著者
Takashi NORIMATSU Yuichi NAKAMURA Toshihiro YAMAUCHI
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Information and Systems (ISSN:09168532)
巻号頁・発行日
vol.E106-D, no.9, pp.1364-1379, 2023-09-01

Two problems occur when an authorization server is utilized for a use case where a different security profile needs to be applied to a unique client request for accessing a distinct type of an API, such as open banking. A security profile can be applied to a client request by using the settings of an authorization server and client. However, this method can only apply the same security profile to all client requests. Therefore, multiple authorization servers or isolated environments, such as realms of an authorization server, are needed to apply a different security profile. However, this increases managerial costs for the authorization server administration. Moreover, new settings and logic need to be added to an authorization server if the existing client settings are inadequate for applying a security profile, which requires modification of an authorization server's source code. We aims to propose the policy-based method that resolves these problems. The proposed method does not completely rely on the settings of a client and can determine an applied security profile using a policy and the context of the client's request. Therefore, only one authorization server or isolated environment, such as a realm of an authorization server, is required to support multiple different security profiles. Additionally, the proposed method can implement a security profile as a pluggable software module. Thus, the source code of the authorization server need not be modified. The proposed method and Financial-grade application programming interface (FAPI) security profiles were implemented in Keycloak, which is an open-source identity and access management solution, and evaluation scenarios were executed. The results of the evaluation confirmed that the proposed method resolves these problems. The implementation has been contributed to Keycloak, making the proposed method and FAPI security profiles publicly available.
著者
Takashi NORIMATSU Yuichi NAKAMURA Toshihiro YAMAUCHI
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Information and Systems (ISSN:09168532)
巻号頁・発行日
vol.E106.D, no.9, pp.1364-1379, 2023-09-01 (Released:2023-09-01)
参考文献数
67

Two problems occur when an authorization server is utilized for a use case where a different security profile needs to be applied to a unique client request for accessing a distinct type of an API, such as open banking. A security profile can be applied to a client request by using the settings of an authorization server and client. However, this method can only apply the same security profile to all client requests. Therefore, multiple authorization servers or isolated environments, such as realms of an authorization server, are needed to apply a different security profile. However, this increases managerial costs for the authorization server administration. Moreover, new settings and logic need to be added to an authorization server if the existing client settings are inadequate for applying a security profile, which requires modification of an authorization server's source code. We aims to propose the policy-based method that resolves these problems. The proposed method does not completely rely on the settings of a client and can determine an applied security profile using a policy and the context of the client's request. Therefore, only one authorization server or isolated environment, such as a realm of an authorization server, is required to support multiple different security profiles. Additionally, the proposed method can implement a security profile as a pluggable software module. Thus, the source code of the authorization server need not be modified. The proposed method and Financial-grade application programming interface (FAPI) security profiles were implemented in Keycloak, which is an open-source identity and access management solution, and evaluation scenarios were executed. The results of the evaluation confirmed that the proposed method resolves these problems. The implementation has been contributed to Keycloak, making the proposed method and FAPI security profiles publicly available.
著者
Jianquan LIU Shoji NISHIMURA Takuya ARAKI Yuichi NAKAMURA
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E100-A, no.2, pp.367-375, 2017-02-01
被引用文献数
3

Similarity search is an important and fundamental problem, and thus widely used in various fields of computer science including multimedia, computer vision, database, information retrieval, etc. Recently, since loitering behavior often leads to abnormal situations, such as pickpocketing and terrorist attacks, its analysis attracts increasing attention from research communities. In this paper, we present AntiLoiter, a loitering discovery system adopting efficient similarity search on surveillance videos. As we know, most of existing systems for loitering analysis, mainly focus on how to detect or identify loiterers by behavior tracking techniques. However, the difficulties of tracking-based methods are known as that their analysis results are heavily influenced by occlusions, overlaps, and shadows. Moreover, tracking-based methods need to track the human appearance continuously. Therefore, existing methods are not readily applied to real-world surveillance cameras due to the appearance discontinuity of criminal loiterers. To solve this problem, we abandon the tracking method, instead, propose AntiLoiter to efficiently discover loiterers based on their frequent appearance patterns in longtime multiple surveillance videos. In AntiLoiter, we propose a novel data structure Luigi that indexes data using only similarity value returned by a corresponding function (e.g., face matching). Luigi is adopted to perform efficient similarity search to realize loitering discovery. We conducted extensive experiments on both synthetic and real surveillance videos to evaluate the efficiency and efficacy of our approach. The experimental results show that our system can find out loitering candidates correctly and outperforms existing method by 100 times in terms of runtime.
著者
Takahide ITO Yuichi NAKAMURA Kazuaki KONDO Espen KNOOP Jonathan ROSSITER
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Information and Systems (ISSN:09168532)
巻号頁・発行日
vol.E103.D, no.11, pp.2314-2322, 2020-11-01 (Released:2020-11-01)
参考文献数
15
被引用文献数
1

This paper introduces a novel skin-stretcher device for gently urging head rotation. The device pulls and/or pushes the skin on the user's neck by using servo motors. The user is induced to rotate his/her head based on the sensation caused by the local stretching of skin. This mechanism informs the user when and how much the head rotation is requested; however it does not force head rotation, i.e., it allows the user to ignore the stimuli and to maintain voluntary movements. We implemented a prototype device and analyzed the performance of the skin stretcher as a human-in-the-loop system. Experimental results define its fundamental characteristics, such as input-output gain, settling time, and other dynamic behaviors. Features are analyzed, for example, input-output gain is stable within the same installation condition, but various between users.
著者
Yuichi Nakamura Yoshiki Sameshima Toshihiro Yamauchi
出版者
一般社団法人 情報処理学会
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.23, no.5, pp.664-672, 2015 (Released:2015-09-15)
参考文献数
31
被引用文献数
3

Security-Enhanced Linux (SELinux) is a useful countermeasure for resisting security threats to embedded systems, because of its effectiveness against zero-day attacks. Furthermore, it can generally mitigate attacks without the application of security patches. However, the combined resource requirements of the SELinux kernel, userland, and the security policy reduce the performance of resource-constrained embedded systems. SELinux requires tuning, and modified code should be provided to the open-source software (OSS) community to receive value from its ecosystem. In this paper, we propose an embedded SELinux with reduced resource requirements, using code modifications that are acceptable to the OSS community. Resource usage is reduced by employing three techniques. First, the Linux kernel is tuned to reduce CPU overhead and memory usage. Second, unnecessary code is removed from userland libraries and commands. Third, security policy size is reduced with a policy-writing tool. To facilitate acceptance by the OSS community, build flags can be used to bypass modified code, such that it will not affect existing features; moreover, side effects of the modified code are carefully measured. Embedded SELinux is evaluated using an evaluation board targeted for M2M gateway, and benchmark results show that its read/write overhead is almost negligible. SELinux's file space requirements are approximately 200Kbytes, and memory usage is approximately 500Kbytes; these account for approximately 1% of the evaluation board's respective flash ROM and RAM capacity . Moreover, the modifications did not result in any adverse side effects. The modified code was submitted to the OSS community along with the evaluation results, and was successfully merged into the community code.
著者
Masahito Sato Satoru Fujita Atushi Saito Yoshio Ikeda Hitoshi Kitazawa Minoru Takahashi Junji Ishiguro Masaaki Okabe Yuichi Nakamura Tsuneo Nagai Hiroshi Watanabe Makoto Kodama Yoshifusa Aizawa
出版者
The Japanese Circulation Society
雑誌
Circulation Journal (ISSN:13469843)
巻号頁・発行日
vol.70, no.8, pp.947-953, 2006 (Released:2006-07-25)
参考文献数
24
被引用文献数
70 91

Background On October 23, 2004, a major earthquake, which registered 6.8 on the Richter scale, occurred in Niigata Prefecture in Japan. Emotional stress is important as a trigger of transient left ventricular apical ballooning (so-called `Takotsubo' cardiomyopathy), but its incidence and clinical profile immediately after a natural disaster have not been fully elucidated. Methods and Results `Takotsubo' cardiomyopathy was diagnosed in 16 patients (1 man, 15 women, mean age 71.5 years) within 1 month after the earthquake. Of them, 13 (81%) lived in areas where the Japan Meteorological Agency seismic intensity scale registered 6 or above, and 11 (69%) developed symptoms on the day of the earthquake. The incidence of `Takotsubo' cardiomyopathy 1 month after the earthquake was approximately 24-fold higher near the epicenter than that before the earthquake. Conclusion `Takotsubo' cardiomyopathy can occur on the day of the earthquake in elderly women living near the epicenter. (Circ J 2006; 70: 947 - 953)