{"updated":"2025-01-19T10:13:02.612914+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00233088","sets":["1164:4088:11480:11520"]},"path":["11520"],"owner":"44499","recid":"233088","title":["Software Defined Perimeter環境におけるmTLS通信遮断機能の実装と評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-03-05"},"_buckets":{"deposit":"c160e4b7-d361-4170-b8d1-4e496e868f4f"},"_deposit":{"id":"233088","pid":{"type":"depid","value":"233088","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Software Defined Perimeter環境におけるmTLS通信遮断機能の実装と評価","author_link":["632369","632366","632365","632368","632367","632364"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Software Defined Perimeter環境におけるmTLS通信遮断機能の実装と評価"},{"subitem_title":"Implementation and evaluation of a mTLS disconnection function in a Software Defined Perimeter","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"IOT-H","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2024-03-05","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"広島大学大学院先進理工系科学研究科"},{"subitem_text_value":"広島大学大学院先進理工系科学研究科／広島大学情報メディア教育研究センター"},{"subitem_text_value":"広島大学大学院先進理工系科学研究科／広島大学情報メディア教育研究センター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Advanced Science and Engineering, Hiroshima University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Advanced Science and Engineering, Hiroshima University / Information Media Center, Hiroshima University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Advanced Science and Engineering, Hiroshima University / Information Media Center, Hiroshima University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/233088/files/IPSJ-IOT24064068.pdf","label":"IPSJ-IOT24064068.pdf"},"date":[{"dateType":"Available","dateValue":"2026-03-05"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT24064068.pdf","filesize":[{"value":"848.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"3b52291b-d398-4f16-b155-c978b6ebd81b","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"内藤, 岳人"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"渡邉, 英伸"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"西村, 浩二"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Gakuto, Naito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hidenobu, Watanabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kouji, Nishimura","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，サイバー攻撃の激化やクラウド利用の普及，遠隔からのリモートアクセス機会の増加などに伴ってゼロトラストの考え方が注目されている．現在，ゼロトラストを実現する様々な手法が提案されている中，従来の境界防御型ネットワークに代わる新たなネットワークアーキテクチャとして Software Defined Perimeter（SDP）が提唱されている．SDP は単一の特殊パケットを利用して mTLS 通信を確立する前に認証を実現する接続前認証が特徴となっている．一方で，mTLS 通信の確立後は有効期限まで通信が維持される仕様となっており，セキュリティインシデント時などの緊急時において任意のタイミングで mTLS 通信を遮断する機能は備えていない．本稿では，SDP 環境において通信確立後も迅速に通信の遮断を行う機能を提案する．定量的評価結果より，提案手法の有用性について考察を行う．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In recent years, the concept of zero-trust has been attracting attention due to the intensification of cyber-attacks, the spread of cloud computing, and the increasing opportunities for remote access from remote locations. While various methods have been proposed to realize zero-trust, Software Defined Perimeter (SDP) has been proposed as a new network architecture that can replace the conventional perimeter defense type network. SDP is characterized by pre-connection authentication, which enables authentication before mTLS communication is established using a single special packet. On the other hand, SDP does not provide a function to block mTLS communication at an arbitrary timing in case of an emergency such as a security incident, because the communication is maintained until the expiration date after mTLS communication is established.In this paper, we propose a function to quickly shut down mTLS communication in an SDP environment even after communication is established. We discuss the usefulness of the proposed method based on the results of quantitative evaluation. In recent years, the concept of zero-trust has been attracting attention due to the intensification of cyber-attacks, the spread of cloud computing, and the increasing opportunities for remote access from remote locations. Software Defined Perimeter (SDP) has been proposed as a new network architecture that can replace the conventional perimeter defense network. SDP is characterized by pre-connection authentication, which enables authentication before mTLS communication is established using a single special packet. On the other hand, SDP does not provide a function to block mTLS communication at an arbitrary timing in case of an emergency such as a security incident.In this paper, we propose a function to quickly shut down mTLS communication in an SDP environment even after communication is established. From the results of quantitative evaluation, we discuss the usefulness of the proposed method.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2024-03-05","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"68","bibliographicVolumeNumber":"2024-IOT-64"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:34:19.576169+00:00","id":233088,"links":{}}