{"created":"2026-02-16T07:18:49.942346+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02007398","sets":["1164:4088:1771221559804:1771221642894"]},"path":["1771221642894"],"owner":"80578","recid":"2007398","title":["最小特権を考慮したSELinuxポリシーの制約に基づく自動合成"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2026-02-24"},"_buckets":{"deposit":"92461aae-127c-40e0-9c46-3104764d40ae"},"_deposit":{"id":"2007398","pid":{"type":"depid","value":"2007398","revision_id":0},"owners":[80578],"status":"published","created_by":80578},"item_title":"最小特権を考慮したSELinuxポリシーの制約に基づく自動合成","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"最小特権を考慮したSELinuxポリシーの制約に基づく自動合成","subitem_title_language":"ja"},{"subitem_title":"Towards Constraint-Based Automated Synthesis of SELinux Policies","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IA","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2026-02-24","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"公立千歳科学技術大学理工学部"},{"subitem_text_value":"北海道大学情報基盤センター"},{"subitem_text_value":"公立千歳科学技術大学理工学部"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Faculty of Science and Technology, Chitose Institute of Science and Technology","subitem_text_language":"en"},{"subitem_text_value":"Information Initiative Center, Hokkaido University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Science and Technology, Chitose Institute of Science and Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2007398/files/IPSJ-IOT26072021.pdf","label":"IPSJ-IOT26072021.pdf"},"date":[{"dateType":"Available","dateValue":"9999-01-01"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT26072021.pdf","filesize":[{"value":"879.2 KB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"a163f7de-be9b-46a9-9621-1902e5f108f3","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2026 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"宮下,和也"}]},{"creatorNames":[{"creatorName":"砂原,悟"}]},{"creatorNames":[{"creatorName":"萩原,茂樹"}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kazuya Miyashita","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Satoru Sunahara","creatorNameLang":"en"}]},{"creatorNames":[{"creatorName":"Shigeki Hagihara","creatorNameLang":"en"}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本稿では、運用意図に基づく機能要件に対応する制約から、最小特権の原則を厳密に満たすSELinuxポリシーを自動合成する手法を提案する。提案手法では、SELinuxのアクセス制御モデルを形式化し、SMTソルバを用いて制約を満たしつつ許可ルールの総数を最小化する最適化問題を解くことで、過剰な権限を持たないポリシーを導出する。ファイル操作およびネットワーク待ち受け機能を持つデーモンプロセスを対象とした評価実験において、本手法と標準的なReference Policyのマクロ記述を比較した。その結果、マクロ記述で発生するログファイルの改ざん権限や不要な特権ポートへの紐付け権限を論理的に排除し、厳密な最小特権ポリシーを導出できることを示した。","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this paper, we describe an idea to automatically synthesize SELinux policies that strictly satisfy the principle of least privilege from constraints corresponding to functional requirements based on operational intent. The idea derives policies without excessive privileges by formalizing the SELinux access control model and solving an optimization problem using an SMT solver to minimize the total number of allow rules while satisfying constraints.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2026-02-24","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"21","bibliographicVolumeNumber":"2026-IOT-72"}]},"relation_version_is_last":true,"weko_creator_id":"80578"},"id":2007398,"updated":"2026-02-16T07:50:21.392678+00:00","links":{}}