@techreport{oai:ipsj.ixsq.nii.ac.jp:00233088,
 author = {内藤, 岳人 and 渡邉, 英伸 and 西村, 浩二 and Gakuto, Naito and Hidenobu, Watanabe and Kouji, Nishimura},
 issue = {68},
 month = {Mar},
 note = {近年，サイバー攻撃の激化やクラウド利用の普及，遠隔からのリモートアクセス機会の増加などに伴ってゼロトラストの考え方が注目されている．現在，ゼロトラストを実現する様々な手法が提案されている中，従来の境界防御型ネットワークに代わる新たなネットワークアーキテクチャとして Software Defined Perimeter（SDP）が提唱されている．SDP は単一の特殊パケットを利用して mTLS 通信を確立する前に認証を実現する接続前認証が特徴となっている．一方で，mTLS 通信の確立後は有効期限まで通信が維持される仕様となっており，セキュリティインシデント時などの緊急時において任意のタイミングで mTLS 通信を遮断する機能は備えていない．本稿では，SDP 環境において通信確立後も迅速に通信の遮断を行う機能を提案する．定量的評価結果より，提案手法の有用性について考察を行う．, In recent years, the concept of zero-trust has been attracting attention due to the intensification of cyber-attacks, the spread of cloud computing, and the increasing opportunities for remote access from remote locations. While various methods have been proposed to realize zero-trust, Software Defined Perimeter (SDP) has been proposed as a new network architecture that can replace the conventional perimeter defense type network. SDP is characterized by pre-connection authentication, which enables authentication before mTLS communication is established using a single special packet. On the other hand, SDP does not provide a function to block mTLS communication at an arbitrary timing in case of an emergency such as a security incident, because the communication is maintained until the expiration date after mTLS communication is established.In this paper, we propose a function to quickly shut down mTLS communication in an SDP environment even after communication is established. We discuss the usefulness of the proposed method based on the results of quantitative evaluation. In recent years, the concept of zero-trust has been attracting attention due to the intensification of cyber-attacks, the spread of cloud computing, and the increasing opportunities for remote access from remote locations. Software Defined Perimeter (SDP) has been proposed as a new network architecture that can replace the conventional perimeter defense network. SDP is characterized by pre-connection authentication, which enables authentication before mTLS communication is established using a single special packet. On the other hand, SDP does not provide a function to block mTLS communication at an arbitrary timing in case of an emergency such as a security incident.In this paper, we propose a function to quickly shut down mTLS communication in an SDP environment even after communication is established. From the results of quantitative evaluation, we discuss the usefulness of the proposed method.},
 title = {Software Defined Perimeter環境におけるmTLS通信遮断機能の実装と評価},
 year = {2024}
}