{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00092225","sets":["6164:6165:6426:7175"]},"path":["7175"],"owner":"11","recid":"92225","title":["無害のバグを大量に含ませるプログラム難読化"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-05-15"},"_buckets":{"deposit":"738c4079-3035-4722-96ef-a57511525e1a"},"_deposit":{"id":"92225","pid":{"type":"depid","value":"92225","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"無害のバグを大量に含ませるプログラム難読化","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"無害のバグを大量に含ませるプログラム難読化"},{"subitem_title":"Program Obfuscator for Injecting Numerous Harmless Bugs","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2013-05-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"電気通信大学"},{"subitem_text_value":"電気通信大学"},{"subitem_text_value":"電気通信大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"The University of Electro-Communications","subitem_text_language":"en"},{"subitem_text_value":"The University of Electro-Communications","subitem_text_language":"en"},{"subitem_text_value":"The University of Electro-Communications","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/92225/files/IPSJ-SACSIS2013008.pdf"},"date":[{"dateType":"Available","dateValue":"2015-05-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SACSIS2013008.pdf","filesize":[{"value":"613.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"330","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"330","billingrole":"16"},{"tax":["include_tax"],"price":"330","billingrole":"11"},{"tax":["include_tax"],"price":"330","billingrole":"14"},{"tax":["include_tax"],"price":"330","billingrole":"15"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"102e7308-af68-4927-8173-bef484172069","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大山, 恵弘"},{"creatorName":"甲斐, 朋希"},{"creatorName":"中村, 燎太"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yoshihiro, Oyama","creatorNameLang":"en"},{"creatorName":"Tomoki, Kai","creatorNameLang":"en"},{"creatorName":"Ryota, Nakamura","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"プログラムを解析して潜在的な脆弱性を検出する脆弱性検査ツールが多数開発されている．脆弱性検査ツールは，通常，脆弱性を早期に検出して攻撃前にプログラムを修正するという良い目的に利用される．しかし，悪意ある者が，攻撃可能な脆弱性を効率的に発見する用途に悪用することもできる．ツールを用いた攻撃者による脆弱性発見を妨害する技術があれば，攻撃を成功させるコストが上がり，攻撃を減らせる可能性がある．本論文では，脆弱性検査ツールによる脆弱性発見を妨害する方式を提案する．その方式は，ソースプログラムを変換して，脆弱性検査ツールが検出するが攻撃には利用できないバグを大量に加える．加えられたバグに対して脆弱性検査ツールは大量の警告を出すため，真の脆弱性がもしあったとしても，より目立たなくなる．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"A number of vulnerability checkers, which analyze a program and detect potential vulnerabilities, have been developed. Vulnerability checkers are usually used for good purpose: early detection of vulnerabilities for patching programs before being exploited. However, malicious persons can also misuse the checkers to find out exploitable vulnerabilities efficiently. A technology that obstructs scanning operations by attackers will increase the cost needed for successful attacks and consequently reduce attack attempts. In this paper, we propose a scheme for obstructing the operations of vulnerability detection using vulnerability checkers. The scheme transforms a source program and injects numerous bugs that are detected by vulnerability checkers but cannot be exploited. Since a vulnerability scanner outputs plenty of warnings against the injected bugs, actual vulnerabilities, if any, become more inconspicuous.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"50","bibliographic_titles":[{"bibliographic_title":"先進的計算基盤システムシンポジウム論文集"}],"bibliographicPageStart":"47","bibliographicIssueDates":{"bibliographicIssueDate":"2013-05-15","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2013"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":92225,"updated":"2025-01-21T15:04:52.545081+00:00","links":{},"created":"2025-01-18T23:41:10.974906+00:00"}