Tadashi Kaji

A conformance testing for communication protocols modeled as a set of DFSMs with common inputs

In this paper, we propose an effective conformance testing method for a subclass of protocols modeled as a set of DFSMs. The number of test cases in the proposed method is only proportional to the sum of those of states and transitions in a given set of DFSMs. In our method, we find a characterization set for each DFSM, which is used to test the DFSM alone in WP-method, and the union of the characterization sets is used as a characterization set for the total system. For a set of DFSMs with common inputs, there may exist two or more tuples of states that have correct responses against a given characterization set. So, in order to identify each state s in a DFSM, we find a characterization set with some specific properties. Then we select a suitable tuple of states containing the state s, and identify the state s by checking their response to the characterization set.

Development of Hi-Speed X.509 Certification Path Validation System

A hi-speed system to execute certification path validation of the X.509 Certificate was developed. The algorithm used not only certificates and certificate revocation information but also certification path information as cached information in order to speed up transactions. The effect of it was confirmed by the performance experiment of the certification path validation system in test and real environment.

Development of qualification of security status suitable for cloud computing system

Cloud services have recently been expanding rapidly, but business users are still in the minority compared with consumer users. From the viewpoint of organizational risk management, it is necessary to control the risks of the cloud computing environment used as part of an organizations information system in order to minimize any negative influence on the organizations mission or business processes. In a previous article, the authors divided cloud security metrics into two security levels. One level shows how the security metrics influence the mission or business processes in 27 dimensions. The other level shows the security status at the time and the influence range when an incident occurs. This article focuses the latter variable security level and describes the results of developing a cloud security visualization system that was designed based on collection, analysis, and visualization architecture to calculate the level. From the viewpoint of security risk management, the system is considerered to be effective for cloud service providers because it reduces the time needed to investigate the cause of incidents and to recover from them, it helps in triage assessment when many incidents happen simultaneously, and it can detect warnings of an incident and forestall such incidents before they occur.

A Proposal of TLS Implementation for Cross Certification Model

Today, TLS is widely used for achieving a secure communication system. And TLS is used PKI for server authentication and/or client authentication. However, its PKI environment, which is called as “multiple trust anchors environment,” causes the problem that the verifier has to maintain huge number of CA certificates in the ubiquitous network because the increase of terminals connected to the network brings the increase of CAs. However, most of terminals in the ubiquitous network will not have enough memory to hold such huge number of CA certificates. Therefore, another PKI environment, “cross certification environment”, is useful for the ubiquitous network. But, because current TLS is designed for the multiple trust anchors model, TLS cannot work efficiently on the cross-certification model. This paper proposes a TLS implementation method to support the cross certification model efficiently. Our proposal reduces the size of exchanged messages between the TLS client and the TLS server during the handshake process. Therefore, our proposal is suitable for implementing TLS in the terminals that do not have enough computing power and memory in ubiquitous network.