Abstract: An information processing apparatus according to one embodiment, includes: a vulnerability database storing vulnerability information including a vulnerability identifier for uniquely specifying vulnerability, a software identifier for uniquely specifying software including the vulnerability, and vulnerability description indicating content of the vulnerability; a matching processor to specify, in the vulnerability database, vulnerability information matching a software identifier of a target software provided in target equipment; a causal component specifier to specify, from the vulnerability description in the vulnerability information specified by the matching processor, a causal component that is a cause of the vulnerability; a type determiner to determine a type of the causal component from a name of the specified causal component; and an output processor to determine, based on the software identifier of the target software and the type of the causal component, an investigation procedure concerning vulne

Abstract: An information processing apparatus according to one embodiment, comprising: a first vulnerability information obtainer configured to obtain, from a first server, first vulnerability information; a second vulnerability information obtainer configured to obtain, from a second server, second vulnerability information; a first configuration information obtainer configured to obtain first configuration information included in the target device; a scanner configured to detect a first identifier, from the first vulnerability information, based on the first configuration information, and identify the vulnerability identifier associated with the detected first identifier; a searcher configured to identify a second identifier that is associated with the vulnerability identifier identified, and includes a name of software identical to the name of the target software, based on the second vulnerability information; and an output processor configured to generate a third identifier by replacing the version included in the

Abstract: According to one embodiment, a risk evaluation device includes a vulnerability information input unit, an individual countermeasure acquisition unit, a parameter acquisition unit, a determination unit, and a calculation unit. The vulnerability information input unit receives an input of vulnerability information to be subjected to risk evaluation. The individual countermeasure acquisition unit acquires at least one security countermeasure introduced into a system to be evaluated. The parameter acquisition unit acquires a candidate parameter value to be used for calculation of the risk of vulnerability for each security countermeasure based on the security countermeasure and the vulnerability information. The determination unit determines a parameter to be used for the calculation of the risk of vulnerability from the candidate parameter values. The calculation unit calculates a risk value indicating the risk of vulnerability by using the parameters determined by the determination unit.

Abstract: An information processing apparatus that is one embodiment of the present invention: detects execution of software in any of a host environment, and one or more virtual environments; and acquires discrimination information indicating that a detected environment is a first environment, and first name information indicating a name of the software in a name space of the first environment. The information processing apparatus acquires, based on the discrimination information, second name information indicating a name of the first environment in a name space of a second environment. The information processing apparatus converts, based on the second name information, the first name information into third name information indicating a name of the software in the name space of the second environment. The information processing apparatus acquires, based on the third name information, information on the software from an accessible resource.

Abstract: An information processing device includes one or more processors configured to evaluate a satisfaction level of a combination with respect to a system requirement, evaluate a track record level of the combination, and evaluate a recommendation level of the combination. The one or more processors evaluate the recommendation level of the combination based on the track record level information and the satisfaction level information.

Abstract: According to one embodiment, an information processing apparatus includes a communication amount predictor. The communication amount predictor acquires relation data in which a variation of a communication amount in a first environment including first devices of a plurality of function types is associated with a varied number of the first devices for each of the plurality of function types in a case where a number of first devices for each of the plurality of function types varies in the first environment. The communication amount predictor predicts a communication amount in a second environment including second devices of the plurality of function types on a basis of the relation data and a number of the second devices for each of the plurality of function types in the second environment.

Abstract: An information processing apparatus according to an embodiment includes a list storage unit and processor. The list storage unit stores therein allow lists for module processing types, and each allow list describes an execution-permitted system operation. The processor functions as an operation detecting unit, a process specifying unit, a log specifying unit, a type specifying unit, and an output unit. The operation detecting unit detects execution of any of system operations. The process specifying unit specifies a target process that has executed execution-detected system operation. The log specifying unit specifies a target operation log. The type specifying unit specifies a type of target module processing that executed execution-detected system operation by analyzing the target operation log. The output unit outputs anomaly information when the allow list for the target module processing type does not include the execution-detected system operation.

Abstract: A control device includes a hardware processor configured to: acquire threat information indicating one or more threat events occurring in a monitoring target system; generate attack information indicating a plurality of detection target attacks to be detected in order to detect the one or more threat events among a plurality of attacks launched on the monitoring target system; generate a plurality of log sets each indicating a combination of one or more detectable logs enabling to detect all of the plurality of detection target attacks, based on an attack-log table that indicates a detectable log among a plurality of logs acquired from the monitoring target system; acquire easinesses representing littleness of restrictions for monitoring the one or more detectable logs, and calculate priorities indicating degrees of priority of monitoring, based on the easinesses; and output the plurality of log sets and the priorities of the plurality of log sets.

Abstract: According to one embodiment, an information processing device ranks one or more security measures technologies to be ranked. The information processing device includes processing circuitry configured to operate as an influence information obtaining unit, a requirements information obtaining unit and a ranking unit. The influence information obtaining unit obtains influence information indicating correspondence between the one or more security measures technologies and an influence on a system when each of the one or more security measures technologies is introduced into the system. The requirements information obtaining unit obtains requirements information indicating system requirements of the system. The ranking unit ranks the one or more security measures technologies based on a degree of satisfaction of the system requirements indicated in the requirements information, using the requirements information and the influence information.

Abstract: According to one embodiment, an information processing apparatus includes: an access detector configured to detect an access request for target data; and a determiner configured to determine necessity of checking information indicating whether access to the target data is permitted, based on position information on the target data, and on a data range to be checked.

Abstract: An information processing device, includes: a metadata generator generating, based on an update request of firmware, first metadata including identification of the firmware; a time manager; a validity period determiner determining a first validity period for the first metadata based on time acquired from the time manager; a counter counting up a value per unit time; an acquirer acquiring a first counter value of the counter for the first metadata; a storage storing entries in which second metadata including identification of firmware, a second validity period of the second metadata, and a second counter value of the counter having been acquired for the second metadata are associated; and a determiner detecting the second metadata including same identification as the first metadata, acquire the second validity period and the second counter value from the entry including the detected second metadata, and detecting falsification of the first validity period.

Abstract: An information processing system includes an edge server and a low-end device. The edge server has a storage and a processor. The low-end device has a storage and a processor, connected to the edge server. The processor of the low-end device transmits abnormality information for detecting its own abnormality to the edge server, the storage of the edge server stores information on the software. The low-end device information includes the version of the software. The processor of the edge server detects an abnormality in the low-end device based on the abnormality information, acquires version information of the software, acquires information on rollback software which is a version of software older than a version in the version information of the software running in the low-end device from the storage, and requests the low-end device to roll back the software based on the information on the rollback software.

Abstract: According to an embodiment, an information processing device includes an obtaining unit and a communication generating unit. The obtaining unit obtains first communication data of a first environment, first configuration information, and second configuration information. First identification information of each first device of a plurality of first devices in the first environment is associated with function identification information of a function of the first device in the first configuration information. Second identification information of each second device of a plurality of second devices in a second environment is associated with function identification information of a function of the second device in the second configuration information.

Abstract: According to an embodiment, an information processing apparatus includes: a memory on which first/second processing applications are stored, the first processing application being a secure application; and a processor that is coupled to the memory and executes the first and second processing applications. The first processing application includes an issuance module, a first communication module, and a log verification module. The issuance module issues a command to call a function of the second processing application and links the command to a verification rule. The first communication module transmits, to the second processing application, a command execution request including command identification information that identifies the command, and receives, from the second processing application, an execution log including an execution result of the command identified by the command identification information.

Abstract: An information processing apparatus includes one or more managers that manage one or more virtual environments, and a management controller that controls the one or more managers. When the execution of the software is detected in any of the one or more virtual environments, the management controller instructs the manager that manages the detected virtual environment to determine whether to execute the software in the detected virtual environment. The manager reads a file stored in the detected virtual environment, and determines whether to execute the software in the detected virtual environment based on information indicated in the file.

Abstract: An information processing apparatus has a deployment unit configured to deploy an image file and to create files used for a virtual environment, a virtual environment creator configured to create the virtual environment using the files, a recorder configured to record information about a first file included in the files, a manager configured to access the first file stored in the virtual environment and to determine, based on information acquired by accessing the first file, whether to execute software whose execution was detected in the virtual environment, and a normality determinator configured to determine, based on a difference between information acquired by accessing the first file and information about the recorded first file, whether the first file is normal.

Abstract: According to one embodiment, a communication device belongs to a communication network including a control device and a plurality of communication devices connected to the control device, and transmits a communication packet to a transmission destination communication device. The communication device and the transmission destination communication device are differently one of the plurality of communication devices. In the communication device, a memory stores first information for judging a normality of the communication packet. An analyzing unit judges the normality of a received communication packet based on the received communication packet and the first information. A transmission destination determining unit determines the transmission destination communication device and the control device as transmission destinations of the received communication packet when the analyzing unit judges that the received communication packet is not normal.

Abstract: One embodiment of the present invention provides an apparatus, or the like, which detects an anomaly of a controller of a control system by learning relationship between input and output of the controller. An anomaly detection apparatus which is one embodiment of the present invention includes a first acquirer, a second acquirer, a history recorder, an estimator, and a first anomaly determiner. The first acquirer acquires an input signal to a control apparatus which executes control on a controlled apparatus. The second acquirer acquires an output signal from the control apparatus. The history recorder records information regarding the acquired input signal and the acquired output signal as history. The estimator estimates the output signal using the history and an estimation model. The first anomaly determiner determines an anomaly of the control apparatus by comparing the estimated output signal with the acquired output signal.

Abstract: According to one embodiment, an information processing device includes an influence information obtaining unit, a requirements information obtaining unit, and a ranking unit. The influence information obtaining unit obtains influence information indicating a correspondence between one or more security measures technologies and an influence on a system when each of the one or more security measures technologies is introduced into the system. The requirements information obtaining unit obtains common constraint condition information indicating system requirements of the system. The ranking unit classifies the one or more security measures technologies into a security measures technology satisfying a common constraint condition indicating the system requirements and a security measures technology not satisfying the common constraint condition, based on the common constraint condition information and the influence information, and ranks the security measures technology satisfying the common constraint condition.

Abstract: An information processing apparatus according to an embodiment includes a list storage unit and processor. The list storage unit stores therein allow lists for module processing types, and each allow list describes an execution-permitted system operation. The processor functions as an operation detecting unit, a process specifying unit, a log specifying unit, a type specifying unit, and an output unit. The operation detecting unit detects execution of any of system operations. The process specifying unit specifies a target process that has executed execution-detected system operation. The log specifying unit specifies a target operation log. The type specifying unit specifies a type of target module processing that executed execution-detected system operation by analyzing the target operation log. The output unit outputs anomaly information when the allow list for the target module processing type does not include the execution-detected system operation.