{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00192678","sets":["6164:6165:6244:9615"]},"path":["9615"],"owner":"44499","recid":"192678","title":["Webアプリケーションテストを用いたSQLクエリのホワイトリスト自動作成手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-11-29"},"_buckets":{"deposit":"8c6c6b97-67fa-41fc-a1aa-1cc80434bc1a"},"_deposit":{"id":"192678","pid":{"type":"depid","value":"192678","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Webアプリケーションテストを用いたSQLクエリのホワイトリスト自動作成手法","author_link":["450301","450306","450310","450302","450309","450305","450308","450307","450303","450304"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Webアプリケーションテストを用いたSQLクエリのホワイトリスト自動作成手法"},{"subitem_title":"Automatic Whitelist Generation for SQL Queries Using Web Application Tests","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ検知・分析","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2018-11-29","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"GMOペパボ株式会社ペパボ研究所"},{"subitem_text_value":"ココン株式会社／株式会社レピダム"},{"subitem_text_value":"ココン株式会社／株式会社レピダム"},{"subitem_text_value":"GMOペパボ株式会社ペパボ研究所／力武健次技術士事務所"},{"subitem_text_value":"GMOペパボ株式会社ペパボ研究所／さくらインターネット株式会社"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Pepabo R&D Institute, GMO Pepabo, Inc.","subitem_text_language":"en"},{"subitem_text_value":"Cocon, Inc. / Lepidum Co. Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Cocon, Inc. / Lepidum Co. Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Pepabo R&D Institute, GMO Pepabo, Inc. / Kenji Rikitake Professional","subitem_text_language":"en"},{"subitem_text_value":"Pepabo R&D Institute, GMO Pepabo, Inc. / SAKURA Internet, Inc.","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/192678/files/IPSJ-IOTS2018022.pdf","label":"IPSJ-IOTS2018022.pdf"},"date":[{"dateType":"Available","dateValue":"2020-11-29"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOTS2018022.pdf","filesize":[{"value":"1.7 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"f066fd78-439e-4b72-852a-00e237e4d931","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"野村, 孔命"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"阿部, 博"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"菅野, 哲"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"力武, 健次"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"松本, 亮介"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Komei, Nomura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroshi, Abe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Satoru, Kanno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kenji, Rikitake","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryosuke, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Web アプリケーションの脆弱性を利用してデータベースから機密情報を窃取する攻撃が問題になっている．対策として，クエリのホワイトリストによる検知があるが，大規模なアプリケーションにおいてはクエリパターンが膨大であり，開発者によるリストの手動作成が困難なため，リストの自動作成手法が利用される．しかし，従来のホワイトリスト自動作成手法には，ユーザが Web サービスを利用することによって，発行されるクエリを収集するのに時間がかかり検知の即時性が低い課題や，アプリケーション毎に異なる実装を必要とし汎用性が低い課題がある．本稿では，アプリケーションの動作テスト実行時の発行クエリからホワイトリストを作成する手法を提案する．提案手法はテスト時の発行クエリを使いアプリケーションの実装に依存せず作成できるため，検知の即時性や汎用性は向上する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Stealing confidential information of the database has became a serious vulnerability issue of Web applications. Defining the whitelist of SQL queries issued by the Web application is a countermeasure to detect the attack. For large-scale Web applications, automated generation of the whitelist is conducted since manually defining a large number of the query patterns is impractical for the developers. Conventional methods for the automated generation are unable to detect the attacks immediately due to the long requiring time of collecting legitmate queries and require the application-specific implementations which reduce the versatility of the methods. In this paper, we propose a method to automatically generate a whitelist using issued queries during Web application tests. Our proposed method uses the generated queries during the application tests and does not depend on the specific application, which results in improved timeliness against the attacks and versatility for the multiple applications.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"113","bibliographic_titles":[{"bibliographic_title":"インターネットと運用技術シンポジウム論文集"}],"bibliographicPageStart":"106","bibliographicIssueDates":{"bibliographicIssueDate":"2018-11-29","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2018"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":192678,"updated":"2025-01-20T00:02:51.364522+00:00","links":{},"created":"2025-01-19T00:58:22.466352+00:00"}