[ main >> CVE+ ]


in Japanese

   Table of Contents[top]

CVE is a list of standardized names for vulnerabilities and other information security exposures. Currently CVE mostly doesn't include security information published by Japanese vendors, because Japanese vendors don't post security information in a CVE-compatible format.

CVE+ is to make a relationship map between CVE and Japanese security information. The grouping module extracts the Relational ID of JVNRSS feed <item> and finds the CVE entry with the same Relational ID. Some modules in Figure have been implemented as a Proof of Concept prototype. Also the convert module produces a TouchGraph XML format and RSS Extension (mod_sec) format to describe the relationship map.
>>>> Viewer >>>> Data format
CVE+ system overview
>>>> Mapping DB data source >>>> Archives DB data source
Our gathering and grouping approach using the JVNRSS format has three steps.

Gathering of the security information
The gathering module periodically checks changes in JVNRSS feeds on other Web sites and extracts the JVNRSS items upon change.

Grouping of the security information
The grouping module extracts the Relational ID from the JVNRSS feed <item>. This module checks other JVNRSS feed items using Relational ID as the search key. When the module finds <item> with the same Relational ID, it makes these <item> into a group. When this module does not find any item with the same Relational ID, it will try to find a matching Relational ID using the Mapping DB. The upper group in the mapping DB shows the vulnerability information related to the TCP stack and the lower group shows the incident information about the MS-Blaster worm. The items on the right, which refer to the same vulnerability or incident, belong to the same group. In case the feed <item> have a different Relational ID yet refer to the same vulnerability, the mapping DB traces the relationship between those Relational IDs.

Convert XML to HTML
The Convert module transforms XML documents into a HTML form to present security information.
Relational ID and Mapping DB.

   Data format[top]
TouchGraph XML
JVNRSS + <sec:item>
JVNRSS is based on RDF Site Summary (RSS) 1.0 [2] and use the field <dc:relation> of Dubline Core [3] as index of grouping security information (See. JVNRSS spec).

<sec:item> is extended JVNRSS format which nests item of RSS 1.0/2.0 (See. mod_sec spec).
The format of item part of Extended JVNRSS.
[1] TouchGraph Link Browser, http://touchgraph.sourceforge.net/index.html#TGLB
[2] RDF Site Summary 1.0 Modules , http://web.resource.org/rss/1.0/modules/
[3] RDF Site Summary 1.0 Modules: Dublin Core , http://purl.org/rss/1.0/modules/dc/

TouchGraph Link Browser
input file format: TouchGraph XML format
output: TouchGraph Link Browser (Java Applet)
    TouchGraph Link Browser
TouchGraph Link Browser
Input "CVE ID": ex. CVE-2004-0230 etc.

MAP Viewer
input file format: TouchGraph XML format
output: MAP Viewer (SWF)
    MAP Viewer
MAP Viewer
Input "CVE ID": ex. CVE-2004-0230 etc.

LIST Viewer
input file format: JVNRSS + <sec:item> format (See. JVNRSS spec, mod_sec)
output: LIST Viewer (SWF)
    LIST Viewer
LIST Viewer
Input "CVE ID": ex. CVE-2004-0230 etc.

   Mapping DB data source[top]

   Archives DB data source[top]
in Japanese (lang=ja) in English (lang=en)

  • Published.: 2006-04-23T02:50:00-00:00


Last updated: 2006-04-23T02:50:00-00:00
Valid HTML 4.01! Valid CSS!