Abstract: According to one embodiment, an information processing apparatus includes: an access detector configured to detect an access request for target data; and a determiner configured to determine necessity of checking information indicating whether access to the target data is permitted, based on position information on the target data, and on a data range to be checked.

Abstract: An information processing apparatus that is one embodiment of the present invention: detects execution of software in any of a host environment, and one or more virtual environments; and acquires discrimination information indicating that a detected environment is a first environment, and first name information indicating a name of the software in a name space of the first environment. The information processing apparatus acquires, based on the discrimination information, second name information indicating a name of the first environment in a name space of a second environment. The information processing apparatus converts, based on the second name information, the first name information into third name information indicating a name of the software in the name space of the second environment. The information processing apparatus acquires, based on the third name information, information on the software from an accessible resource.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to acquire a program identifier of a computer program disposed on a memory and serving as an execution target; read a calculation result corresponding to the acquired program identifier from a storage; and verify whether the computer program serving as the execution target is permitted to be executed, on the basis of the read calculation result and a white list.

Abstract: According to an embodiment, an information processing device includes a prior verifying unit, and an execution control unit. The prior verifying unit is configured to verify integrity of software registered in a whitelist at a timing which does not depend on an execution start of software and generate an execution permission list in which software which is successfully verified is registered as execution-permitted software. The execution control unit is configured to permit execution of the software if the software is registered in the execution permission list as the execution-permitted software when the execution start of the software is detected.

Abstract: According to one embodiment, a communication device belongs to a communication network including a control device and a plurality of communication devices connected to the control device, and transmits a communication packet to a transmission destination communication device. The communication device and the transmission destination communication device are differently one of the plurality of communication devices. In the communication device, a memory stores first information for judging a normality of the communication packet. An analyzing unit judges the normality of a received communication packet based on the received communication packet and the first information. A transmission destination determining unit determines the transmission destination communication device and the control device as transmission destinations of the received communication packet when the analyzing unit judges that the received communication packet is not normal.

Abstract: According to one embodiment, an information processing device ranks one or more security measures technologies to be ranked. The information processing device includes processing circuitry configured to operate as an influence information obtaining unit, a requirements information obtaining unit and a ranking unit. The influence information obtaining unit obtains influence information indicating correspondence between the one or more security measures technologies and an influence on a system when each of the one or more security measures technologies is introduced into the system. The requirements information obtaining unit obtains requirements information indicating system requirements of the system. The ranking unit ranks the one or more security measures technologies based on a degree of satisfaction of the system requirements indicated in the requirements information, using the requirements information and the influence information.

Abstract: According to one embodiment, an information processing apparatus includes a first memory, a signal generation unit, an integrity check unit, and an access-right update unit. Firmware is stored in the first memory. The signal generation unit is configured to generate a signal when there is access violating access right, to the first memory. The integrity check unit is configured to perform, when the access violating access right is a verification request with respect to a predetermined verification target region, integrity check with respect to the verification target region in response to the signal. The access-right update unit is configured to update access right corresponding to the verification target region, to which the integrity check has been performed.

Abstract: According to an embodiment, an information processing apparatus includes: a memory on which first/second processing applications are stored, the first processing application being a secure application; and a processor that is coupled to the memory and executes the first and second processing applications. The first processing application includes an issuance module, a first communication module, and a log verification module. The issuance module issues a command to call a function of the second processing application and links the command to a verification rule. The first communication module transmits, to the second processing application, a command execution request including command identification information that identifies the command, and receives, from the second processing application, an execution log including an execution result of the command identified by the command identification information.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to acquire a program identifier of a computer program disposed on a memory and serving as an execution target; read a calculation result corresponding to the acquired program identifier from a storage; and verify whether the computer program serving as the execution target is permitted to be executed, on the basis of the read calculation result and a white list.

Abstract: According to an embodiment, an information processing device includes a prior verifying unit, and an execution control unit. The prior verifying unit is configured to verify integrity of software registered in a whitelist at a timing which does not depend on an execution start of software and generate an execution permission list in which software which is successfully verified is registered as execution-permitted software. The execution control unit is configured to permit execution of the software if the software is registered in the execution permission list as the execution-permitted software when the execution start of the software is detected.

Abstract: An information processing apparatus according to an embodiment includes a reception unit and switching unit. The reception unit receives an interrupt. The switching unit that switches a second operating system (OS) which is executing in a core to a first OS to which the interrupt for the first OS is input, when the reception unit receives an interrupt for the core in which the first OS is a priority OS and the second OS is not the priority OS.

Abstract: An in-vehicle gateway device according to an embodiment includes a storage unit, a plurality of internal communication processors, a routing processor and a storage controller. The storage unit stores therein data output by an electronic control unit included in the in-vehicle system. The internal communication processors include an internal communication processor to which at least one electronic control unit is connected. The routing processor transfers data among the internal communication processors and outputs at least a part of the transferred data to the storage unit in a form capable of being stored in the storage unit. The storage controller manipulates or filters, in accordance with a certain rule, at least one of the data to store in the storage unit and the data output from the storage unit.

Abstract: According to one embodiment, an information processing apparatus includes a first memory, a signal generation unit, an integrity check unit, and an access-right update unit. Firmware is stored in the first memory. The signal generation unit is configured to generate a signal when there is access violating access right, to the first memory. The integrity check unit is configured to perform, when the access violating access right is a verification request with respect to a predetermined verification target region, integrity check with respect to the verification target region in response to the signal. The access-right update unit is configured to update access right corresponding to the verification target region, to which the integrity check has been performed.

Abstract: An information processing apparatus according to an embodiment includes a reception unit and switching unit. The reception unit receives an interrupt. The switching unit that switches a second operating system (which is executing in a core to a first OS to which the interrupt for the first OS is input, when the reception unit receives an interrupt for the core in which the first OS is a priority OS and the second OS is not the priority OS.

Abstract: An in-vehicle gateway device according to an embodiment includes a storage unit, a plurality of internal communication processors, a routing processor and a storage controller. The storage unit stores therein data output by an electronic control unit included in the in-vehicle system. The internal communication processors include an internal communication processor to which at least one electronic control unit is connected. The routing processor transfers data among the internal communication processors and outputs at least a part of the transferred data to the storage unit in a form capable of being stored in the storage unit. The storage controller manipulates or filters, in accordance with a certain rule, at least one of the data to store in the storage unit and the data output from the storage unit.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree.

Abstract: An information handling device has a first connection unit, a Web application executing unit to generate a device operating command, a second connection unit, an application authentication processing unit to generate a platform authenticator, an application origin information attacher to attach origin information of the web application to the platform authenticator, and a third connection unit to establish a connection for transmitting the device operating command and the platform authenticator attached with the origin information to the second communication device in order to transmit the device operating command and the platform authenticator attached with the origin information.

Abstract: According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address.

Abstract: According to an embodiment, a broadcast receiving device includes a tuner, an acquirer, a signature executor, a first interface, a command receiver, and a transmitter. The tuner is configured to receive broadcast waves containing information identifying a broadcast program, a broadcast program, and a viewing certificate certifying that a specific broadcast program has been received. The acquirer is configured to acquire the viewing certificate from the broadcast waves received by the tuner. The signature executor is configured to sign the acquired viewing certificate by using a key. The first interface is connected to an external device via a network. The command receiver is configured to receive a command for acquiring the viewing certificate from the external device. The transmitter is configured to transmit the viewing certificate to which the signature is applied to the external device that has issued the acquisition command.

Abstract: According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.