{"id":194951,"created":"2025-01-19T00:59:58.377593+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00194951","sets":["1164:6389:9696:9719"]},"path":["9719"],"owner":"44499","recid":"194951","title":["デジタル署名の付与された不正プログラムの検知について"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-02-28"},"_buckets":{"deposit":"bf83780b-ed5d-425d-8ec7-3cfe319d32d0"},"_deposit":{"id":"194951","pid":{"type":"depid","value":"194951","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"デジタル署名の付与された不正プログラムの検知について","author_link":["462921","462919","462920","462918"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"デジタル署名の付与された不正プログラムの検知について"},{"subitem_title":"A proposal of detection method of signed malicious program","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2019-02-28","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"},{"subitem_text_value":"三菱電機株式会社情報技術総合研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Mitsubishi Electric Information Technology R&D Center","subitem_text_language":"en"},{"subitem_text_value":"Mitsubishi Electric Information Technology R&D Center","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/194951/files/IPSJ-SPT19032025.pdf","label":"IPSJ-SPT19032025.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT19032025.pdf","filesize":[{"value":"272.9 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"78b2edb9-fe16-407c-a070-622555d06991","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"榊原, 裕之"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"河内, 清人"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroyuki, Sakakibara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kiyoto, Kawauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"コード署名はプログラムの正当性を確認する技術であり，公開鍵暗号基盤によるデジタル署名が用いられる．ユーザは，コード署名付きプログラムのコード署名を検証ツール等で検証し，成功した場合に使用する．近年のサイバー攻撃では，標的に不正プログラムを疑われずに侵入させるために，攻撃者は不正プログラムにコード署名を付与し正当なプログラムと見せかけることがある．この際に，攻撃者は他人のコード署名鍵 ・ 証明書を別手段で盗み悪用するケースが報告されており，コード署名の検証だけでは，不正に署名されたプログラムか判断できない．本稿では， コード署名付きプログラムを Web サイトからのダウンロードにより入手する場合に，Web サイトのドメインの管理者名とコード署名証明書の持ち主の整合性から，コード署名鍵 ・ 証明書の正当な持ち主により署名されたプログラムか確認する方法について述べる．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Code signing is a technique for checking the validity of a program based on Public Key Infrastmcture. A user verifies a program with a code signature using a verification tool and uses it when it succeeds. In recent cyber attacks, in order to make a malicious program undoubtedly penetrate a target, an attacker may give a code signature to a malicious program and make it appear as a legitimate program. In such a case, it is reported that because an attacker misuses a stolen code signing key / certificate of a third party, it is impossible for a program user to judge whether the program is illegally signed by just verifying its code signature. In this paper, when a user obtains a code-signed program by downloading from a Web site, based on the consistency of the domain administrator name of the Web site and the owner information of the code-signing certificate, we describe how to confrnn whether it is a program signed by a valid owner of the code-signing key and certificate.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2019-02-28","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"25","bibliographicVolumeNumber":"2019-SPT-32"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T23:16:31.222114+00:00","links":{}}