherein the output means outputs the improvement plan.
  5.  前記ネットワークの前記トラスト性評価指標についての妥当性を判定する妥当性判定手段をさらに含み、
     前記出力手段は、前記妥当性を出力する
     請求項1ないし4のいずれか1項に記載の評価装置。     The method further includes a validity determination unit that determines the validity of the trust evaluation index of the network,
    The evaluation device according to claim 1 , wherein the output means outputs the validity.
  6.  前記妥当性判定手段は、
      前記ネットワークの前記トラスト性評価指標が妥当でない場合、前記出力手段を介して、前記ネットワークの前記トラスト性評価指標の再設定の必要性を示す情報を出力し、
      前記ネットワークの前記トラスト性評価指標が妥当な場合、前記トラスト性評価手段に、前記ネットワークの前記トラスト性評価指標を出力する、
     請求項5に記載の評価装置。     The validity determination means
    outputting information indicating the necessity of resetting the trust evaluation index of the network via the output means when the trust evaluation index of the network is not valid;
    If the trust evaluation index of the network is valid, output the trust evaluation index of the network to the trust evaluation means.
    The evaluation device according to claim 5 .
  7.  前記トラスト性評価手段は、前記ネットワークの前記トラスト性評価指標についての前記妥当性に基づいて、前記トラスト性を評価する
     請求項5又は6に記載の評価装置。     The evaluation device according to claim 5 , wherein the trust evaluation means evaluates the trust based on the validity of the trust evaluation index of the network.
  8.  前記トラスト性評価手段は、前記ネットワークを用いてサービスを提供するサービス提供者に関連する情報に基づいて、前記トラスト性を評価する
     請求項1ないし7のいずれか1項に記載の評価装置。     The evaluation device according to claim 1 , wherein the trust evaluation means evaluates the trust based on information related to a service provider that provides a service using the network.
  9.  機器それぞれのトラスト性評価結果を取得し、
     評価対象であるネットワークの構成情報、前記ネットワークを構成する機器についての機器情報、及び、前記ネットワークのトラスト性評価指標を取得し、
     前記構成情報、前記機器情報、前記トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、前記ネットワークのトラスト性を評価し、
     前記ネットワークのトラスト性評価結果を出力する
     評価方法。     Obtain the trust evaluation results for each device,
    Acquire configuration information of a network to be evaluated, device information about devices constituting the network, and a trust evaluation index of the network;
    evaluating the trustworthiness of the network based on the configuration information, the device information, the trustworthiness evaluation index, and a result of the trustworthiness evaluation of the device;
    and outputting a result of the trust evaluation of the network.
  10.  機器それぞれのトラスト性評価結果を取得する処理と、
     評価対象であるネットワークの構成情報、前記ネットワークを構成する機器についての機器情報、及び、前記ネットワークのトラスト性評価指標を取得する処理と、
     前記構成情報、前記機器情報、前記トラスト性評価指標、及び、機器のトラスト性評価結果に基づいて、前記ネットワークのトラスト性を評価する処理と、
     前記ネットワークのトラスト性評価結果を出力する処理と
     をコンピュータに実行させるプログラムを記録する記録媒体。     A process of acquiring a trust evaluation result for each device;
    A process of acquiring configuration information of a network to be evaluated, device information about devices constituting the network, and a trust evaluation index of the network;
    A process of evaluating the trustworthiness of the network based on the configuration information, the device information, the trustworthiness evaluation index, and a result of the trustworthiness evaluation of the device;
    and a recording medium for recording a program for causing a computer to execute the process of outputting a result of the trust evaluation of the network.
PCT/JP2022/036510 2022-09-29 2022-09-29 Evaluation device, evaluation method, and recording medium WO2024069876A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036510 WO2024069876A1 (en) 2022-09-29 2022-09-29 Evaluation device, evaluation method, and recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036510 WO2024069876A1 (en) 2022-09-29 2022-09-29 Evaluation device, evaluation method, and recording medium

Publications (1)

Publication Number Publication Date
WO2024069876A1 true WO2024069876A1 (en) 2024-04-04

Family

ID=90476898

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/036510 WO2024069876A1 (en) 2022-09-29 2022-09-29 Evaluation device, evaluation method, and recording medium

Country Status (1)

Country Link
WO (1) WO2024069876A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006268544A (en) * 2005-03-24 2006-10-05 Ntt Communications Kk System, method and program for network connection control
JP2015156578A (en) * 2014-02-20 2015-08-27 日本電信電話株式会社 Network evaluation apparatus, method, and program
JP2016143299A (en) * 2015-02-04 2016-08-08 株式会社日立製作所 Risk evaluation system and risk evaluation method
JP2018077597A (en) * 2016-11-08 2018-05-17 株式会社日立製作所 Security measure planning support system and method
WO2019186722A1 (en) * 2018-03-27 2019-10-03 日本電気株式会社 Security evaluation system, security evaluation method, and program
US20190386974A1 (en) * 2018-06-19 2019-12-19 Arm Ip Limited Data Trust Score
WO2021029160A1 (en) * 2019-08-09 2021-02-18 日本電気株式会社 Backdoor inspection device, user device, system, method, and non-transitory computer-readable medium
WO2022118395A1 (en) * 2020-12-02 2022-06-09 日本電気株式会社 Network control device, network system, network control method, and non-transitory computer-readable medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006268544A (en) * 2005-03-24 2006-10-05 Ntt Communications Kk System, method and program for network connection control
JP2015156578A (en) * 2014-02-20 2015-08-27 日本電信電話株式会社 Network evaluation apparatus, method, and program
JP2016143299A (en) * 2015-02-04 2016-08-08 株式会社日立製作所 Risk evaluation system and risk evaluation method
JP2018077597A (en) * 2016-11-08 2018-05-17 株式会社日立製作所 Security measure planning support system and method
WO2019186722A1 (en) * 2018-03-27 2019-10-03 日本電気株式会社 Security evaluation system, security evaluation method, and program
US20190386974A1 (en) * 2018-06-19 2019-12-19 Arm Ip Limited Data Trust Score
WO2021029160A1 (en) * 2019-08-09 2021-02-18 日本電気株式会社 Backdoor inspection device, user device, system, method, and non-transitory computer-readable medium
WO2022118395A1 (en) * 2020-12-02 2022-06-09 日本電気株式会社 Network control device, network system, network control method, and non-transitory computer-readable medium

Similar Documents

Publication Publication Date Title
US9052981B2 (en) System and method to map defect reduction data to organizational maturity profiles for defect projection modeling
MXPA05011245A (en) Realizing legally binding business contracts through service management models.
CN110727580A (en) Response data generation method, full-flow interface data processing method and related equipment
CN111931047B (en) Artificial intelligence-based black product account detection method and related device
US20200372372A1 (en) Predicting the disaster recovery invocation response time
CN112035350B (en) Test method and device for block chain system and computer equipment
US20190354913A1 (en) Method and system for quantifying quality of customer experience (cx) of an application
US11373004B2 (en) Report comprising a masked value
CN117501658A (en) Evaluation of likelihood of security event alarms
CN117272308A (en) Software security test method, device, equipment, storage medium and program product
WO2024069876A1 (en) Evaluation device, evaluation method, and recording medium
CN117032634A (en) Component processing method and system
CN110162982B (en) Method and device for detecting illegal rights, storage medium and electronic equipment
Blanco et al. Hub location with protection under interhub link failures
Lyvas et al. A hybrid dynamic risk analysis methodology for cyber-physical systems
US20230281368A1 (en) Systems and methods for identifying and remediating architecture risk
US20080244519A1 (en) Identifying, Correcting and Displaying Application Website and Device Compatibility Issues
Peruma et al. Understanding the relationship between quality and security: a large-scale analysis of Android applications
JP5679347B2 (en) Failure detection device, failure detection method, and program
Gol Mohammadi et al. Trustworthiness cases–toward preparation for the trustworthiness certification
WO2024069875A1 (en) Evaluation device, terminal, evaluation system, evaluation method, and recording medium
US20240126927A1 (en) Ui/ux development system applied with blockchain for preventing forgery/falsification and forgery/falsification verification method using the same
Heisel et al. Risk identification based on architectural patterns
US11861015B1 (en) Risk scoring system for vulnerability mitigation
Pearson et al. Improving cloud assurance and transparency through accountability mechanisms

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22960936

Country of ref document: EP

Kind code of ref document: A1