{"updated":"2025-01-19T16:38:22.534906+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00214420","sets":["6164:6165:6462:10749"]},"path":["10749"],"owner":"44499","recid":"214420","title":["安全なWebサービスの実現にむけた複数プロバイダに跨がる関係性の相互宣言機構"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-10-19"},"_buckets":{"deposit":"b347752a-3b15-4b5f-a984-bcd6e2d432f7"},"_deposit":{"id":"214420","pid":{"type":"depid","value":"214420","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"安全なWebサービスの実現にむけた複数プロバイダに跨がる関係性の相互宣言機構","author_link":["550432","550442","550431","550436","550433","550437","550441","550439","550438","550435","550440","550434"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"安全なWebサービスの実現にむけた複数プロバイダに跨がる関係性の相互宣言機構"},{"subitem_title":"Mutual Declaration Mechanism of Multi-Provider Relationship for Trusted Web Services","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Web service integrity，Verifiable HTTP redirection，PaaS security，DNSSEC，PKI","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2021-10-19","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"慶應義塾大学総合政策学部"},{"subitem_text_value":"慶應義塾情報セキュリティインシデント対応チーム"},{"subitem_text_value":"慶應義塾インフォメーションテクノロジーセンター"},{"subitem_text_value":"慶應義塾大学SFC研究所"},{"subitem_text_value":"慶應義塾大学環境情報学部"},{"subitem_text_value":"慶應義塾大学環境情報学部"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Faculty of Policy Management, Keio University","subitem_text_language":"en"},{"subitem_text_value":"Computer Security Incident Response Team, Keio University","subitem_text_language":"en"},{"subitem_text_value":"Information Technology Center, Keio University","subitem_text_language":"en"},{"subitem_text_value":"Keio Research Institute at SFC, Keio University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Environment and Information Studies, Keio University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Environment and Information Studies, Keio University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/214420/files/IPSJCSS2021021.pdf","label":"IPSJCSS2021021.pdf"},"date":[{"dateType":"Available","dateValue":"2023-10-19"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2021021.pdf","filesize":[{"value":"1.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"d978949f-caed-4770-8944-b5db20b986e7","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大谷, 亘"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"近藤, 賢郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"ルーク, コリー"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"甲斐, 賢"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"植原, 啓介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"手塚, 悟"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Wataru, Ohgai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takao, Kondo","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Korry, Luke","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Satoshi, Kai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Keisuke, Uehara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Satoru, Tezuka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"TLS によるセキュリティモデルでは，host-to-host の通信路の識別・秘匿化 を可能にするが，PaaS プロバイダや CDN プロバイダなど複数のサービスプロバイダを跨がる Web サービスにおいて，TLS はサービスプロバイダ同士の関係性を保証できない．ユーザは第三者の攻撃やサービスプロバイダの運用事故などにより，サービスプロバイダの意図しない通信先に reroute される可能性がある．本稿では，サービスプロバイダ同士で相互に署名した TLS 公開鍵を DNSSEC で保護された権威 DNS ゾーンで公 開する，軽量な自己管理型相互宣言機構 M2DMRT を提案する．M2DMRT により，サービスプロバイダは第三者に頼らずサービスプロバイダ同士の関係性を相互に宣言でき，ユーザは署名を検証することで容易に関係性を信頼し脅威を回避することができる．本稿では M2DMRT における相互宣言の登録にかかるプロトコルを設計して，そのサーバサイドにおける Proof of Concept の実装を行い，基本性能を評価した結果，実用に耐えうる性能を持つことがわかった．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The TLS security model enables the identification and secrecy of the host-to-host communication channel; however, TLS cannot guarantee the relationship between service providers in Web services that cross multiple service providers such as PaaS providers and CDN providers. The user may be rerouted to an unintended destination due to an attack or operational accident. In this paper, we propose a lightweight self-managed mutual declaration mechanism, M2DMRT, where service providers mutually sign their TLS public keys and publish them in DNSSEC-protected zones. With M2DMRT, service providers can mutually declare their relationships with each other without relying on a third party, and users can easily trust the relationships and avoid threats by verifying the signatures. We designed a protocol for registering mutual declarations in M2DMRT, implemented a server-side proof of concept, and, after evaluating its basic performance, found it to be sufficiently performant for practical use.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"154","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2021論文集"}],"bibliographicPageStart":"148","bibliographicIssueDates":{"bibliographicIssueDate":"2021-10-19","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:15:14.244396+00:00","id":214420,"links":{}}