Abstract: Attack path information includes information about an attack path including at least one attack step including an attack source, an attack destination, and an attack method. Vulnerability specification means refers to the attack path information and thereby specifies vulnerabilities exploitable by an attack on the attack destination in the attack step. In the vulnerability information DB, vulnerabilities and presence/absence of exploit codes for the vulnerabilities are stored and associated with each other. Diagnosis evaluation generation means refers to the vulnerability information DB, and thereby examines whether or not there is an exploit code for the specified vulnerability and generates, for the attack step, a risk diagnosis evaluation including the number of specified vulnerabilities and the presence/absence of the exploit codes therefor. Output means outputs the attack step and the risk diagnosis evaluation while associating them with each other.

Abstract: To provide a virtual model for a communication system, the virtual model being required for specific diagnosis of the security risk of the communication system. An acquisition unit (11) acquires the inspection result of an information security inspection on a device constituting a communication system, an extraction unit (12) extracts, from the inspection result, security inspection information including at least one of first information about a library function used by the constituent device or second information about the presence or absence of access to a file via the library function, and a generation unit (13) generates a virtual model for the communication system by using configuration information for identifying a constituent component of an information communication device and the security inspection information.

Abstract: An analysis unit 6 generates one or more pairs of a start point fact which is a fact representing possibility of the attack in a device that is a start point and an end point fact which is a fact representing possibility of the attack in the device that is an end point, analyzes, for each pair, whether or not it is possible to derive the end point fact from the start point fact, based on facts representing states of the devices generated based on information regarding the device that is the start point and information regarding the device that is the end point, the start point fact, and one or more analysis rules for analyzing the attack, and generates an attack scenario in a case where it is possible to derive the end point fact from the start point fact.

Abstract: An anomaly cause estimation apparatus includes: an anomaly detection unit converts a data series acquired in a time series from a plurality of components provided in a target system into an anomaly level data series, and detects an anomaly based on the obtained anomaly level data series; and an anomaly propagation estimation unit inputs a target anomaly level data series, extracted from the anomaly level data series, for a period before a point in time at which the anomaly is detected, a target data series corresponding to the target anomaly level data series, and information indicating a causal relationship between the components to an anomaly propagation estimation model, and estimates an anomaly propagation likelihood of the anomaly propagating between the components.

Abstract: A comparison means compares a first risk analysis result with a second risk analysis result. The first risk analysis result includes a first risk evaluation value. The second risk analysis result includes a second risk evaluation value. Based on the result of the comparison, a display means displays the first risk evaluation value in such a manner that a first risk evaluation value for which there is a second risk evaluation value, in the second risk analysis result, for an attack step of which an attack destination coincides with an asset included in the first risk analysis result and an attack method coincides with an attack method included in the first risk analysis result can be distinguished from a first risk evaluation value for which there is no such second risk evaluation value.

Abstract: An analysis apparatus according to an example embodiment of the present disclosure includes at least one memory configured to store instructions; and at least one processor configured to execute the instructions to acquire a data set in which a plurality of combinations of a first pattern of one or more elements indicating an access attribute and an access control action associated with the first pattern are defined, and a second pattern of one or more elements indicating an access attribute, and estimate at least one of an order or magnitude of the degree of influence of the second pattern influencing the action by using the data set and the second pattern.

Abstract: An information processing apparatus according to an example embodiment of the present disclosure includes at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: acquire a data set in which a plurality of combinations of a pattern of a plurality of elements indicating an access attribute and an access control action associated with the pattern of the elements are defined and request a user to input an action associated with a pattern of an element not covered by the data set in a case in which the data set does not cover an action associated with one or more assumed patterns of an element.

Abstract: A determination system according to an aspect of the present disclosure includes: at least one memory storing a set of instructions; and at least one processor configured to execute the set of instructions to: receive a first inspection result that is a result of a first inspection of vulnerability of target software; receive a second inspection result that is a result of a second inspection of vulnerability of the target software; determine validity of the first inspection from undetected vulnerability that is vulnerability detected in the result of the second inspection and not detected in the result of the first inspection; and output a result of determination of the validity.

Abstract: A monitoring apparatus according to an embodiment of the present disclosure is provided with: a storage unit that stores configuration information corresponding to each of a plurality of devices included in a system; a first identification unit that identifies configuration information corresponding to a first device among the plurality of devices for which an agent for collecting information has not been set; a second identification unit that identifies a second device, which is a device among the plurality of devices that corresponds to configuration information similar to the configuration information corresponding to the first device and for which the agent has been set; and an association unit that associates operational information of the second device, which includes information collected by the agent, with the first device.

Abstract: One purpose of the present disclosure is to provide a management device and the like capable of ascertaining a location where an anomaly can occur in a system. A management device according to an aspect of the present disclosure comprises: a storage unit that stores configuration information which corresponds to each constituent element of a system and which indicates a configuration of each constituent element; a first identification unit that identifies configuration information of a first constituent element in which an anomaly has occurred; and a second identification unit that, from the stored configuration information, identifies a second constituent element which corresponds to configuration information including common information between the first constituent element and the configuration information.

Abstract: A setting unit (11) sets a path or a procedure for a cyber attack that is obtained through analysis of a risk to a communication system. A collection unit (12) collects safety information that is associated with safety in terms of information security regarding the constituent apparatuses of a communication system. An evaluation unit (13) evaluates the magnitude of a security risk present in the communication system, in accordance with the path or procedure for the cyber attack, on the basis of the security information, the security risk to a constituent apparatus related to the path or procedure for the cyber attack being evaluated to be lower when inspection for information security has been carried out on the constituent apparatus related to the path or procedure for the cyber attack than when inspection for information security is not carried out.

Abstract: The present invention accurately identifies factors (threats) that cause security risks to appear in a communication system. An acquisition unit (11) acquires identification information identifying a specific component device of a communication system; a collection unit (12) uses the identification information to collect relationship information indicating a component that has a connection or relationship with the specific component device, and safety information related to the safety of the specific component device and the components thereof in terms of information security; and a display unit (13) displays the safety information together with or in association with the relationship information.

Abstract: Provided is an analysis system that allows a security administrator to understand the impact of known vulnerabilities on the system to be diagnosed. The topology identification unit 14 identifies network topology of devices included in a system to be diagnosed. The analysis unit 6 generates an attack pattern that includes an attack condition, an attack result, an attack means that is vulnerability that is used by an attack, and a segment where the attack can occur in the system to be diagnosed. The display control unit 8 displays segments included in attack patterns superimposed on the network topology, on a display device. At this time, the display control unit 8 changes a display mode of the segment according to a type of the vulnerability that corresponds to the attack means included in the attack pattern including the segment.

Abstract: Provided is an analysis system that can analyze the degree of impact of vulnerability on individual systems. An analysis unit 6 generates an attack pattern that includes an attack condition, an attack result, an attack means that is vulnerability that is used by an attack, and a segment where the attack can occur in a system to be diagnosed. A calculation unit 12 calculates an evaluation value, for each vulnerability, which indicates degree of impact of the vulnerability on the system to be diagnosed. Specifically, the calculation unit 12 calculates the evaluation value, for each vulnerability, based on the number of the attack patterns that include the vulnerability focused on as the attack means and the number of the segments indicated by each attack pattern that includes the vulnerability focused on as the attack means.

Abstract: A causality search apparatus including: a causality information calculation unit that selects two different components from a plurality of components provided in a target system and calculating causality information indicating causality between the two selected components; and a causality information correction unit that corrects the causality information based on function information indicating functions respectively associated with the two selected components.

Abstract: An attack scenario generating apparatus including: first attack step detection unit executes an attack simulation on a first virtual model obtained from a storage device in which a plurality of virtual models used to represent a target system are stored, and detects a first attack step that satisfies a damage condition with which damage occurs in the first virtual model; an input/output condition extraction unit extracts an input condition or an output condition of the first virtual model from the detected first attack step, or both the input condition and the output condition; a second attack step detection unit executes an attack simulation on a second virtual model obtained from the storage device, and detects a second attack step in which output of the second virtual model satisfies the input condition; and a combination unit combines the first attack step and the second attack step to generate an attack scenario.

Abstract: An access control system includes workload distribution control function that decides an access control granularity by analyzing dynamic risk factors in network system; and policy selection function that selects an access control policy corresponding to the access control granularity, from a core policy and distributes the selected access control policy toward filtering PEP (Policy Enforcement Point) controller and fine-grained PEP (Policy Enforcement Point) controller.

Abstract: An analysis apparatus according to an example embodiment of the present disclosure includes at least one memory configured to store instructions and at least one processor configured to execute the instructions to: acquire at least a data set in which a plurality of combinations of a first pattern of one or more elements indicating attributes of access and an action of access control corresponding to the first pattern are defined, and a second pattern of one or more elements indicating attributes of access that change over time; evaluate an execution cost when an action corresponding to the second pattern is changed over time by using at least transition information indicating a state transition in the one or more elements indicating attributes of access, and the second pattern; and determine the action corresponding to the second pattern by using at least a result of the evaluation and the data set.

Abstract: The present disclosure provides a security assessment apparatus, a method, and a program capable of making an assessment of a security risk simply and appropriately. The security assessment apparatus according to the present disclosure is a security assessment apparatus of a facility to be controlled using a controller, including: an identification unit (15) configured to identify a compromised component which puts the facility into an unsafe situation based on data regarding a plurality of components provided in the facility and control program code of the controller, thereby generating a list of the compromised component; and a compromised behavior generating unit (16) configured to generate a compromised behavior of a selected component selected from the list of the compromised component.

Abstract: A policy generation apparatus according to one example embodiment of the present disclosure includes at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: acquire, regarding a plurality of elements related to access control, relation data indicating a relation between a plurality of elements and score data that defines at least one of a score which is based on a viewpoint of risk of access or a score which is based on a viewpoint of a need for access; and generate a policy for access control using the relation data and the score data.