31th CSEC Group Meeting

December 09, 2005

Chuo University
Korakuen Campus
1-13-27 Kasuga, Bunkyo-ku, Tokyo 112-8551


31th CSEC Group Meeting Program
(1) A Packet Filtering Rules Analysis by Decomposing into Matrixes- Removable and Revisable Rules Detection -
Katsushi MATSUDA

Packet filters are essential for organizations that are connected to the Internet. However, it is difficult for even security experts to manage the filters, because their configurations consist of a large number of rules. In this paper, we describe a novel analysis method using matrixes. The matrixes are the smallest hyper cubes into which a hyper space including a rule set is decomposed at all boundary derived from every beginning and end value of each attribute of the all rule. Mapping these matrixes to the rules enables to find unnecessary rules. We have had an experiment of elapse time of analyzing. The result shows that the system produces results within practical time up to about five hundreds rules. And also we have detected 44 unnecessary rules from an actual rule set consisted of 525 rules.

(2) Faster metamorphic computer virus detection using redundancy-control strategy
Ruo Ando (Graduate School of Media and Governance Keio University)
Yoshiyasu Takefuji (Graduate School of Media and Governance Keio University)

In this paper we propose a resolution based detection method for detecting metamorphic computer virus. Our method is the application of formal verification using theorem proving, which deduce parts of viral code from the large number of obfuscated operations and re-assemble those in order to reveal the signature of virus. To make our detection method more feasible and effective, redundancy-control strategies are applied for the resolution process. In this paper the strategies of demodulation and subsumption are applied for eliminating the redundant path of resolution. Experiment shows that without these strategies, resolving metamorphic code into several simplified operations is almost impossible, at least is not feasible in reasonable computing time.

(3) A Consideration of the Spyware Detection and Prevention System for HTTP Communication
Hisamichi OHTANI (NTT Data Corporation)
Akira YONAHARA (NTT Data Corporation)
Tatsuya BABA (NTT Data Corporation)
Tsutomu INADA (NTT Data Corporation)

Many black hat hackers became working by the profit-pursuing purpose. Therefore, We're afraid for appearance of the spyware that takes aim at the internal PC of an enterprise network. The spyware are evolving skills about hiding from Anti-Spyware software by the Polymorphic/Metamorphic coding technique. In this paper, we made an examination of behavior detection method by HTTP message analysis and interrupt method of HTTP control and URL instruction. And we propose an implementation method of those two methods.

(4) A proposal of the access control machanism for the Weblog
Masayuki HANADATE (NTT Information and Sharing Platform Laboratories)
Shinji NAGAO (NTT Information and Sharing Platform Laboratories)
Takahiro HAMADA (NTT Information and Sharing Platform Laboratories)
Hiroki NAGAI (NTT Information and Sharing Platform Laboratories)
Osamu SHIONOIRI (NTT Information and Sharing Platform Laboratories)

In this paper, we propose an access control mechanism for Weblog groups, in which the Weblogs provided by multiple Weblog providers allow only same readers, those accepted by the members of the Weblog group, to download articles. This access control is realized as follows: (1) a token that represents the access right to download articles is stored in the Weblogs of every accepted reader, (2) each author associates one or more articles on his/her Weblog with the token, (3) the reader is allowed to download the article only if 2 Weblogs (i.e. the author's Weblog and the reader's Weblog) hold the same token. This technology removes the bottleneck of a separate authentication facility. It also provides excellent scalability in terms of updating the community member list among Weblogs, and enhanced security in sharing the community member list among Weblogs. We implement this technology and confirm that authentication is completed within 500ms.

(5) A Report on Information Security Conference (ISC)/International Workshop for Applied PKI (IWAP)/Secure Mobile Ad-hoc Networks and Sensors (MADNES)
Fumiaki NAGANO (Graduate School of Information Science and Electrical Engineering Kyushu University)
Yoshifumi Ueshige (Institute of Systems & Information Technologies/ KYUSHU)
Kouichi SAKURAI (Faculty of Information Science and Electrical Engineering Kyushu University)

This paper reports Information Security Conference (ISC), International Workshop for Applied PKI (IWAP), and Secure Mobile Ad-hoc Networks and Sensors (MADNES) held on September 20-23, 2005 at Sentosa, Singapore.

(6) Feature-Abstraction Framework to Construct Dynamic Birthmarks and Some Experiments
Koichiro HAYASHI (Graduate School of Mathematical Sciences and Information Engineering Nanzan University)
Motoyasu KAEDE (Graduate School of Mathematical Sciences and Information Engineering Nanzan University)
Yoshihisa MANO (Faculty of Mathematical Sciences and Information Engineering Nanzan University)

A framework has been proposed to construct dynamic software birthmarks for detecting the program thefts [4]. In this framework, birthmarks are constructed by combining two operations, the extraction of some feature from run-time information, and the abstraction of the data with the feature. Since this framework makes us consider each operation individually, we can expect gaining various effective birthmarks. This expectation, however, has not been demonstrated by enough experiments. We construct some birthmarks by proposing some abstraction methods, and demonstrate the effectiveness of the framework. The constructed birthmarks show high resilience for many semantic preserving translations.

(7) Consideration about intellectual property management in Laboratory of Software Engineering
Ryoju Hamada

At the university, intellectual property headquarters was improved and management of intellectual property rights was begun as a university. The clear indicator is shown and employed to the intellectual property rights which the personnel created. But the rule about what is not the personnel, such as a student, and the rule about things other than a patent are still indefinite, and since a culture changes with a department or areas of research, the unitary management by intellectual property headquarters is difficult, and cannot but be based on a laboratory in management. However, knowledge of a laboratory shares information and data in an informal environment, deposits an idea at a seminar etc., and since it is begun and create together, when intellectual property rights are asserted, it has a possibility of spoiling the continuity of research. In development of an information system, especially software, there is a problem peculiar to the importance of an idea, use of the program which cannot decide exhibition, etc. The state of the legal framework for surfacing with such a situation is considered.

(8) A Study on Structuring of ISO/IEC 17799 Using XML
Tatsuaki Takahashi (Graduate School of Engineering Soka University)
Guillermo Horacio RAMIREZ CACERES (Graduate School of Engineering Soka University)
Yoshimi TESHIGAWARA (Graduate School of Engineering Soka University)

Recently, in order to protect the information property, many enterprises are using information security policies including security policy making. An international standard for information security management, ISO/IEC 17799 "Code of practice for information security management" is helpful for those who make security policies. Regarding the information security policies based on ISO/IEC 17799, since ISO/IEC 17799 is not well classified into domains, objectives and controls and the structure is complicated, it is difficult to select necessary management controls. In this research, we intend to structure ISO/IEC 17799 to clarify the interrelation of domains, objectives and controls, paying attention to the descriptions "See" of ISO/IEC 17799, by making use of Native XML Database. As the result, in order to make the information security policies, necessary controls to be selected are recognized, and the important controls are clarified.

(9) Safety of Templates Using Fuzzy Biometric Vault Scheme
Tetsushi Ohki (Science and Engineering Waseda University)
Shiro Akatsuka (Science and Engineering Waseda University)
Naohisa Komatsu (Science and Engineering Waseda University)
Masao Kasahara (Faculty of Informatics Osaka Gakuin University)

Recently, biometric person authentication has become a spotlight. However, in conventional biometric person authentication systems, each individual's template is stored as it is in the system. Hence, when a registered template is not properly protected, the risk of impersonation using biometric information restored due to template leakage by a third party arises. In this paper we propose a method to improve safety of template using Fuzzy Vault Scheme. In this paper the safety of templates is evaluated by simulation of a fingerprint verification system.

(10) On the Set of Biometric Test Objects for Security Evaluation of Iris Authentication Systems
Tsutomu Matsumoto (Yokohama National University Graduate School of Environment and Information Sciences)
Kenji Sato (Yokohama National University Graduate School of Environment and Information Sciences)

This paper discusses an experimental study on developing a set of biometric test objects --- Test Artificial Irises --- for security evaluation of iris authentication systems.

(11) Raising the Semi-discrete Logarithm Problem
Ikuhiro Igarashi (Iwate Prefectural University)
Eiichiro Kodama (Iwate Prefectural University)
Toyoo Takata (Iwate Prefectural University)

Because the discrete logarithm problem was converted into a simpler problem, more equivalent semi-discrete logarithm problem we discuss this problem.

(12) Study of Residue Class Ring of Modulo a^x
Ikuhiro Igarashi (Iwate Prefectural University)
Eiichiro Kodama (Iwate Prefectural University)
Toyoo Takata (Iwate Prefectural University)

There are some subsets order ay which can define the additive group in the residue class ring on modulo ax. In addition, to find solution they are easy to handle the discrete logarithm with this residue class ring. We study characteristics concerning this residue class ring.


Valid HTML 4.01! Valid CSS!