Abstract: An information processing device includes a first acquisition unit, a calculation unit, and a selection unit. The first acquisition unit acquires resilience requirements for a target system. For each of the action sets including one action or the combination of the actions and being different from each other for the resilience, the calculation unit calculates the resilience indicator of the target system to which an action set is applied. Based on the resilience indicator calculated for each of the action sets, the selection unit selects the action set satisfying the resilience requirements among the action sets, as the resilience design information.

Abstract: In an information processing apparatus according to an embodiment, a processor acquires a load state of each resource in an information processing system, and determines whether one of the resources is subjected to a high-load attack. In response to affirmative determination, the processor identifies an attack target service subjected to the high-load attack from among services executed in the information processing system, based on the attack target resource subjected to the high-load attack among the resources. The processor determines a priority of the attack target service based on priority information in which priority indicating a level at which each service is preferentially processed is described. The processor determines, based on the priority of the attack target service, a target restriction content indicating a content to restrict execution of one of the services. The processor restricts the execution of the one of the services according to the target restriction content.

Abstract: According to one embodiment, a risk evaluation device includes a vulnerability information input unit, an individual countermeasure acquisition unit, a parameter acquisition unit, a determination unit, and a calculation unit. The vulnerability information input unit receives an input of vulnerability information to be subjected to risk evaluation. The individual countermeasure acquisition unit acquires at least one security countermeasure introduced into a system to be evaluated. The parameter acquisition unit acquires a candidate parameter value to be used for calculation of the risk of vulnerability for each security countermeasure based on the security countermeasure and the vulnerability information. The determination unit determines a parameter to be used for the calculation of the risk of vulnerability from the candidate parameter values. The calculation unit calculates a risk value indicating the risk of vulnerability by using the parameters determined by the determination unit.

Abstract: An information processing device according to an embodiment includes a risky vulnerability detection unit, a technical similarity calculation unit, a risk score calculation unit, and an output unit. The risky vulnerability detection unit detects, as a risky vulnerability, a vulnerability having the possibility of being attacked for an object system executing information processing. For each vulnerability registered in advance, the technical similarity calculation unit calculates a technical similarity representing a technical similarity to the risky vulnerability. For each vulnerability, the risk score calculation unit calculates a risk score representing the level of the risk of attack on each vulnerability in the object system, based on the technical similarity. The output unit determines at least one of the vulnerabilities as a target vulnerability to be dealt with, based on the risk score for each vulnerability, and outputs identification information for identifying the target vulnerability.

Abstract: According to one embodiment, an information processing apparatus includes a hardware processor connected to a memory. The hardware processor extracts first file path information indicating a file path of a file used by a vulnerability inspection tool in vulnerability inspection of an object to be inspected. The file path is a file path in the object to be inspected. The hardware processor registers second file path information and the first file path information in correlation with each other in second management information. The second file path information indicates a file path to a file copied from the object to be inspected by using the first file path information.

Abstract: According to an embodiment, an information processing system includes one or more hardware processors. The one or more hardware processors are configured to: identify a threat type capable of being countered by installed software being security countermeasure software installed in a target system, from among security countermeasure software with a reported vulnerability; calculate a first risk value when a countermeasure is taken by the installed software for a threat of the identified threat type; calculate a second risk value when no countermeasure is taken by the installed software for the threat of the identified threat type; and output damage potential information including risk value change information representing a change in the second risk value with respect to the first risk value.

Abstract: An information processing apparatus according to one embodiment, includes: a vulnerability database storing vulnerability information including a vulnerability identifier for uniquely specifying vulnerability, a software identifier for uniquely specifying software including the vulnerability, and vulnerability description indicating content of the vulnerability; a matching processor to specify, in the vulnerability database, vulnerability information matching a software identifier of a target software provided in target equipment; a causal component specifier to specify, from the vulnerability description in the vulnerability information specified by the matching processor, a causal component that is a cause of the vulnerability; a type determiner to determine a type of the causal component from a name of the specified causal component; and an output processor to determine, based on the software identifier of the target software and the type of the causal component, an investigation procedure concerning vulne

Abstract: According to one embodiment, an information processing device includes a memory and one or more processors coupled to the memory. The one or more processors are configured to: determine a software component having a possibility that a vulnerability is present, among a plurality of software components defined in a first software bill of materials; and generate a second software bill of materials according to the determined software component.

Abstract: An information processing device, includes: a metadata generator generating, based on an update request of firmware, first metadata including identification of the firmware; a time manager; a validity period determiner determining a first validity period for the first metadata based on time acquired from the time manager; a counter counting up a value per unit time; an acquirer acquiring a first counter value of the counter for the first metadata; a storage storing entries in which second metadata including identification of firmware, a second validity period of the second metadata, and a second counter value of the counter having been acquired for the second metadata are associated; and a determiner detecting the second metadata including same identification as the first metadata, acquire the second validity period and the second counter value from the entry including the detected second metadata, and detecting falsification of the first validity period.

Abstract: An information processing apparatus has a deployment unit configured to deploy an image file and to create files used for a virtual environment, a virtual environment creator configured to create the virtual environment using the files, a recorder configured to record information about a first file included in the files, a manager configured to access the first file stored in the virtual environment and to determine, based on information acquired by accessing the first file, whether to execute software whose execution was detected in the virtual environment, and a normality determinator configured to determine, based on a difference between information acquired by accessing the first file and information about the recorded first file, whether the first file is normal.

Abstract: An information processing apparatus includes one or more managers that manage one or more virtual environments, and a management controller that controls the one or more managers. When the execution of the software is detected in any of the one or more virtual environments, the management controller instructs the manager that manages the detected virtual environment to determine whether to execute the software in the detected virtual environment. The manager reads a file stored in the detected virtual environment, and determines whether to execute the software in the detected virtual environment based on information indicated in the file.

Abstract: An information processing system includes an edge server and a low-end device. The edge server has a storage and a processor. The low-end device has a storage and a processor, connected to the edge server. The processor of the low-end device transmits abnormality information for detecting its own abnormality to the edge server, the storage of the edge server stores information on the software. The low-end device information includes the version of the software. The processor of the edge server detects an abnormality in the low-end device based on the abnormality information, acquires version information of the software, acquires information on rollback software which is a version of software older than a version in the version information of the software running in the low-end device from the storage, and requests the low-end device to roll back the software based on the information on the rollback software.

Abstract: According to one embodiment, an information processing device includes one or more hardware processors configured to function as a generation unit, an identification unit, and a vulnerability risk level calculation unit. The generation unit generates dependence information including an execution user of a first evaluation target and a dependence relationship representing being in a dependence relationship with the first evaluation target and access authority information of a resource. The identification unit identifies a resource accessible by the first evaluation target based on the execution user and the access authority information. The vulnerability risk level calculation unit calculates a vulnerability risk level indicating a risk level of each vulnerability from the resource accessible by the first evaluation target and one or more pieces of vulnerability information.

Abstract: According to one embodiment, an information processing equipment provided with an edge, comprises a processor which detects anomaly according to a certain rule and switch modes indicative of anomaly/normality states of the edge to anomaly state upon detection of anomaly and perform a certain process when the anomaly detector detects anomaly and instruct execution of one or more procedures of the subprogram based on the state of the mode and execute one or more procedures of the subprogram.

Abstract: According to one embodiment, an information processing device includes one or more processors. The one or more processors are configured to: detect, from a plurality of target components included in an information processing system to be evaluated, one or more of first components affected by a vulnerability included in the information processing system; specify, by using assessment information that associates at least some of the plurality of target components, one or more of assets included in the information processing system, and a degree of impact when the one or more of the assets are attacked, the one or more of the assets corresponding to the detected one or more of the first components; and obtain an evaluation value of damage when the vulnerability is attacked, based on the degree of impact corresponding to the specified one or more of the assets.

Abstract: An apparatus for performing electrical and rheology measurements of a material sample, comprises a first plate; a second plate; a rotatable drive shaft extending from a motor to rotate the first plate relative to the second plate; and a sample gap between the first plate and the second plate. The second plate includes first and second electrodes that receive a voltage and form an electric field at the sample gap.

Abstract: According to one embodiment, an information processing apparatus includes a communication amount predictor. The communication amount predictor acquires relation data in which a variation of a communication amount in a first environment including first devices of a plurality of function types is associated with a varied number of the first devices for each of the plurality of function types in a case where a number of first devices for each of the plurality of function types varies in the first environment. The communication amount predictor predicts a communication amount in a second environment including second devices of the plurality of function types on a basis of the relation data and a number of the second devices for each of the plurality of function types in the second environment.

Abstract: An information processing device according to an embodiment includes a risky vulnerability detection unit, a technical similarity calculation unit, a risk score calculation unit, and an output unit. The risky vulnerability detection unit detects, as a risky vulnerability, a vulnerability having the possibility of being attacked for an object system executing information processing. For each vulnerability registered in advance, the technical similarity calculation unit calculates a technical similarity representing a technical similarity to the risky vulnerability. For each vulnerability, the risk score calculation unit calculates a risk score representing the level of the risk of attack on each vulnerability in the object system, based on the technical similarity. The output unit determines at least one of the vulnerabilities as a target vulnerability to be dealt with, based on the risk score for each vulnerability, and outputs identification information for identifying the target vulnerability.

Abstract: One embodiment of the present invention provides an apparatus, or the like, which detects an anomaly of a controller of a control system by learning relationship between input and output of the controller. An anomaly detection apparatus which is one embodiment of the present invention includes a first acquirer, a second acquirer, a history recorder, an estimator, and a first anomaly determiner. The first acquirer acquires an input signal to a control apparatus which executes control on a controlled apparatus. The second acquirer acquires an output signal from the control apparatus. The history recorder records information regarding the acquired input signal and the acquired output signal as history. The estimator estimates the output signal using the history and an estimation model. The first anomaly determiner determines an anomaly of the control apparatus by comparing the estimated output signal with the acquired output signal.

Abstract: An information processing device includes a first acquisition unit, a calculation unit, and a selection unit. The first acquisition unit acquires resilience requirements for a target system. For each of the action sets including one action or the combination of the actions and being different from each other for the resilience, the calculation unit calculates the resilience indicator of the target system to which an action set is applied. Based on the resilience indicator calculated for each of the action sets, the selection unit selects the action set satisfying the resilience requirements among the action sets, as the resilience design information.