{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02002111","sets":["1164:1867:11897:1746755291135"]},"path":["1746755291135"],"owner":"80578","recid":"2002111","title":["Unixドメインソケットを用いた強制アクセス制御の設計と実装"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-05-14"},"_buckets":{"deposit":"73091f12-8b55-44d2-ba3f-d8ea20f44eb4"},"_deposit":{"id":"2002111","pid":{"type":"depid","value":"2002111","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"Unixドメインソケットを用いた強制アクセス制御の設計と実装","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Unixドメインソケットを用いた強制アクセス制御の設計と実装","subitem_title_language":"ja"},{"subitem_title":"Design and Implementation of Mandatory Access Control using Unix Domain Sockets","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2025-05-14","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"お茶の水女子大学／情報・システム研究機構データサイエンス共同利用基盤施設セキュアコンピュータシステム研究開発センター"},{"subitem_text_value":"情報・システム研究機構データサイエンス共同利用基盤施設セキュアコンピュータシステム研究開発センター／大妻女子大学"},{"subitem_text_value":"情報・システム研究機構データサイエンス共同利用基盤施設セキュアコンピュータシステム研究開発センター／情報・システム研究機構国立情報学研究所"},{"subitem_text_value":"お茶の水女子大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ochanomizu University / Research Organization of Information and Systems Joint Support Center for Data Science Research, Center for R&D on Secure Computer Systems","subitem_text_language":"en"},{"subitem_text_value":"Research Organization of Information and Systems Joint Support Center for Data Science Research, Center for R&D on Secure Computer Systems / Otsuma Women's University","subitem_text_language":"en"},{"subitem_text_value":"Research Organization of Information and Systems Joint Support Center for Data Science Research, Center for R&D on Secure Computer Systems / National Institute of Informatics","subitem_text_language":"en"},{"subitem_text_value":"Ochanomizu University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2002111/files/IPSJ-OS25167001.pdf","label":"IPSJ-OS25167001.pdf"},"date":[{"dateType":"Available","dateValue":"2027-05-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-OS25167001.pdf","filesize":[{"value":"1.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"11"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"0dc8add5-cc0b-4b50-8d22-e0df5a1fad87","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"喜多,陽花"}]},{"creatorNames":[{"creatorName":"石川,裕"}]},{"creatorNames":[{"creatorName":"竹房,あつ子"}]},{"creatorNames":[{"creatorName":"小口,正人"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10444176","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8795","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"不正アクセスを防ぐためのアクセス制御の必要性が高まっている．本研究では，ユーザ空間で強制アクセス制御を実現する認証・認可デーモンを実装する．本実装では，管理者がアクセス制御リストを作成し，アプリケーションの証明書を拡張ファイル属性として付与することで認証を行う．また，Linuxのseccomp機能を用いて，アプリケーションプロセスが直接socket()やbind()，connect()を呼び出せないように制限する．アプリケーションプロセスは，Unixドメインソケットでデーモンと接続し，認証・認可要求を行う．デーモンは，要求を受けた際にアプリケーションの証明書を検証，アクセス制御リストを確認し，認証・認可された場合に限り，ソケットのファイルディスクリプタを送信する．これにより，アプリケーションは受け取ったファイルディスクリプタを利用して通信を行うことが可能となる．本システムの実装を通じて，アプリケーションコードを変更することなく，ユーザ空間においてアプリケーション単位で細かくアクセスポリシを設定可能な，柔軟なアクセス制御が実現できることを示す．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告システムソフトウェアとオペレーティング・システム（OS）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2025-05-14","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"1","bibliographicVolumeNumber":"2025-OS-167"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2002111,"updated":"2025-05-09T02:04:35.554901+00:00","links":{},"created":"2025-05-09T02:04:31.218467+00:00"}