{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00219584","sets":["6164:6165:6640:11008"]},"path":["11008"],"owner":"44499","recid":"219584","title":["ポリシーによるKubernetesリソースのインテグリティ保護の実現"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-07-06"},"_buckets":{"deposit":"f30fe552-a671-4c44-b626-350a27e194f9"},"_deposit":{"id":"219584","pid":{"type":"depid","value":"219584","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ポリシーによるKubernetesリソースのインテグリティ保護の実現","author_link":["572844","572845","572843"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ポリシーによるKubernetesリソースのインテグリティ保護の実現"}]},"item_type_id":"18","publish_date":"2022-07-06","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"IBM 東京基礎研究所"},{"subitem_text_value":"IBM 東京基礎研究所"},{"subitem_text_value":"IBM 東京基礎研究所"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/219584/files/IPSJ-DICOMO2022010.pdf","label":"IPSJ-DICOMO2022010.pdf"},"date":[{"dateType":"Available","dateValue":"2024-07-06"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-DICOMO2022010.pdf","filesize":[{"value":"3.1 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"87f3d7ee-a5a8-4322-9757-d562012aa595","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"工藤, 瑠璃子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"北原, 啓州"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"渡邊, 裕治"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"政府や金融機関向けの高い保護レベルが要求される環境では，クラウド上のインテグリティ維持は重要な要件であり，米国のセキュリティ基準である NIST SP 800-53 では，電子署名の無いリソース作成は防がなければいけないと定められている．クラウドのプラットフォームであるKubernetesでは，クラスタやアプリケーションの設定は Kubernetes リソースで定義される．この Kubernetes リソースは YAML マニフェストで表現される API リソースであるため，マニフェストに署名をつけて，Kubernetes API の呼び出し時にその署名を検証すれば，強力なクラウドのインテグリティ保護になる．このような検証処理は admission controller という機構を用いることで差し込むことが可能であり，先行研究では署名検証機能を持つ独自の admission controller を提案してきた．本稿では，ポリシーエンジンを利用することで独自の Admission controller の運用によって生じるユーザへの負担を軽減し，より使いやすいシステムを提案する．","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"74","bibliographic_titles":[{"bibliographic_title":"マルチメディア，分散，協調とモバイルシンポジウム2022論文集"}],"bibliographicPageStart":"67","bibliographicIssueDates":{"bibliographicIssueDate":"2022-07-06","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2022"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":219584,"updated":"2025-01-19T14:50:34.910060+00:00","links":{},"created":"2025-01-19T01:19:39.336435+00:00"}