[ main >> docbox ]


in Japanese

   List of Specifications[top]

   List of Documents[top]

PCAP Archives of Network Worms Retrieval Behavior

Proposal of RSS Extension for Security Information Exchange
18th Annual FIRST Conference (June 25-30, 2006)
Unauthorized access intended to distribute malware has been widely spread across the Internet and causing a lot of damage worldwide. In order to eliminate vulnerabilities that can be exploited by those malware and prevent unauthorized access, it is necessary to improve the way to distribute security information about computer software and hardware. In this paper, we examines how we can provide a more efficient security information distribution service for the security administrators that helps them reduce their workload related in gathering and grouping information from various sources and take care of vulnerabilities and incidents. We propose JVNRSS (JP Vendor Status Notes RSS) as a security information sharing and exchanging specification. Currently, JPCERT/CC and IPA (Information-technology Promotion Agency) are promoting a framework to handle vulnerability information in Japan. They offer JVN (JP Vendor Status Notes), a portal site to provide security information about the domestic computer software and hardware manufactured by the vendors participating in the framework. JVNRSS is one of the methods JVN has been using to distribute security information. JVNRSS is based on RSS 1.0 and uses the "" field defined in the Dublin Core as a Relational ID to correlate security information issued by various sources. JVNRSS uses the reference URL specified in a security alert, for example, an URL of the Common Vulnerability Exposure, CERT Advisory, CERT Vulnerability Note, US-CERT Technical Alert and CIAC Bulletin. In this paper, firstly we will explain the specification and applications of JVNRSS. Secondly, we will introduce the result of our feasibility study on JVNRSS and lastly we will propose the RSS Extension for security information sharing through the Internet.

Feasibility Study of OVAL based Vulnerability Management Extension
SIGIIV Activity Product Security Teams Meeting (November 14-16, 2005)
Under the vulnerability management, it is difficult to check out the vulnerability of information system by only security advisory. In this work, we have taken up this issue. We have examined - how one can provide a useful vulnerability management service to administrators. This presentation shows a proof-of-concept prototype "OVAL based Vulnerability Management Extension". The functions of Extension are the followings to support the useful vulnerability management.
* A framework based on pattern file supplied by product vendors
* A connective Web service based OVAL interpreter (WebOVAL, CmdOVAL)
* A vulnerability management with a priority ratings service of CVSS

Proposal of the Security Information Sharing System with RDF Site Summary
The 8th World Multi-Conference on Systemics, Cybernetics and Informatics, Vol.X, pp.40-46 (Jul.18-21, 2004)
Unauthorized access containing Malware propagation is activated and causes a lot of damage. In order to protect the unauthorized access and eliminate the vulnerability, it is necessary to improve the security information sharing environments about the Japanese domestic software and the equipments. When the new vulnerability is exposed or security advisory is released, the security administrators try to gather countermeasure information about that vulnerability. In this work, we have taken up this issue. We have examined - how we can provide a security information sharing service for the security administrators, while our operations of information gathering reduced. We propose "JP Vendor Status Notes (JVN)" and "Status Tracking Notes (TRnotes)" as the security information sharing system. The former is the countermeasure information service of the vulnerability, and the latter is the event information service of the incidents. This paper discusses the requirements of these services and the XML formats for the security information sharing. Finally, we introduce our sharing framework.

  • Published.: 2007-01-06T10:38+00:00
  • 18thFirstConference_paper.pdf, 18thFirstConference_presentation.pdf added.: 2007-03-24T16:54+00:00


Last updated: 2006-12-07T18:35+00:00
Valid HTML 4.01! Valid CSS!