データの格納および管理の手段として，RDBに代わり，高速に大量のデータを処理でき，分散化の容易なNoSQLデータベースが用いられてきている．しかしデータ構造や操作言語の違いから，システム移行は容易ではない．そこで本研究では，文を入力にとり，等価なNoSQLの問い合わせ文を出力する変換プログラムを作成した．対応するNoSQLはMongoDBとHBaseとし，実装において文の解析および言語間のコード断片の対応付けを行った．評価実験の結果，32例の文のうち，13例でMongoDB，9例でHBaseの問い合わせ文を生成できた．

抄録全体を表示

Embedded

inserts statements into the host programming language and executes them at program run time. injection is a known attack technique; however, detection techniques are not introduced in embedded . This paper introduces a technique based on candidate code generation that can detect injection vulnerability in the C/C++ host programming language.

抄録全体を表示

関係データベースの問合わせ言語に対して、本研究室では、演習者が書きこんだコマンドをデータベース上で実行する、演習システムをPHP5、PostgreSQL8.4という環境の下で開発した。開発された演習システムは本大学情報工学科の講義で利用され、一定の学習効果が得られている。 本論文では、用意された演習問題を全て解いた学生のために、演習者が自由にテーブルデータを登録してを実行できる、自由演習フォームの拡張を行っている。さらに、自由演習フォームのWebAPI化を行うことで、様々な学習サイトでの動作を確認することを可能としている

抄録全体を表示

An injection attack is one of the most serious security threats to web applications. It allows an attacker to access the underlying database and execute arbitrary commands, which may lead to sensitive information disclosure. The primary way to prevent injection attacks is to sanitize the user-supplied input. However, this is usually performed manually by developers and so is a laborious and error-prone task. Although security tools assist the developers in verifying the security of their web applications, they often generate a number of false positives/negatives. In this paper, we present our technique called Sania, which performs efficient and precise penetration testing by dynamically generating effective attacks through investigating queries. Since Sania is designed to be used in the development phase of web applications, it can intercept queries. By analyzing the queries, Sania automatically generates precise attacks and assesses the security according to the context of the potentially vulnerable slots in the queries. We evaluated our technique using real-world web applications and found that our solution is efficient. Sania generated more accurate attacks and less false positives than popular web application vulnerability scanners. We also found previously unknown vulnerabilities in a commercial product that was just about to be released and in open-source web applications.

抄録全体を表示

An injection attack is one of the most serious security threats to web applications. It allows an attacker to access the underlying database and execute arbitrary commands, which may lead to sensitive information disclosure. The primary way to prevent injection attacks is to sanitize the user-supplied input. However, this is usually performed manually by developers and so is a laborious and error-prone task. Although security tools assist the developers in verifying the security of their web applications, they often generate a number of false positives/negatives. In this paper, we present our technique called Sania, which performs efficient and precise penetration testing by dynamically generating effective attacks through investigating queries. Since Sania is designed to be used in the development phase of web applications, it can intercept queries. By analyzing the queries, Sania automatically generates precise attacks and assesses the security according to the context of the potentially vulnerable slots in the queries. We evaluated our technique using real-world web applications and found that our solution is efficient. Sania generated more accurate attacks and less false positives than popular web application vulnerability scanners. We also found previously unknown vulnerabilities in a commercial product that was just about to be released and in open-source web applications.

抄録全体を表示

Thinking process development diagram is a graphical expression from which readers can easily find not only the hierarchy of a given problem but the relationship between the problem and the solution. Although that has been developed as an idea creation support tool in the field of mechanical design, we referred to the restricted version as clamshell diagram to attempt to apply to other fields. In this paper we propose the framework for drawing the diagram of the statement. The basic idea is to supply the hierarchical code fragments of a given statement in the left side of the diagram and to put the meaning written in a natural language in the right. To verify the usefulness of the diagram expression, we actually drew several clamshell diagrams. For three statements that are derived from the same specification, the resulting diagrams enable us to understand the difference visually.

抄録全体を表示

本研究室では、関係データベース問い合わせ言語である「 言語」習得のために 演習システムを開発し、本大学情報工学科の講義で利用され、一定の学習効果も得られている。しかし、既存の演習システムではselectというコマンドしか実行できない。また、演習者が実行したコマンドが間違いだった場合、データベースシステムはエラー文を返すが、初心者にはどうして間違ったのか理解しづらいといった問題が存在する。そこで本発表では、実行可能なコマンドの増加によるシステムの機能強化と、エラー文の簡易化や、演習者が打ち込んだ文の全角スペースから半角スペースへの自動変換など、ユーザビリティの向上を行っている。

抄録全体を表示

近年,これまでの規格開発の努力により,多数のSTEP規格が誕生してきた.しかし,STEP規格においては,EXPRESS言語による記述が必須となっており,STEP規格によるデータベース実装の妨げになっている.そこで本研究では,EXPRESS-UMLモデル変換ツールによってEXPRESSモデルからUMLモデルを作成し,データベースを実装する方法に関して,例題を通し有効性,問題点などを検討·報告する.

抄録全体を表示

 遺伝的アルゴリズムを用いた看護師勤務表作成支援システムが実用化されつつある．しかし，評価関数が病院によって大きく異なるため，その記述には大変な手間がかかる．われわれは利用者が画面操作により評価関数を生成する手法を開発した．本手法は評価関数をにより記述し，評価関数をプログラム本体から分離することで，プログラムに変更を加えることなく評価関数の追加を行うことができる．による記述においては，入れ子構造や自己結合の記述方法を組み合わせることで評価関数を記述可能とした．また，の習得は利用者である看護師には困難であるので，画面操作によりを生成する手法を開発した．本手法により，利用者はを意識することなく評価関数を生成できることを示した．

抄録全体を表示

Web application second-order vulnerabilities first inject malicious code into the persistent data stores of the web server and then execute it at later sensitive operations, causing severe impact. Nevertheless, the dynamic features, the complex data propagation, and the inter-state dependencies bring many challenges in discovering such vulnerabilities. To address these challenges, we propose DISOV, a web application property graph (WAPG) based method to discover second-order vulnerabilities. Specifically, DISOV first constructs WAPG to represent data propagation and inter-state dependencies of the web application, which can be further leveraged to find the potential second-order vulnerabilities paths. Then, it leverages fuzz testing to verify the potential vulnerabilities paths. To verify the effectiveness of DISOV, we tested it in 13 popular web applications in real-world and compared with Black Widow, the state-of-the-art web vulnerability scanner. DISOV discovered 43 second-order vulnerabilities, including 23 second-order XSS vulnerabilities, 3 second-order

injection vulnerabilities, and 17 second-order RCE vulnerabilities. While Black Widow only discovered 18 second-order XSS vulnerabilities, with none second-order injection vulnerability and second-order RCE vulnerability. In addition, DISOV has found 12 0-day second-order vulnerabilities, demonstrating its effectiveness in practice.

抄録全体を表示

 時制データベースと呼ばれる時間を特別な操作で扱うデータベースは，医療情報処理においても取り組むべき分野のひとつと考えるが，具体的な適用例は少ない．そこで，本研究ではATSQL 2とその実装であるTimeDBを使用し，医療情報処理へのリレーショナル型の時制データベースの技術面での適用課題について考察した．まず，ATSQL 2を例に時制データベースとその操作言語を説明した．次にTimeDBを使用し，臨床分野における具体的な時区間操作の例を示し，-92とATSQL 2の表現能力を比較した．次に，(1)ATSQL 2の3種類のセマンティクス，(2)時制に付加される暗黙の属性，(3)ATSQL 2の実装であるTimeDBの問題点を述べた．ATSQL 2を-92と混在した環境で使用する場合，セマンティクスの面と実装面で解決すべき課題があることを指摘した．

抄録全体を表示

Recently, a graph labeling technique based on prime numbers has been suggested for reducing the costly transitive closure computations in RDF query languages. The suggested prime number graph labeling provides the benefit of fast query processing by a simple divisibility test of labels. However, it has an inherent problem that originates with the nature of prime numbers. Since each prime number must be used exclusively, labels can become significantly large. Therefore, in this paper, we introduce a novel optimization technique to effectively reduce the problem of label overflow. The suggested idea is based on graph decomposition. When label overflow occurs, the full graph is divided into several sub-graphs, and nodes in each sub-graph are separately labeled. Through experiments, we also analyze the effectiveness of the graph decomposition optimization, which is evaluated by the number of divisions.

抄録全体を表示

本論文では，光学赤外線天文観測データアーカイブシステムの検索高速化のためにおこなった実験とその結果について報告する．高速撮像観測装置であるTomo-e Gozenや広視野撮像観測装置であるHyper Suprime-Camでは，日々膨大な数の観測データが生成されている．これらの観測データを公開するデータアーカイブシステムでは，データ数の膨大化により検索速度が低下する．我々は，Tomo-e GozenのデータをアーカイブするSMOKA/Tomo-e Gozenシステムのデータベースとその検索用クエリを使って，検索速度の高速化実験をおこなった．具体的には，最適なテーブル分割数とパラレルクエリの設定，SSD上へのテーブルファイルの配置，並びにPostGIS R-tree空間インデックスの効果を検討した．第一と第二の実験ではキャッシュ無効時の実行時間を，第三の実験ではキャッシュ有効時の領域検索の実行時間を短縮できることがわかった．それぞれの実験の実行時間の減少率は最大で83 %，98 %，91 %程度であった．本論文ではこれらの実験の詳細を述べると共に，膨大な数の観測データを有するデータアーカイブシステムに最適なデータベースの設定等について論ずる．

抄録全体を表示

問題解決を行う方法論の中に, 形式的アプローチによる問題解決の方法論の研究があり, データ処理の取り扱いの重要性については "モデル理論によるデータ処理システムの設計 (高木徹)" にて説明が行われるが, 本論ではその実装に焦点を当てる. 実装に際して Z を導入した際の利点を生かし, web 上の情報システムの実装例を行ったことについて説明する.

抄録全体を表示

Traditional XML query processing methods, such as XPath and XQuery, are fragile to changes in the underlying XML structure because path expressions cannot accommodate structural variations that may occur in designing or updating XML data. In this paper, we discuss the problem of processing path-free XML queries in a pure RDBMS. It is ideal to list all possible structural variations of a given path-free XML query, though it is non-trivial to devise an efficient implementation due to the combinatorial explosion of potential structural variations. In addition the problems that RDBMS cannot offer an ideal query plan and efficient XML structural join algorithms also pose a big challenge. We teach RDBMS aware of tree structures by adding XML-specific information, and supply FDs among attributes in an amoeba join to eliminate unfavorable results and achieve a marked reduction in the query space. Dealing with XML query in a pure RDBMS efficiently bridges the gap between XML and relational database. Experiments carried out on Server have proven orders of magnitude improvement over the naïve implementation, demonstrating the feasibility of path-free XML query processing using a pure RDBMS kernel.

抄録全体を表示

Traditional XML query processing methods, such as XPath and XQuery, are fragile to changes in the underlying XML structure because path expressions cannot accommodate structural variations that may occur in designing or updating XML data. In this paper, we discuss the problem of processing path-free XML queries in a pure RDBMS. It is ideal to list all possible structural variations of a given path-free XML query, though it is non-trivial to devise an efficient implementation due to the combinatorial explosion of potential structural variations. In addition the problems that RDBMS cannot offer an ideal query plan and efficient XML structural join algorithms also pose a big challenge. We teach RDBMS aware of tree structures by adding XML-specific information, and supply FDs among attributes in an amoeba join to eliminate unfavorable results and achieve a marked reduction in the query space. Dealing with XML query in a pure RDBMS efficiently bridges the gap between XML and relational database. Experiments carried out on Server have proven orders of magnitude improvement over the naïve implementation, demonstrating the feasibility of path-free XML query processing using a pure RDBMS kernel.

抄録全体を表示

  In order to facilitate the simultaneous search of structural and pharmacological information for drugs, we studied the design of the coding system for pharmacological information.  In this study, pharmacological information was defined as information that describes the nature of principal action, specifically “where and how the drug acts”.  Furthermore, we developed a standardized code generation system for describing such information.  First, in order to describe the drug delivery location, organs and subcellular organelles were assigned hierarchical codes by referring to the hierarchical classification of human anatomy.  Next, drug interacting receptors and their action results were encoded and coupled to the location codes, and procedures for generating pharmacological information codes were developed.  Regarding drug structure information, Cartesian coordinates that describe the planer structure were transformed into sequences of numbers in order to obtain molecular fingerprints, which were then used to generate drug structural information codes.  Drug information was compiled into a database that comprises the two categories of codes (pharmacological/structural codes), and a simultaneous search system was developed that links structural similarity and pharmacological information.  A web-based interface for searching the structural information codes was created, and searches could be performed as expected.

抄録全体を表示

GEOLISデータFD版はGEOLIS (日本地質文献データベース) のデータをフロッピーディスクに収めたもので, 一般に配布されている.この報告では, GEOLISデータFD版を使用してパソコン上にリレーショナルデータベースを作成する過程について述べる.使用したソフトは日本語Unifyである.プログラミング言語を使用せずソフトが提供しているツールを使用して作成した.作成上特に問題になったのはGEOLISを扱う際の, データの正規化とデータベースの論理スキーマである.この報告では作成過程上での解決法の1例をあげている.

抄録全体を表示