脆弱性対策情報データベースJVNの提案 Proposal of JP Vendor Status Notes Database (JVN)

この論文にアクセスする

この論文をさがす

著者

抄録

インターネットの常時接続の普及にともない,マルウェアの流布を含む不正アクセス活動は活発化しており,また,その被害も広範囲かつ多岐にわたるようになってきている.しかし,不正アクセス対策を行うために必要となる,国内で利用されているソフトウェアや装置を対象とする脆弱性対策情報については,「情報が散々している」「影響範囲の把握が難しい」などの解決すべき課題がある.本論文では,このような課題を解決し,国内でのセキュリティ対策推進を支援するために,国内で利用されているソフトウェアや装置の脆弱性を対象とした対策情報データベースJVN(JP Vendor Status Notes)を提案する.さらに,提案に基づき構築したWeb 試行サイトの運用を通して得られた利用状況から構築したシステムでの情報提供の有効性を確認した.Unauthorized access containing Malware propagation is activated and causes a lot of damage. In order to protect the unauthorized access and eliminate the vulnerability, it is necessary to improve the security information sharing environments about the Japanese domestic software and the equipments. When the new vulnerability is exposed or security advisory is released, the security administrators try to gather countermeasure information about that vulnerability. In this work, we have taken up this issue. We have examined 竏驤 how we can provide a security information sharing service for the security administrators. We propose JVN (JP Vendor Status Notes) as the security information sharing system. JVN includes two service components, "Vendor Status Notes (VN)" and "Status Tracking Notes (TRnotes)". The former is the countermeasure information service of the vulnerability, and the latter is the event information service of the incidents. This paper discusses the requirements of these services and introduce our sharing framework.

Unauthorized access containing Malware propagation is activated and causes a lot of damage. In order to protect the unauthorized access and eliminate the vulnerability, it is necessary to improve the security information sharing environments about the Japanese domestic software and the equipments. When the new vulnerability is exposed or security advisory is released, the security administrators try to gather countermeasure information about that vulnerability. In this work, we have taken up this issue. We have examined-how we can provide a security information sharing service for the security administrators. We propose JVN (JP Vendor Status Notes) as the security information sharing system. JVN includes two service components, "Vendor Status Notes (VN)" and "Status Tracking Notes (TRnotes)". The former is the countermeasure information service of the vulnerability, and the latter is the event information service of the incidents. This paper discusses the requirements of these services and introduce our sharing framework.

収録刊行物

  • 情報処理学会論文誌

    情報処理学会論文誌 46(5), 1256-1265, 2005-05-15

    一般社団法人情報処理学会

参考文献:  18件中 1-18件 を表示

被引用文献:  6件中 1-6件 を表示

各種コード

  • NII論文ID(NAID)
    110002768631
  • NII書誌ID(NCID)
    AN00116647
  • 本文言語コード
    JPN
  • 資料種別
    Journal Article
  • ISSN
    1882-7764
  • NDL 記事登録ID
    7359806
  • NDL 雑誌分類
    ZM13(科学技術--科学技術一般--データ処理・計算機)
  • NDL 請求記号
    Z14-741
  • データ提供元
    CJP書誌  CJP引用  NDL  NII-ELS  IPSJ 
ページトップへ