| Project/Area Number |
12133201
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research on Priority Areas
|
| Allocation Type | Single-year Grants |
|---|
| Review Section |
Science and Engineering
|
|---|
| Research Institution | University of Tsukuba |
|---|
Principal Investigator |
KATO Kazuhiko Information Science and Electronics, Associate, 電子・情報工学系, 助教授 (90224493)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
CHIBA Shigeru Tokyo Institute of Technology, Graduate School of Information Science and Engineering, Associate Professor, 大学院・情報理工学研究科, 講師 (80282713)
SHINJO Yasushi Institute of Information Science and Electronics, Associate Professor, 電子・情報工学系, 助教授 (00253948)
ITANO Kouzo Institute of Information Science and Electronics, Professor, 電子・情報工学系, 教授 (20114035)
KONO Kenji University of Electro-Communications, Department of Computer Science, Associate Professor, 電気通信学部, 講師 (90301118)
松原 克哉 (松原 克弥) 筑波大学, 電子・情報工学系, 助手 (70302396)
|
|---|
| Project Period (FY) |
2000 – 2003
|
| Project Status |
Completed (Fiscal Year 2003)
|
| Budget Amount *help |
¥39,900,000 (Direct Cost: ¥39,900,000)
Fiscal Year 2003: ¥11,200,000 (Direct Cost: ¥11,200,000)
Fiscal Year 2002: ¥13,300,000 (Direct Cost: ¥13,300,000)
Fiscal Year 2001: ¥15,400,000 (Direct Cost: ¥15,400,000)
|
|---|
| Keywords | Sandbox System / Intrusion Detection System / Reference monitor / VPN / Personal Network / Firewall / Anonymizing Proxy / 異常検知システム / Webサービス / 世界OS / セキュアコンピューティング / セキュリティポリシー / SoftwarePot / モバイルエージェント / バイトコード変換 / 仮想ディスク / ネットワークプロトコル / 自動生成 / オペレーティング・システム / ミドルウェア / サンドボックス / DoS攻撃 / パケットフィルタ / 仮想プライベートネットワーク(VPN) / 不正コンテンツ / 資源管理 / セキュリティ / プロテクション / インターネット / オープンネットワーク / オペレーティングシステム |
|---|
| Research Abstract |
We have developed using operating systems and system software techniques for secure software execution in an open network environment. We summarize our main research topics as follows
(1) Techniques for handling attacks on programs Defense again attacks We developed a technique for protecting programs that are vulnerable to attacks by isolating the software from the host environment. Detection of attacks We developed an intrusion detection system that monitors software such that the system can detect behaviors that deviate from the norm. Our system detects any such malicious behavior by examining system calls issued by the program. Minimization of damage In case the software is successfully exploited, we developed a technique to limit the privileges the software has, so that further damage can be avoided. Recovery from damage Our technology recovers from any damage caused by an attack by restoring the machine to a previous state.
(2) Security and Privacy on Networks Secure Virtual Private Networks Fine-grained restrictions of what users are allowed to do are inexistent in current Virtual Private Network (VPN) systems. In our research, we attempt to solve this problem. Firewalls We developed a technology for realizing a high-performance firewall. Our technology improves on existing previous works by being able to detect unauthorized accesses that predecessors could not. Furthermore, our techniques can detect such unauthorized accesses without significant performance loss by examining the contents efficiently. Realization of Anonymity when accessing servers We developed a technology for anonymaing a user when accessing servers. This enables the protection of the user's information from being collected.
|
