{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00208433","sets":["6164:6165:6462:10428"]},"path":["10428"],"owner":"44499","recid":"208433","title":["国際化ドメイン名の自動リンク処理等におけるセキュリティリスクの検討"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-10-19"},"_buckets":{"deposit":"04176f1d-f6f3-4fc5-9c8c-0d6b1a7871cb"},"_deposit":{"id":"208433","pid":{"type":"depid","value":"208433","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"国際化ドメイン名の自動リンク処理等におけるセキュリティリスクの検討","author_link":["522678","522682","522684","522680","522681","522685","522683","522679"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"国際化ドメイン名の自動リンク処理等におけるセキュリティリスクの検討"},{"subitem_title":"Security Risks in Automated Internationalized Domain Names Processing Including Automatic Links","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"国際化ドメイン名，Unicode，自動リンク処理，Punycode","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2020-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"名古屋大学"},{"subitem_text_value":"名古屋大学"},{"subitem_text_value":"名古屋大学"},{"subitem_text_value":"名古屋大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/208433/files/IPSJCSS2020005.pdf","label":"IPSJCSS2020005.pdf"},"date":[{"dateType":"Available","dateValue":"2022-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2020005.pdf","filesize":[{"value":"538.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"975a49de-207b-4d8e-ad8d-449e27c2be67","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"白倉, 大河"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"長谷川, 皓一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山口, 由紀子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"嶋田, 創"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Taiga, Shirakura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hirokazu, Hasegawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yukiko, Yamaguchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hajime, Shimada","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"日本語ドメイン名を始めとする国際化ドメイン名は普及しつつあり、多くのアプリケーションが対応している。一方でその処理は複雑で、プレーンテキストからURL を抽出する処理や、そのURL の自動リンクを作成するといった処理での国際化ドメイン名の扱いはアプリケーションの実装に依存している。本研究では国際化ドメイン名の処理に際して、正規化処理を悪用したセキュリティ機構のバイパスや予期しないドメイン名と解釈されることで生じる問題について考察し、セキュリティ上の脅威について検討を行った。正規化や複数コードポイントで表現する絵文字等、複雑な処理や変換を十分に想定していない実装が存在することが確認された。","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Internationalized Domain Names (IDN) that includes Japanese domain names are becomming common and supported by many applications. On the other hand, IDN processing such as extracting URLs from plain text and creating automatic links to the URLs are complex and depend on implementations of applications. In this study, we examine security threats in the processing of IDN such as bypassing security mechanisms by abuse of normalization processing and unexpected domain name extraction by wrong interpretations. We confirmed that some implementations are not sufficiently designed for complex processing and conversions, such as normalization and complex character (e.g. emoji that expressed with multiple code points).","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"36","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2020論文集"}],"bibliographicPageStart":"29","bibliographicIssueDates":{"bibliographicIssueDate":"2020-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":208433,"updated":"2025-01-19T18:52:17.432555+00:00","links":{},"created":"2025-01-19T01:09:49.666029+00:00"}