{"updated":"2025-01-19T21:03:56.390673+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201378","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201378","title":["TrustZoneを利用した安全なメモリ操作によるプロセス状態確認手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"8af2766f-9a6e-42f6-a0f3-7214202d0348"},"_deposit":{"id":"201378","pid":{"type":"depid","value":"201378","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"TrustZoneを利用した安全なメモリ操作によるプロセス状態確認手法","author_link":["492215","492220","492214","492217","492219","492221","492218","492213","492216","492222"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"TrustZoneを利用した安全なメモリ操作によるプロセス状態確認手法"},{"subitem_title":"An Introspection Method of Process Memory with Trusted Operation","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"TrustZone，Process Memory，Introspection，Memory Forensic，OP-TEE","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"名古屋工業大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201378/files/IPSJCSS2019085.pdf","label":"IPSJCSS2019085.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019085.pdf","filesize":[{"value":"799.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6fd8c68d-0c69-4846-987c-1029063fcd37","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"青木, 和也"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"掛井, 将平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧本, 栄二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齋藤, 彰一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kazuya, Aoki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shohei, Kakei","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shoichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"マルウェアの高度化によりあらゆる異常動作を検知することは難しくなっている．アンチウイルスソフトを回避するためにファイルを生成しない，ファイルレス型のマルウェアも存在する．実行中のプログラムの動作を正確に解析するにはメモリダンプでメモリ上に展開されたプログラムを取得し解析する必要がある．しかしメモリダンプを防ぐ技術も存在するので安全にメモリダンプを取得する方法は確立していない． 本論文ではARMのセキュリティ拡張機能であるTrustZoneを利用する．TrustZoneは計算機資源をNormal WorldとSecure Worldと呼ばれる2つの領域にハードウェア的に分割する．Secure WorldはNormal Worldより高い権限を持つのでNormal Worldで動作するプロセスはSecure Worldでの処理を妨げることは難しい．Secure WorldからNormal Worldのプロセスメモリを解析するするためのプロトタイプを実装し，機能の一例としてプロセスの正常動作を保証できることを確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The advancement of malware development has raised difficulty of anomaly detection in various ways. Some malware avoids detection of anti-virus software called fileless malware. Hence, it is essential to obtain and analyze programs loaded on memory for accurate introspection of running programs. However, no method for generating memory dumps safely has been established. In this paper, we leverage TrustZone, a security extension of ARM, that allows software executed to be split in two environments: normal world and secure world. Since the secure world has higher level of privilege than the normal world, processes in the normal world cannot interfere with the secure world. We implemented a method in the secure world for introspection of process memory loaded in the normal world. We evaluated that our method is works properly, and the results show that it can verify whether a process is running normally.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"604","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"597","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:04:38.995856+00:00","id":201378,"links":{}}