{"id":193995,"updated":"2025-01-19T23:44:58.507201+00:00","links":{},"created":"2025-01-19T00:59:07.569470+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00193995","sets":["1164:3696:9666:9667"]},"path":["9667"],"owner":"44499","recid":"193995","title":["IoTシステム向けリスク評価方式と支援ツールSS-Ratの開発"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-01-17"},"_buckets":{"deposit":"e68ae61c-f3c1-4fbe-a994-723e128b3c36"},"_deposit":{"id":"193995","pid":{"type":"depid","value":"193995","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"IoTシステム向けリスク評価方式と支援ツールSS-Ratの開発","author_link":["455860","455864","455867","455865","455868","455866","455861","455862","455859","455863"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"IoTシステム向けリスク評価方式と支援ツールSS-Ratの開発"},{"subitem_title":"Proposal of an IoT Risk Assessment Framework and its assistant tool SS-Rat","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CDS","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2019-01-17","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"},{"subitem_text_value":"東京電機大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Denki University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/193995/files/IPSJ-GN19106035.pdf","label":"IPSJ-GN19106035.pdf"},"date":[{"dateType":"Available","dateValue":"2021-01-17"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-GN19106035.pdf","filesize":[{"value":"1.4 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"29"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6bedff84-68cc-4f38-bbba-3e4cded5b8f4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"林, 浩史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"髙橋, 雄志"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"金子, 朋子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"早川, 拓郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"佐々木, 良一"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroshi, Hayashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuji, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tomoko, Kaneko","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takuro, Hayakawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Sasaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA1155524X","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8744","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"IoT 機器の急速な普及に伴い，IoT 機器を含むサービスシステムのサイバーセキュリティが重要な課題となっている．IoT 機器はその性質上，サイバーセキュリティとセーフティが一体不可分であり，従来の IT 環境とは異なる特徴を持っている．また，セキュリティ ・ バイ ・ デザインの考え方が，IoT 機器のセキュリティ対策にとっても，有効であるが，それを支援する評価方式やツールは整備途上である．本稿では，このような特徴や課題を考慮し，IoT 機器のセーフティ ・ セキュリティリスク評価を行う方式を提案する．まず分析方式として，リスク指向アプローチを採用した．これによりリスク対策の優先度比較や費用対効果の分析が可能である．また，分析者の負担や分析期間の軽減を目的とし，準定量表現を採用した．セーフティとセキュリティが融合する環境に対するリスク分析を行うため，STAMP / STPA を拡張して活用し，その結果を木構造による発生可能性分析に活用した．STAMP / STPA の分析結果から複雑な因果関係を整理して樹形図を構築し，分析や対策案の策定を支援，その残留リスクや費用対効果を算出する方式を提案し，併せてそれらの作業を容易に行うための分析支援ツール SS-Rat を開発した．これにより，分析者の負担が軽減し，IoT 機器の特徴を考慮した方式で，セキュリティ ・ バイ・デザインが実現できることを目標とした．インシュリンポンプを対象とした分析を行い，その効果を検証した結果，従来方式では識別できていなかった脅威が識別された他，ツールを活用することで分析に要した期間を短縮できることが確認された．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Cybersecurity for IoT device is identified as an important topic. Both of Cybersecurity and Safety should be discussed at once for IoT device by their characteristics. The methodology of Security-by-design can work well for IoT device development as well, but it is still on the half way to develop the analysis method and assistant tools suitable for IoT device. We would like to propose the Risk Analysis method with the consideration of these characteristics of IoT Device and its systems. We considered to use Risk-Base-Approach with Semi-Quantitative description to enable comparison between several ways of countermeasure and quick and effective analysis. To consider both of Security and Safety, we considered to use STAMP/STPA with some extension. The tree share analysis is also used to calculate likelihood of hazard and threat. We developed assistant tool named SS-Rat to make analysts' effort lighter to realize Security-By-Design process. We could find several positive results to confirm the effect of our proposed method and assistant tools by trial using Insulin-Pump.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告グループウェアとネットワークサービス（GN）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2019-01-17","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"35","bibliographicVolumeNumber":"2019-GN-106"}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}