サイトマップ      English   Japanese

 
photo
workshop

スケジュール

9:50 開会挨拶
10:00-12:00 セッション 1: サイバーセキュリティ基盤技術
12:00-13:00 昼食
13:00-14:50 セッション 2: サイバーセキュリティを想定したシステム設計
14:50-15:10 休憩
15:10-17:00 セッション 3: サイバーセキュリティのビジネス、社会への適用と将来
17:00 閉会挨拶
懇親会

ワークショップ会場:稲盛財団記念館 http://www.inamori-center.kyushu-u.ac.jp

Inamori Center

岡村 耕二 (サイバーセキュリティセンター センター長)

司会: 渡邉 英伸

 
1. 個人情報漏洩の賠償櫻井 幸一
(システム情報科学研究院/サイバーセキュリティセンター)
2. 次世代暗号の安全性評価高木 剛
(マスフォアインダストリ/サイバーセキュリティセンター)
3. 次世代ペタスケールスーパーコンピュータを利用したサイバーセキュリティのための大規模グラフ解析藤澤 克樹
(マスフォアインダストリ/サイバーセキュリティセンター)
4. セキュリティのための クラウド (Crowd) ソーシングBoualem Benatallah (Cyspri, UNSW)
5. ProfileGuard: モバイラープロファイルプライバシ保護のための曖昧化技術Salil Kanhere (Cyspri, UNSW)
  

司会: 井上 弘士 (システム情報科学研究院)

 
1. セキュリティを考慮したエンドポイントデバイスの設計と関連の話題橋本 幹生
((株)東芝 研究開発センターコンピュータアーキテクチャ・セキュリティラボラトリー)
2. 自動車の安全走行のためのセキュリティ技術のこれから岡 デニス 健五
(ETAS K.K. ESCRYPT エンベデッドセキュリティ イータス(株))
3. ものがネットワークでつながる時代の情報セキュリティ植村 泰佳
(電子商取引安全技術研究組合理事長)
4. 複数の攻撃, 大量処理妨害に対する万能的な対策Sri Parameswaran(Cyspri, UNSW)

司会: 実積 寿也 (経済学研究院/サイバーセキュリティセンター)

 
1. 新しい技術・社会展望: 安全な物のインターネットSanjay Jha
(Cyspri, UNSW)

パネルディスカッション

ディスカッションテーマ

1. What is the basic “cybersecurity literacy” of the society, mainly for non-engineer users, how to attain it, and what is the role of universities?

2. Do you think that an economic incentive to improve cybersecurity is sufficient for firms? If yes, how do you explain the recent problems? If no, what should the society do?

2. ICTリスクに対する社会的許容性楠 正憲(内閣官房政府CIO補佐官)
3. 企業間の攻撃情報の共有真武 信和 (グリー (株))
4. 日本のサイバーセキュリティ戦略と民間協力高崎 晴夫((株)KDDI総研 主席研究員)

谷口倫一郎 (情報基盤研究開発センター センター長)

Boualem Benatallah

Crowd-sourcing harnesses the wisdom of large groups and communities working independently to solve problems, much as open source does for software development. From a service customer’s perspective, crowd-sourcing is a form of digital service (notwithstanding its essentially human infrastructure), yet its unique value is that it is an effective way to perform tasks that remain difficult for, or even beyond the reach of, machine computation: image tagging, natural language translation, and transcription, for example. Software security sector exploration of crowd sourcing is embryonic. In this We will discuss critical challenges in the effective use of crowd sourcing in security management tasks (e.g., vulnerability discovery). We will focus on security for Application Programming Interfaces (APIs). We will discuss issues and state of the art regarding security professional selection, task decomposition and quality control.

Salil Kanhere

Analytics companies have become an integral part of the mobile advertising industry, enabling successful user targeting via user profiles, derived from the mobile apps installed by specific users. This poses a threat to privacy of such users, when apps indicating sensitive information, e.g., a gaming app showing a gambling problem, are the basis for profiling. In this paper, we propose a ProfileGuard, novel app-based obfuscation mechanism to remove the dominance (prevalence amongst the interest categories present in a user profile) of selected private user profile interest categories. We show, based on extensive experimental evaluation using 2700 Android apps during a 9 month test campaign, that the best trade-off between the level of effort required by the obfuscating system and the resulting privacy protection can be achieved by choosing the obfuscating apps based on similarity with user’s existing apps (while ensuring that the selected apps belong to a non-private category). We implement a proof-of-concept ProfileGuard app to demonstrate the feasibility of an automated obfuscation mechanism. We also provide insights into the broad Google AdMob profiling rules, showing that there is a deterministic mapping of individual apps to profile interests, that profiles based on multiple apps represent a union of individual app profiles and that there is a minimum level of activity necessary for AdMob to build a stable user profile. Finally, we show the resulting effect of obfuscation on the received ads, demonstrating that modifying user profiles to include a richer set of interests results in correspondingly more diverse received ads.

Sanjay Jha

First part of this talk will discuss how the community is converging towards the IoT vision having worked in wireless sensor networking and Machine-2-Machine (M2M) communication. This will follow a general discussion of security challenges in IoT. Finally I will discuss some results from an ongoing project on security of bodyword devices. Wireless bodyworn sensing devices are becoming popular for fitness, sports training and personalized healthcare applications. Securing the data generated by these devices is essential if they are to be integrated into the current health infrastructure and employed in medical applications. In this talk, I will discuss a mechanism to secure data provenance for these devices by exploiting symmetric spatio-temporal characteristics of the wireless link between two communicating parties. Our solution enables both parties to generate closely matching `link' fingerprints, which uniquely associate
A data session with a wireless link such that a third party, at a later date, can verify the links the data was communicated on. These fingerprints are very hard for an eavesdropper to forge, lightweight compared to traditional provenance mechanisms, and allow for interesting security properties such as accountability and non-repudiation. I will present our solution with experiments using bodyworn devices in scenarios approximating actual device deployment.

Sri Parameswaran

Deep devastation is felt when privacy is breached, personal information is lost, or property is stolen. Now imagine when all of this happens at once, and the victim is unaware of its occurrence until much later. This is the reality, as increasing amount of electronic devices are used as keys, wallets and files. Security attacks targeting embedded systems illegally gain access to information or destroy information. Advanced Encryption Standard (AES) is used to protect many of these embedded systems. While mathematically shown to be quite secure, it is now well known that AES circuits and software implementations are vulnerable to side channel attacks. Side-channel attacks are performed by observing properties of the system (such as power consumption, electromagnetic emission, etc.) while the system performs cryptographic operations. In this talk, differing power based attacks are described, and various countermeasures are explained. In particular, a countermeasure titled Algorithmic Balancing is described in detail. Implementation of this countermeasure in hardware and software is described. Since process variation impairs countermeasures, we show how this countermeasure can be made to overcome process variations.

楠正憲(内閣官房政府CIO補佐官)

Policy maker faces concern about new technology related risks from public sentiment. it’s difficult to balancing risk/benefit before technology deployment. We need to impress benefit to drive innovation, but social acceptance is key factor to technology deployment and regulation reform. I’d like to discuss about how to promote new technologies and avoid conflict and crime.

真武信和(グリー(株))

Several US private sector organizations are working on a threat information sharing project which enables private sector entities share threat information (account hijacking, security token leakage etc.) with each other. Such information is important to defend against similar attacks to the same user accounts on other services. However it requires sharing PII, thus it can conflict with the privacy protection law. What should we handle such conflict?

高崎晴夫((株)KDDI総研 主席研究員)

For strengthening the counter ability against cyber threats, A Cybersecurity Basic Act has been passed in last November 2014. Cybersecurity Strategic Headquarters have been set up and they are developing Cybersecurity Strategy and Policy Plans for facilitating cybersecurity cooperation among multiple stakeholders including the Central and local governments and critical infrastructure provider. Actual status of strategy planning and action items for public private cooperation in this field would be explained in the presentation.

橋本 幹生 (株式会社東芝)

クラウド技術が急速に普及しているが、エンドポイントデバイスのセキュリティも、ネットワーク化が家電から社会インフラにまで及ぶにつれ、重要度を増してきている。本発表では、エンドポイントデバイスにおける脅威と対策技術の概要を紹介します。エンドポイントデバイスの特徴は物理攻撃対策が含まれることです。加えて、オープン開発環境のようなセキュリティに影響を与える関連要素についても簡単に紹介します。

岡 デニス 健五 (ESCRYPT - エンベデッドセキュリティ イータス(株))

Modern vehicles are equipped with embedded computers responsible for a majority of functionality of the vehicle. These electronic control units (ECUs) handle for example engine control, airbag deployment, and driver assistance systems. Moreover, there is a trend towards the connected car where vehicles are wirelessly interacting with their surroundings such as other vehicles, the infrastructure or owners’ devices. Useful examples include improving safety, reducing traffic congestion and improving user services. Moreover, autonomous driving is on the horizon for many OEMs. Naturally, security is an extremely important aspect as a vehicle that allows wireless interaction also provides a potential entrypoint for an attacker. This talk will take you on a journey through the vehicle landscape discussing relevant security threats and solutions.

植村泰佳 (電子商取引安全技術研究組合理事長)

いくつかの用語の定義M2M, IoT, CPS, Embedded devicesなど
マイクロコンピュータに実装されるICチップが行うセキュアなM2M認証
クローズドシステムにおける機器間認証
オープンネットワークにおける機器間認証
制御部と被制御部の機器間認証
機器への脅威、インシデントとセキュリティ
脆弱性の管理、スマートカード分野の経験から