Updated on 2022/05/22

写真a

 
YOSHIOKA, Nobukazu
 
Affiliation
Faculty of Science and Engineering, Waseda Research Institute for Science and Engineering
Job title
Senior Researcher(Professor)
Profile

Nobukazu Yoshioka is a researcher at the Waseda University, Japan. Dr. Nobukazu Yoshioka received his B.E degree in Electronic and Information Engineering from Toyama University in 1993. He received his M.E. and Ph.D. degrees in School of Information Science from Japan Advanced Institute of Science and Technology in 1995 and 1998, respectively. From 1998 to 2002, he was with Toshiba Corporation, Japan. From 2002 to 2004 he was a researcher, and from 2004 to 2021, he had been an associate professor of National Institute of Informatics, Japan. Since 2021, he has been a Senior Researcher and a Professor by special appointment of Waseda Research Institute for Science and Engineering, Waseda University, Japan. His research interests include Security and Privacy Software Engineering and Software Engineering for Machine Learning-based Systems. He is a member of the Information Processing Society of Japan (IPSJ), the Institute of Electronics, Information and Communication Engineers (IEICE) and Japan Society for Software Science and Technology (JSSST), the Japanese Society for Artificial Intelligence (JSAI) and IEEE CS. He has been a board member of a SIG of Machine Learning Systems Engineering since 2018, a board member of JSSST from 2011 to 2015 and an auditor of JSSST since 2017. He is a chair of IEEE CS Japan Chapter in 2020.

Degree

  • 博士(情報科学)

Research Experience

  • 2021.05
    -
    Now

    Waseda University   Research Institute for Science and Engineering   Researcher   Senior Researcher/Professor by special appointment

  • 2007.04
    -
    2021.04

    The Graduate University for Advanced Studies

  • 2007.04
    -
    2021.04

    National Institute of Informatics   Associate professor

  • 2004.08
    -
    2007.03

    National Institute of Informatics   Associate Professor in special appointment

  • 2002.01
    -
    2004.07

    National Institute of Informatics

  • 1998.04
    -
    2002.01

    Toshiba Corporation

▼display all

Professional Memberships

  •  
     
     

    IEEE Computer Society

  •  
     
     

    THE JAPANESE SOCIETY FOR ARTIFICIAL INTELLIGENCE

  •  
     
     

    JAPAN SOCIETY FOR SOFTWARE SCIENCE AND TECHNOLOGY

  •  
     
     

    電子情報通信学会

  •  
     
     

    情報処理学会

 

Research Areas

  • Software

Research Interests

  • 機械学習

  • Privacy

  • Software Engineering

  • エージェント

  • 分散システム

  • ミドルウェア

  • 要求分析

  • セキュリティ

▼display all

Papers

  • Abstract security patterns and the design of secure systems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder

    Cybersecurity   5 ( 1 ) 1 - 17  2022.12  [Refereed]

     View Summary

    Abstract

    During the initial stages of software development, the primary goal is to define precise and detailed requirements without concern for software realizations. Security constraints should be introduced then and must be based on the semantic aspects of applications, not on their software architectures, as it is the case in most secure development methodologies. In these stages, we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals, without consideration of implementation details. We can consider the effects of threats on the application assets and try to find ways to stop them. These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns (ASPs), that include only the core functions of these mechanisms, which must be present in every implementation of them. An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy. We describe here the properties of ASPs and present a detailed example. We relate ASPs to each other and to Security Solution Frames, which describe families of related patterns. We show how to include ASPs to secure an application, as well as how to derive concrete patterns from them. Finally, we discuss their practical value, including their use in “security by design” and IoT systems design.

    DOI

  • Traceable Business-to-Safety Analysis Framework for Safety-critical Machine Learning Systems

    Jati H. Husen, Hironori Washizaki, Hnin Thandar Tun, Nobukazu Yoshioka, Hironori Takeuchi, Yoshiaki Fukazawa

    1st Conference on AI Engineering – Software Engineering for AI (CAIN 2022)     1 - 2  2022.06  [Refereed]

  • A New Approach for Machine Learning Security Risk Assessment

    Jun Yajima, Maki Inui, Takanori Oikawa, Fumiyoshi Kasahara, Ikuya Morikawa, Nobukazu Yoshioka

    1st Conference on AI Engineering – Software Engineering for AI (CAIN 2022)     1 - 2  2022.05  [Refereed]

  • 開発エンジニア向け機械学習セキュリティ脅威分析技術

    矢嶋純, 及川孝徳, 森川郁也, 笠原史禎, 乾真季, 吉岡信和

    2022年 暗号と情報セキュリティシンポジウム(SCIS2022)     1 - 8  2022.01

  • Literature Review on Log Anomaly Detection Approaches Utilizing Online Parsing Methodology

    Scott Lupton, Hironori Washizaki, Nobukazu Yoshioka, Yoshiaki Fukazawa

    2021 28th Asia-Pacific Software Engineering Conference (APSEC)     1 - 5  2021.12  [Refereed]

    DOI

  • Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST)

    Tomoko Kaneko, Nobukazu Yoshioka, Ryoichi Sasaki

    The 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS 2021)    2021.12  [Refereed]

  • 並列イベントを含む業務プロセスの伝票突合せアセスメント手法の提案

    河本高文, 二木厚吉, 吉岡信和

    コンピュータセキュリティシンポジウム 2021    2021.10

  • Enterprise Architecture based Representation of Architecture and Design Patterns for Machine Learning Systems

    Hironori Takeuchi, Takuo Doi, Hironori Washizaki, Satoshi Okuda, Nobukazu Yoshioka

    The 13th Workshop on Service oriented Enterprise Architecture for Enterprise Engineering (SOEA4EE)     1 - 6  2021.10  [Refereed]

  • 伝票突合せアセスメント手法の業務プロセスへの適用事例研究

    河本高文, 二木厚吉, 吉岡信和

    情報処理学会論文誌   62 ( 9 ) 1449 - 1510  2021.10

  • Online Log Parsing: Preliminary Literature Review

    Scott Lupton, Hironori Washizaki, Nobukazu Yoshioka, Yoshiaki Fukazawa

    The 32nd International Symposium on Software Reliability Engineering (ISSRE 2021)     1 - 2  2021.10  [Refereed]

  • Goal-Oriented Machine Learning-Based Component Development Process

    Jati H. Husen, Hnin Thandar Tun, Nobukazu Yoshioka, Hironori Washizaki, Yoshiaki Fukazawa

    ACM/IEEE 24th International Conference on Model Driven Engineering Languages and Systems (MODELS)     1 - 2  2021.10  [Refereed]

  • Software Engineering Patterns for Machine Learning Applications (SEP4MLA) – Part 3 – Data Processing Architectures

    Jomphon Runpakprakun, Sien Reeve, Ordonez Peralta, Hironori Washizaki, Foutse Khomh, Yann-Gael Gueheneuc, Nobukazu Yoshioka, Yoshiaki Fukazawa

    28th Conference on Pattern Languages of Programs (PLoP 2021)     1 - 11  2021.10  [Refereed]

  • 組込みシステム向け障害解析環境の効率改善

    長野岳彦, 小口琢夫, 吉岡信和, 田原康之, 大須賀昭彦

    第32回コンシューマ・デバイス&システム(CDS)研究会     1 - 8  2021.09

  • KPIツリーを用いた機械学習プロジェクト管理フレームワーク

    浜田伸一郎, 吉岡信和, 内平直志

    日本ソフトウェア科学会第 38 回大会 (2021年度) 論文集     1 - 9  2021.09

  • 機械学習応用システムの要求工学に関する一考察: 要求獲得上の課題特定のセンスメイキング論的アプローチ

    中木裕章, 岸本眞一郎, 吉岡信和, 内平直志

    日本ソフトウェア科学会第 38 回大会 (2021年度) 論文集     1 - 11  2021.09

  • The design of secure IoT applications using patterns: State of the art and directions for research

    Eduardo B. Fernandez, Hironori Washizaki, Nobukazu Yoshioka, Takao Okubo

    Internet of Things   15   1 - 18  2021.09  [Refereed]

    DOI

  • Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques

    Kenta Kanakogi, Hironori Washizaki, Yoshiaki Fukazawa, Shinpei Ogata, Takao Okubo, Takehisa Kato, Hideyuki Kanuka, Atsuo Hazeyama, Nobukazu Yoshioka

    Information   12 ( 8 ) 2078 - 2489  2021.07  [Refereed]

     View Summary

    For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID.

    DOI

  • CSPM

    Tian Xia, Hironori Washizaki, Yoshiaki Fukazawa, Haruhiko Kaiya, Shinpei Ogata, Eduardo B. Fernandez, Takehisa Kato, Hideyuki Kanuka, Takao Okubo, Nobukazu Yoshioka, Atsuo Hazeyama

    International Journal of Systems and Software Security and Protection   12 ( 2 ) 1 - 18  2021.07

     View Summary

    Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies.

    DOI

  • Analysis of IoT Pattern Descriptions

    Hironori Washizaki, Atsuo Hazeyama, Takao Okubo, Hideyuki Kanuka, Shinpei Ogata, Nobukazu Yoshioka

    2021 IEEE/ACM 3rd International Workshop on Software Engineering Research and Practices for the IoT (SERP4IoT)     22 - 26  2021.06  [Refereed]

    DOI

  • Systematic Literature Review of Security Pattern Research

    Hironori Washizaki, Tian Xia, Natsumi Kamata, Yoshiaki Fukazawa, Hideyuki Kanuka, Takehisa Kato, Masayuki Yoshino, Takao Okubo, Shinpei Ogata, Haruhiko Kaiya, Atsuo Hazeyama, Takafumi Tanaka, Nobukazu Yoshioka, G Priyalakshmi

    MDPI   12 ( 1 ) 1 - 32  2021.03  [Refereed]

    DOI

  • CSPM: Metamodel for Handling Security and Privacy Knowledge in Cloud Service Development

    Tian Xia, Hironori Washizaki, Yoshiaki Fukazawa, Haruhiko Kaiya, Shinpei Ogata, Eduardo B. Fernandez, Takehisa Kato, Hideyuki Kanuka, Takao Okubo, Nobukazu Yoshioka, Atsuo Hazeyama

    International Journal of Systems and Software Security and Protection   12 ( 2 ) 1 - 18  2021.01  [Refereed]

     View Summary

    Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies.

    DOI

  • DeepPatch: Interactive repair of object detection

    Junji Hashimoto, Nobukazu Yoshioka

    2nd International Workshop on Machine Learning Systems Engineering​ (iMLSE 2020)     1 - 2  2020.12  [Refereed]

  • A Study on Classification and Integration of Research on both AI and Security in the IoT Era

    Ryoichi Sasaki, Tomoko Kaneko, Nobukazu Yoshioka

    11th International Conference on Information Science and Applications (ICISA2020)     1 - 10  2020.12  [Refereed]

  • STAMP S&S: Safety & Security Scenario for Specification and Standard in the society of AI/IoT

    Tomoko Kaneko, Nobukazu Yoshioka, Ryoichi Sasaki

    2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)     168 - 175  2020.12  [Refereed]

    DOI

  • 伝票突合せアセスメント手法の業務プロセスへの適用事例研究

    河本高文, 二木厚吉, 吉岡信和

    コンピュータセキュリティシンポジウム 2020     1 - 8  2020.10

  • システム理論に基づく事故分析手法CASTによる情報セキュリティ・インシデント分析

    金子朋子, 高橋雄志, 吉岡信和, 佐々木良一

    コンピュータセキュリティシンポジウム 2020     1 - 6  2020.10

  • A five-layer model for analyses of complex socio-technical systems

    Tomoko Kaneko, Nobukazu Yoshioka

    the 27nd Conference on Pattern Languages of Programs Conference 2020 (PLoP 2020)     1 - 26  2020.10  [Refereed]

  • Landscape of Architecture and Design Patterns for IoT Systems

    Hironori Washizaki, Shinpei Ogata, Atsuo Hazeyama, Takao Okubo, Eduardo B. Fernandez, Nobukazu Yoshioka

    IEEE Internet of Things Journal   7 ( 10 ) 10091 - 10101  2020.10  [Refereed]

    DOI

  • 機械学習システム全体としての安全性確保の提案

    金子朋子, 髙橋雄志, 吉岡信和

    電子情報通信学会技術研究報告 知能ソフトウェア工学   120 ( 170 ) 25 - 30  2020.09

  • A Tool to Manage Traceability on Several Models and Its Use Case

    Haruhiko Kaiya, Shogo Tatsui, Atsuo Hazeyama, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki

    24th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES2020)   176   1449 - 1458  2020.09  [Refereed]

    DOI

  • イベント割込みによる業務プロセスの伝票不整合リスク改善手法

    河本高文, 二木厚吉, 吉岡信和

    情報処理学会論文誌   61 ( 9 ) 1486 - 1494  2020.09  [Refereed]

  • Experimental Evaluation of Traceability Checking Tool for Goal Dependency Modeling

    Haruhiko Kaiya, Wataru Fujita, Ryotaro Yamada, Atsuo Hazeyama, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki

    13th International Joint Conference on Knowledge-Based Software Engineering (JCKBSE 2020)     70 - 83  2020.08  [Refereed]

    DOI

  • STAMP S&S: Layered Modeling for the Complexed System in the Society of AI/IoT

    Tomoko Kaneko, Nobukazu Yoshioka

    13th International Joint Conference on Knowledge-Based Software Engineering (JCKBSE 2020)     122 - 131  2020.08  [Refereed]

    DOI

  • Smart SE: Smart Systems and Services Innovative Professional Education Program

    Hironori Washizaki, Kenji Tei, Kazunori Ueda, Hayato Yamana, Yoshiaki Fukazawa, Shinichi Honiden, Shoichi Okazaki, Nobukazu Yoshioka, Naoshi Uchihira

    2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)    2020.07

    DOI

  • A Method for Assessing the Reliability of Business Processes that Reflects Transaction Documents Checking for each Department

    Takafumi Komoto, Kokichi Futatsugi, Nobukazu Yoshioka

    2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)     1758 - 1763  2020.07  [Refereed]

    DOI

  • Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

    Faeq Rimawi, Liliana Pasquale, Deepak Mehta, Nobukazu Yoshioka, Bashar Nuseibeh

    IEEE Transactions on Software Engineering     1 - 12  2020.03  [Refereed]

  • Towards A Knowledge Base for Software Developers to Choose Suitable Traceability Techniques

    Haruhiko Kaiya, Atsuo Hazeyama, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki

    Procedia Computer Science   159   1075 - 1084  2019.09  [Refereed]

    DOI

  • A System for Seamlessly Supporting from Security Requirements Analysis to Security Design using a Software Security Knowledge Base

    Atsuo Hazeyama, Hikaru Miyahara, Takafumi Tanaka, Hironori Washizaki, Haruhiko Kaiya, Takao Okubo, Nobukazu Yoshioka

    The 6th International Workshop on The Evolving Security and Privacy Requirements Engineering (ESPRE 2019)     134 - 140  2019.09  [Refereed]

  • 業務プロセスの伝票不整合リスクの改善手法

    河本高文, 二木厚吉, 吉岡 信和

    情報処理学会論文誌   60 ( 9 ) 1500 - 1508  2019.09  [Refereed]

  • How do Engineers Perceive Difficulties in Engineering of Machine-Learning Systems? - Questionnaire Survey

    Fuyuki Ishikawa, Nobukazu Yoshioka

    Joint International Workshop on Conducting Empirical Studies in Industry and 6th International Workshop on Software Engineering Research and Industrial Practice (CESSER-IP 2019) at The 41st ACM/IEEE International Conference on Software Engineering (ICSE 2     2 - 9  2019.05  [Refereed]

  • Landscape of IoT Patterns.

    Hironori Washizaki, Nobukazu Yoshioka, Atsuo Hazeyama, Takehisa Kato, Haruhiko Kaiya, Shinpei Ogata, Takao Okubo, Eduardo B. Fernández

    CoRR   abs/1902.09718  2019

  • Designing Secure Software by Testing Application of Security Patterns

    Takanori Kobashi, Hironori Washizaki, Nobukazu Yoshioka, Haruhiko Kaiya, Takao Okubo, Yoshiaki Fukazawa

    Exploring Security in Software Architecture and Design   - 34  2019  [Refereed]

    DOI

  • Landscape of IoT patterns.

    Hironori Washizaki, Nobukazu Yoshioka, Atsuo Hazeyama, Takehisa Kato, Haruhiko Kaiya, Shinpei Ogata, Takao Okubo, Eduardo B. Fernández

    Proceedings of the 1st International Workshop on Software Engineering Research & Practices for the Internet of Things, SERP4IoT@ICSE 2019, Montreal, QC, Canada, May 27, 2019.     57 - 60  2019  [Refereed]

  • Restructuring Attack Trees to Identify Incorrect or Missing Relationships between Nodes

    Hua Cai, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Restructuring Attack Trees to Identify Incorrect or Missing Relationships between Nodes     1 - 8  2018.12  [Refereed]

  • Taxonomy and Literature Survey of Security Pattern Research

    Hironori Washizaki, Tian Xia, Natsumi Kamata, Yoshiaki Fukazawa, Hideyuki Kanuka, Dan Yamamoto, Masayuki Yoshino, Takao Okubo, Shinpei Ogata, Haruhiko Kaiya, Takehisa Kato, Takafumi Tanaka, Atsuo Hazeyama, Nobukazu Yoshioka, G Priyalakshmi

    AINS 2018     87 - 92  2018.11  [Refereed]

     View Summary

    Security patterns encapsulate security-related problems and solutions that recur in certain contexts for secure software system development and operations. Almost 500 security patterns have been proposed since the late 1990s. Technical investigations on their applications have advanced implementation, but the direction, overall picture, and significant technical challenges remain unclear. In this study, we propose a taxonomy for security pattern research by conducting a systematic literature review. Over 200 papers are categorized based on the taxonomy. The taxonomy is expected to guide practitioners to choose existing security pattern methods and tools. In addition, the taxonomy and the survey results should support communications among practitioners and researchers, and improve the quality of security pattern research and the effectiveness of security patterns.

  • Taxonomy and Literature Survey of Security Pattern Research

    Hironori Washizaki, Tian Xia, Natsumi Kamata, Yoshiaki Fukazawa, Hideyuki Kanuka, Dan Yamaoto, Masayuki Yoshino, Takao Okubo, Shinpei Ogata, Haruhiko Kaiya, Takehisa Kato, Atsuo Hazeyama, Takafumi Tanaka, Nobukazu Yoshioka, G Priyalakshmi

    IEEE Conference on Applications, Information and Network Security (AINS)     1 - 6  2018.11  [Refereed]

     View Summary

    Security patterns encapsulate security-related problems and solutions that recur in certain contexts for secure software system development and operations. Almost 500 security patterns have been proposed since the late 1990s. Technical investigations on their applications have advanced implementation, but the direction, overall picture, and significant technical challenges remain unclear. In this study, we propose a taxonomy for security pattern research by conducting a systematic literature review. Over 200 papers are categorized based on the taxonomy. The taxonomy is expected to guide practitioners to choose existing security pattern methods and tools. In addition, the taxonomy and the survey results should support communications among practitioners and researchers, and improve the quality of security pattern research and the effectiveness of security patterns.

  • Using Security Patterns to Develop Secure Systems - Ten Years Later

    Eduardo B. Fernandez, Hironori Washizaki, Nobukazu Yoshioka

    International Journal of Systems and Software Security and Protection (IJSSSP)   9 ( 4 ) 1 - 12  2018.10  [Refereed]

  • 業務プロセスの信頼性のアセスメントツール

    河本 高文, 二木 厚吉, 吉岡 信和

    コンピュータセキュリティシンポジウム2017論文集   ( 2 ) 1280 - 1287  2018.10

  • 部門ごとの伝票突合せを反映した業務プロセスの信頼性のアセスメント手法

    河本 高文, 二木 厚吉, 吉岡 信和

    情報処理学会論文誌   59 ( 9 ) 1699 - 1708  2018.09  [Refereed]

  • Evaluating the degree of security of a system built using security patterns

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018)     43:1 - 43:8  2018.08  [Refereed]

  • Security Requirement Modeling Support System Using Software Security Knowledge Base

    Atsuo Hazeyama, Shun'ichi Tanaka, Takafumi Tanaka, Hiroaki Hashiura, Seiji Munetoh, Takao Okubo, Haruhiko Kaiya, Hironori Washizaki, Nobukazu Yoshioka

    2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)     234 - 239  2018.07  [Refereed]

  • 機械学習システムの現状と課題そしてこれからのことを話そう

    吉岡信和, 石川冬樹

    第1回機械学習工学ワークショップ(MLSE2018)論文集     82 - 89  2018.07

  • 機械学習システムがセキュリティに出会うとき

    吉岡 信和

    第1回機械学習工学ワークショップ(MLSE2018)論文集     49 - 53  2018.07

  • An abstract security pattern for Authentication and a derived concrete pattern, the Credential-based Authentication

    EDUARDO B, FERNANDEZ, NOBUKAZU YOSHIOKA, HIRONORI WASHIZAKI, JOSEPH YODER

    7th Asian Conference on Pattern Languages of Programs (AsianPLoP 2018)    2018.03  [Refereed]

  • セキュリティ要求分析・保証の統合手法CC-Caseの有効性評価実験

    金子朋子, 高橋雄志, 勅使河原可海, 吉岡信和, 山本修一郎, 大久保隆夫, 田中英彦

    情報処理学会論文誌:コンシューマ・デバイス&システム   8 ( 1 ) 11 - 19  2018.01  [Refereed]

  • Goal Modeling for Security Problem Matching and Pattern Enforcement

    Yijun Yu, Haruhiko Kaiya, Nobukazu Yoshioka, Zhenjiang Hu, Hironori Washizaki, Yingfei Xiong, Amin Hosseinian-Far

    International Journal of Secure Software Engineering (IJSSE)     1 - 19  2018  [Refereed]  [Invited]

  • Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services

    Tian Xia, Hironori Washizaki, Takehisa Kato, Haruhiko Kaiya, Shinpei Ogata, Eduardo B. Fernandez, Hideyuki Kanuka, Masayuki Yoshino, Dan Yamamoto, Takao Okubo, Nobukazu Yoshioka, Atsuo Hazeyama

    Proceedings of 6th International Conference on Model-Driven Engineering and Software Development (MODELSWARD 2018)     1 - 8  2018.01  [Refereed]

    DOI

  • Eliciting requirements for improving users’ behavior using transparency

    Haruhiko Kaiya, Nobukazu Yoshioka, Hironori Washizaki, Takao Okubo, Atsuo Hazeyama, Shinpei Ogata, Takafumi Tanaka

    Communications in Computer and Information Science   809   41 - 56  2018  [Refereed]

     View Summary

    A software system is developed for satisfying requirements of stakeholders. Each requirement will be never satisfied without the collaboration of several components such as the system, devices and people interacting with them, i.e. users. However, a user does not or cannot always behave toward the other components according to their expectations. For example, a user sometimes makes mistake or even misuse of the system. The system thus has to encourage users to behave according to such expectations as well as possible. In this paper, we propose a method for eliciting software requirements that will improve users’ behavior with respect to the expectations. We rely on transparency, i.e. the open flow of information amongst stakeholders because no one can directly manipulate users but transparency has an influence on users’ behavior. We expect users will voluntarily behave better than ever when the system provides suitable information flows. We represent our method by using KAOS goal modeling notation, and show examples how it works.

    DOI

  • Report on ER 2016

    NAKAGAWA Hiroyuki, KOBAYASHI Tsutomu, HAYASHI Shinpei, YOSHIOKA Nobukazu, UBAYASHI Naoyasu

    Computer Software   34 ( 3 ) 3_75 - 3_80  2017

    DOI CiNii

  • Preliminary Systematic Literature Review of Software and Systems Traceability

    Haruhiko Kaiya, Ryohei Sato, Atsuo Hazeyama, Shinpei Ogata, Takao Okubo, Takafumi Tanaka, Nobukazu Yoshioka, Hironori Washizaki

    Procedia Computer Science   112   1141 - 1150  2017  [Refereed]

     View Summary

    Traceability is important knowledge for improving the artifacts of software and systems and processes related to them. Even in a single system, various kinds of artifacts exist. Various kinds of processes also exist, and each of them relates to different kinds of artifacts. Traceability over them has thus large diversity. In addition, developers in each process have different types of purposes to improve their artifacts and process. Research results in traceability have to be categorized and analyzed so that such a developer can choose one of them to achieve his/her purposes. In this paper, we report on the results of Systematic Literature Review (SLR) related to software and systems traceability. Our SLR is preliminary one because we only analyzed articles in ACM digital library and IEEE computer society digital library. We found several interesting trends in traceability research. For example, researches related to creating or maintaining traceability are larger than those related to using it or thinking its strategy. Various kinds of traceability purposes are addressed or assumed in many researches, but some researches do not specify purposes. Purposes related to changes and updates are dominant.

    DOI

  • Assessing business processes by checking transaction documents for inconsistency risks and a tool for risk assessment

    Takafumi Komoto, Kokichi Futatsugi, Nobukazu Yoshioka

    Lecture Notes in Business Information Processing   275   70 - 82  2017  [Refereed]  [Invited]

     View Summary

    Business processes can be assessed by checking transaction documents for inconsistency risks and can be classified into two categories. Inconsistency refers to a mismatch between items (product name, quantity, unit price, amount price, etc.) among transaction documents. For any process in the first category, the consistency of any pair of transaction documents in the process is checked, and there is no risk of inconsistency. For any process in the second category, the consistency of some pairs of transaction documents in the process cannot be checked, and there is a risk of inconsistency. This paper proposes a method and a tool for the assessment of risk inconsistencies. The assessment can be used to design and evaluate business processes for a company’s internal control over financial reporting. A business process diagram and inconsistency risk detection algorithm for classifying business processes is provided. A BPA-tool (Business Process Assessment tool) is also presented.

    DOI

  • JMOOCおけるプログラミング入門講座の設計及び実施

    古川雅子, 岡本裕子, 吉岡信和, 山地一禎

    2016年度大学ICT推進協議会年次大会   FE23   1 - 4  2016.12

  • Implementation support of security design patterns using test templates

    Masatoshi Yoshizawa, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Information (Switzerland)   7 ( 2 ) 1 - 19  2016.06  [Refereed]

     View Summary

    Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

    DOI

  • Assessing Business Processes by Checking Transaction Documents for Inconsistency Risks

    Takafumi Komoto, Kokichi Futatsugi, Nobukazu Yoshioka

    Proceedings of the sixth International Symposium on Business Modeling and Software Design     39 - 45  2016.06  [Refereed]

  • Modeling and security in cloud ecosystems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Madiha H. Syed

    Future Internet   8 ( 2 ) 1 - 15  2016.04  [Refereed]

     View Summary

    Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them
    forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers
    a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

    DOI

  • 組込み向け進化型ソフトウェアの効率的な拡張性強化手法

    佐々木隆益, 吉岡信和, 田原康之, 大須賀昭彦

    情報処理学会論文誌   57 ( 2 ) 730 - 744  2016.02  [Refereed]

  • A Metamodel for Security and Privacy Knowledge in Cloud Services

    Hironori Washizaki, Sota Fukumoto, Misato Yamamoto, Takehisa Kato, Shinpei Ogata, Haruhiko Kaiya, Eduardo B. Fernandez, Hideyuki Kanuka, Yuki Kondo, Nobukazu Yoshioka, Takao Okubo, Atsuo Hazeyama, Masatoshi Yoshizawa, Yoshiaki Fukazawa

    Proceedings 2016 IEEE World Congress on Services - SERVICES 2016     142 - 143  2016  [Refereed]

     View Summary

    We propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

    DOI

  • Literature Survey on Technologies for Developing Privacy-Aware Software

    Atsuo Hazeyama, Nobukazu Yoshioka, Takao Okubo, Hironori Washizaki, Haruhiko Kaiya

    2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE WORKSHOPS (REW)     86 - 91  2016  [Refereed]

     View Summary

    Software development requires the protection of privacy. However, a body of knowledge does not exist for the development of privacy-aware software. Based on a literature survey, this paper introduces various studies that address knowledge regarding the development of privacy-aware software, and describes the current status and future direction toward building a knowledge base for privacy-aware software development.

    DOI

  • Requirements Analysis for Privacy Protection and Third Party Awareness Using Logging Models

    Haruhiko Kaiya, Nobukazu Yoshioka, Takao Okubo, Hironori Washizaki, Atsuo Hazeyama

    NEW TRENDS IN SOFTWARE METHODOLOGIES, TOOLS AND TECHNIQUES   286   155 - 166  2016  [Refereed]

     View Summary

    An information system can store personal information of its primary users such as shopping histories, and some third party wants or happens to know such information. Because the system usually provides its privacy policy and its users have to give their consent to it, they sometimes have to partially give up the protection of their privacy. On the other hand, a chance of a third party to know such information is too limited if the policy is too defensive. We proposed a method to explore trade-offs between protection of such information and access permissions for a third party, and exemplified it. In this method, operation logs of a system are focused. The structure of each log is then modelled for analysing what kinds of information can be accessed by a third party. Access limitations of each third party are explored so as to balance the protection of privacy information against access right of third parties.

    DOI

  • Reproducible Scientific Computing Environment with Overlay Cloud Architecture.

    Shigetoshi Yokoyama, Yoshinobu Masatani, Tazro Ohta, Osamu Ogasawara, Nobukazu Yoshioka, Kai Liu, Kento Aida

    Proceedings of 9th IEEE International Conference on Cloud Computing (IEEE CLOUD 2016)     774 - 781  2016  [Refereed]

    DOI

  • Security in Cloud Computing and Big Data

    Eduardo Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Madiha Syed

    Journal of Future Internet   8 ( 2 ) 1 - 13  2016  [Refereed]

  • シーケンス図を用いたモデル検査支援ツールcsp-seq

    後藤隼弐, 吉岡信和

    コンピュータソフトウェア   32 ( 4 ) 50 - 73  2015.12  [Refereed]

    DOI

  • Performance Exploring Using Model Checking A Case Study of Hard Disk Drive Cache Function

    Takehiko Nagano, Kazuyoshi Serizawa, Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga

    The Tenth International Conference on Software Engineering Advances (ICSEA 2015)     31 - 39  2015.12  [Refereed]

  • A Method for Efficient Extensibility Improvements in Embedded Software Evolution

    Takanori Sasaki, Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga

    Journal of Software   10 ( 12 ) 1375 - 1388  2015.12  [Refereed]

  • Systematic Mapping of Security Patterns Research

    Yurina Ito, Hironori Washizaki, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Atsuo Hazeyama, Nobukazu Yoshioka, Eduardo B. Fernandez

    Proceedings of the 22nd Conference on Pattern Languages of Programs Conference 2015 (PLoP 2015)    2015.10  [Refereed]

  • Finding Potential Threats in Several Security Targets for Eliciting Security Requirements

    Haruhiko Kaiya, Shinpei Ogata, Shinpei Hayashi, Motoshi Saeki, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Atsuo Hazeyama

    10th International Multi-Conference on Computing in the Global Information Technology (ICCGI 2015)     83 - 92  2015.10  [Refereed]

  • 業務プロセスの品質の判定法

    河本高文, 二木厚吉, 吉岡信和

    情報処理学会論文誌   56 ( 9 ) 1794 - 1800  2015.09  [Refereed]

  • Method Using Command Abstraction Library for Iterative Testing Security of Web Application

    Seiji Muneto, Noukazu Yoshioka

    International Journal of Secure Software Engineering (IJSSE)   6 ( 3 ) 26 - 49  2015.07  [Refereed]

  • Keys and Roles of Formal Methods Education for Industry: 10 Year Experience with Top SE Program

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yoshinori Tanabe

    Proceedings of the First Workshop on Formal Methods in Software Engineering Education and Training (FMSEE&T '15)     35 - 42  2015.06  [Refereed]

  • Bioinformatics Pipelines over Overlay Cloud

    Shigetoshi Yokoyama

    HPCS2015   ( 2015 ) 101 - 101  2015.05  [Refereed]

    CiNii

  • Cloud Access Security Broker (CASB): A pattern for accessing secure cloud services

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    Proceedings of the 4th Asian Conference on Pattern Languages of Programs (AsianPLoP 2015)    2015.03  [Refereed]

  • A Distributed Cloud Architecture for Academic Community Cloud

    Yokoyama, Shigetoshi, Yoshioka, Nobukazu

    CLOUD COMPUTING AND SERVICES SCIENCES, CLOSER 2014   512   169 - 186  2015  [Refereed]

     View Summary

    This study describes a new approach to cloud federation architecture for academic community cloud. Two basic approaches have been proposed to deal with cloud burst, disaster recovery, business continuity, etc., in community clouds: standardization of cloud services and multi-cloud federation. The standardization approach would take time; i.e., it would not be effective until there are enough implementations and deployments following the standard specifications. The federation approach places limitations on the functionalities provided to users; they have to be the greatest common divisor of the clouds' functions. Our approach is "cloud on demand", which means on-demand cloud extension deployments at remote sites for inter-cloud collaborations. Because we can separate the governance of physical resources for cloud deployment and the governance of each cloud by this approach, each organization can have full control on its cloud. We describe how the problems of the previous approaches are solved by the new approach and evaluate a prototype implementation of our approach.

    DOI

  • Patterns for Security and Privacy in Cloud Ecosystems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    2015 IEEE 2ND WORKSHOP ON EVOLVING SECURITY AND PRIVACY REQUIREMENTS ENGINEERING (ESPRE)     13 - 18  2015  [Refereed]

     View Summary

    An ecosystem is the expansion of a software product line architecture to include systems outside the product which interact with the product. We model here the architecture of a cloud-based ecosystem, showing security patterns for its main components. We discuss the value of this type of models.

    DOI

  • A Case-based Management System for Secure Software Development Using Software Security Knowledge

    Masahito Saito, Atsuo Hazeyama, Nobukazu Yoshioka, Takanori Kobashi, Hironori Washizaki, Haruhiko Kaiya, Takao Ohkubo

    KNOWLEDGE-BASED AND INTELLIGENT INFORMATION & ENGINEERING SYSTEMS 19TH ANNUAL CONFERENCE, KES-2015   60   1092 - 1100  2015  [Refereed]  [Invited]

     View Summary

    In recent years, importance on software security technologies has been recognized and various types of technologies have been developed. On the other hand, in spite of recognition of necessity of providing cases that deal with full life cycle for secure software development, only few are reported. This paper describes a case-based management system (CBMS) that consists of an artifact management system and a knowledge-based management system (KBMS) to manage cases for secure software development. The former manages the artifacts created in secure software life cycle. The latter manages software security knowledge. The case-based management system also manages association between artifacts and software security knowledge and supports both visualization among software security knowledge and between artifacts and software security knowledge. We conducted an experiment to evaluate the system. We describe the effectiveness and future work of the system. (C) 2015 The Authors. Published by Elsevier B.V

    DOI

  • Case Base for Secure Software Development Using Software Security Knowledge Base

    Atsuo Hazeyama, Masahito Saito, Nobukazu Yoshioka, Azusa Kumagai, Takanori Kobashi, Hironori Washizaki, Haruhiko Kaiya, Takao Okubo

    IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3     97 - 103  2015  [Refereed]

     View Summary

    The importance of software security technologies has been gaining attention due to the increase in services on the Internet. Various technologies regarding software security have been developed. However, we believe knowledge regarding software security is not integrated; therefore, we have been developing a knowledge base for secure software development. We previously proposed a learning model that associates artifacts created in secure software development with knowledge in the knowledge base as design rationale. However, only a few case studies that addressed a full life cycle for secure software development have been reported. To mitigate this lack in reported case studies, Okubo et al. created a common task regarding software security. In this study, we developed a case base of secure software development whose artifacts are associated with the knowledge base using this common task as a case.

    DOI

  • TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing

    Takanori Kobashi, Masatoshi Yoshizawa, Hironori Washizaki, Yoshiaki Fukazawa, Nobukazu Yoshioka, Takano Okubo, Haruhiko Kaiya

    2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)     1 - 8  2015  [Refereed]

     View Summary

    Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement-or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

    DOI

  • Verifying Implementation of Security Design Patterns Using a Test Template

    Masatoshi Yoshizawa, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    2014 NINTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES)     178 - 183  2015  [Refereed]

     View Summary

    Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the "aspect test template" to observe the internal processing and the "test case template". Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

    DOI

  • モデル検査による設計検証

    吉岡信和, 田辺良則, 田原康之, 長谷川哲夫, 磯部祥尚

    コンピュータソフトウェア   31 ( 4 )  2014.11  [Refereed]  [Invited]

    DOI

  • 業務プロセスの品質の判定法

    河本高文, 二木厚吉, 吉岡信和

    コンピュータセキュリティシンポジウム2014     260 - 267  2014.10

  • アカデミッククラウド実現にむけたクラウド支援サービス

    合田憲人, 山地一禎, 中村素典, 横山重俊, 吉岡信和, 政谷好伸, 西村浩二, 棟朝雅晴

    電子情報通信学会技術研究報告インターネットアーキテクチャ   114 ( 236 ) 1 - 5  2014.09

  • CPU使用率とメモリ帯域使用率を考慮した性能予測手法

    若林昇, 吉岡信和

    研究報告コンシューマ・デバイス&システム   2014-CDS-11 ( 10 ) 1 - 7  2014.08

  • Abstract security patterns for requirements and analysis of secure systems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder

    17th Workshop on Requirements Engineering(WER 2014)    2014.04  [Refereed]

  • Practical application of Cloud Monitoring using a huge Map

    YAZAWA Satoshi, NAKAGAWA Shingo, KANEZASHI Fumiaki, NISHIMURA Kazuhiko, NAGAKU Masaru, YOKOYAMA Shigetoshi, YOSHIOKA Nobukazu

    IEICE technical report. Information and communication management   IEICE-113 ( 492 ) 161 - 165  2014.03

     View Summary

    National Institute of Informatics has developed a private IaaS cloud "edubase Cloud" and a private bare-metal IaaS cloud "Gunnii". Additionally, we have just developed an prototype cloud platform, "Academic InterCloud(AIC)", and run it in trial. Operating such large cloud infrastructure relies on operators experience. A new more efficient approach, therefore, is needed. In this paper, we propose an editable huge "Map" approach and apply it to some practical cases. This paper also describes the future work to make a more efficient map.

    CiNii

  • Patterns for cloud firewalls

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    3rd Asian Conference on Pattern Languages of Programs (AsianPLoP 2014)    2014.03  [Refereed]

  • A Patern Langauge for Academic Cloud Servicres

    Masaru Nagaku, Satoshi Yazawa, Kenjiro Yamanaka, Nobukazu Yoshioka, Shigetoshi Yokoyama

    AsianPLoP    2014.03  [Refereed]

  • On-demand Cloud Architecture for Academic Community Cloud - Another Approach to Inter-cloud Collaboration.

    Shigetoshi Yokoyama, Nobukazu Yoshioka

    4th International Conference on cloud computing and service science     661 - 670  2014  [Refereed]

    DOI

  • Network traffic optimization architecture for scalability in academic inter-cloud computing environments.

    Shigetoshi Yokoyama, Atsushi Matsumoto, Nobukazu Yoshioka

    Network traffic optimization architecture for scalability in academic inter-cloud computing environments", International Workshop on Hot Topics in Cloud service Scalability (HotTopiCS-2014)     1 - 6  2014  [Refereed]

    DOI

  • Security Driven Requirements Refinement and Exploration of Architecture with multiple NFR points of view

    Takao Okubo, Nobukazu Yoshioka, Haruhiko Kaiya

    2014 IEEE 15TH INTERNATIONAL SYMPOSIUM ON HIGH-ASSURANCE SYSTEMS ENGINEERING (HASE)     201 - 205  2014  [Refereed]

     View Summary

    Earlier software architecture design is essential particularly when it comes to security concerns, since security risks, requirements and architectures are all closely interrelated and interacting. We have proposed the security driven twin peaks method with a mutual refinement of the requirements, and architectures. However, there are multiple alternatives to an architecture design for initial requirements, and their choices depend on non-functional requirements (NFRs), such as security, performance, and cost which often largely change. We propose a new method we call TPM-SA2 to avoid any back-track in refinement. Each architectural alternative in TPM-SA2 is refined so that it aligns with the requirements. For each refinement, the requirements can be updated vice versa. TPM-SA2 enables us to predict the impacts on the NFRs by each candidate for the architecture, and choose the most appropriate one with respect to the impact. As a result, we can define the requirements and architectures, and estimated the development costs earlier than ever.

    DOI

  • Validating Security Design Pattern Applications by Testing Design Models

    Takanori Kobashi, Nobukazu Yoshioka, Takao Okubo, Haruhiko Kaiya, Hironori Washizaki, Yoshiaki Fukazawa

    International Journal of Secure Software Engineering (IJSSE)   5 ( 4 ) 1 - 30  2014  [Refereed]

  • Security and Privacy Behavior Definition for Behavior Driven Development

    Takao Okubo, Yoshio Kakizaki, Takanori Kobashi, Hironori Washizaki, Shinpei Ogata, Haruhiko Kaiya, Nobukazu Yoshioka

    PRODUCT-FOCUSED SOFTWARE PROCESS IMPROVEMENT, PROFES 2014   8892   306 - 309  2014  [Refereed]

     View Summary

    There is an issue when security measures are implemented and tested while using agile software development techniques such as Behavior Driven Development (BDD). We need to define the necessary levels of security and the privacy behaviors and acceptance criteria for the BDD. A method for defining the acceptance criteria (BehaveSafe) by creating a threat and countermeasure graph called the T&C graph is proposed in this paper. We have estimated the efficiency of our method with a web based system.

  • Evaluation of Flexibility to Changes Focusing on the Variable Structures in Legacy Software

    Takanori Sasaki, Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga

    KNOWLEDGE-BASED SOFTWARE ENGINEERING, JCKBSE 2014   466   252 - 269  2014  [Refereed]

     View Summary

    Light weight development processes like Agile have emerged in response to rapidly changing market requirements. However such processes are inadequate for software in embedded systems. As embedded software undergoes frequent refactoring, targeting only immediate requirements. As a result maintainability decreases because the system is not designed to respond to changes in the associated hardware. In this paper, we propose a method for detection of variation points and variability mechanisms. We also propose a technique for evaluation of flexibility to changes. Our approach is based on analyses of the call graph and the inheritance structure of source code to identify a layer structure that is specific to embedded software. These techniques provide us with objective and quantitative information about costs of adding functionality. We applied the proposal method to an actual product's code before and after the refactoring and could verify an improvement in system's variability.

    DOI

  • MASG: Advanced misuse case analysis model with assets and security goals

    Takao Okubo, Kenji Taguchi, Haruhiko Kaiya, Nobukazu Yoshioka

    Journal of Information Processing   22 ( 3 ) 536 - 546  2014  [Refereed]

     View Summary

    Misuse case model and its development process are useful and practical for security requirements analysis, but they require expertise especially about security assets and goals. To enable inexperienced requirements analysts to elicit and to analyse security requirements, we present an extension of misuse case model and its development process by incorporating new model elements, assets and security goals. We show its effectiveness from the quantitative and qualitative results of a case study. According to the results, we conclude the extension and its process enable inexperienced analysts to elicit security requirements as well as experienced analysts do. © 2014 Information Processing Society of Japan.

    DOI

  • Security Requirements Analysis Using Knowledge in CAPEC

    Haruhiko Kaiya, Sho Kono, Shinpei Ogata, Takao Okubo, Nobukazu Yoshioka, Hironori Washizaki, Kenji Kaijiri

    ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS   178   343 - 348  2014  [Refereed]

     View Summary

    Because all the requirements analysts are not the experts of security, providing security knowledge automatically is one of the effective means for supporting security requirements elicitation. We propose a method for eliciting security requirements on the basis of Common Attack Patterns Enumeration and Classification (CAPEC). A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of our method. Because technical terms are mainly used in the descriptions in CAPEC and usual phrases are used in the requirements descriptions, there are gaps between them. To bridge the gaps, our method contains a mapping between technical terms and noun phrases called term maps.

    DOI

  • Requirements Refinement and Exploration of Architecture for Security and Other NFRs

    Takao Okubo, Nobukazu Yoshioka, Haruhiko Kaiya

    ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS   178   286 - 298  2014  [Refereed]

     View Summary

    Earlier software architecture design is essential particularly when it comes to security concerns, since security risks, requirements and architectures are all closely interrelated and interacting. We have proposed the security driven twin peaks method with a mutual refinement of the requirements, and architectures. However, there are multiple alternatives to an architecture design for initial requirements, and their choices depend on non-functional requirements (NFRs), such as security, performance, and costs which have a big impact on the quality of the software. We propose a new method called TPM-SA2 to avoid any back-track in refinement. Each architectural alternative in TPM-SA2 is refined so that it aligns with the requirements. For each refinement, the requirements can be updated vice versa. TPM-SA2 enables us to predict the impacts on the NFRs by each candidate for the architecture, and choose the most appropriate one with respect to the impact. As a result, we can define the requirements and architectures, and estimated the development costs earlier than ever.

    DOI

  • Technologies for the Provision of Privacy Preserving Services: 0. Foreword

    YOSHIOKA,Nobukazu, SAKUMA,Jun, TAKENOUCHI,Takao

    IPSJ Magazine   54 ( 11 ) 1104 - 1105  2013.10

  • プライベートプラウド監視ツールの開発に向けた一考察

    谷沢智史, 西村一彦, 長久勝, 横山重俊, 吉岡信和

      113 ( 86 ) 41 - 46  2013.06

  • リスク分析手法とモデル検査を組合せた高信頼設計プロセスの提案

    若林昇, 吉岡信和

      2013-SE-179 ( 34 ) 1 - 7  2013.03

  • アカデミッククラウドアーキテクチャの提案と評価

    横山重俊, 桑田 喜隆, 吉岡信和

    情報処理学会論文誌   54 ( 2 ) 688 - 698  2013.02  [Refereed]

  • Model-assisted access control implementation for code-centric ruby-on-rails web application development

    Seiji Munetoh, Nobukazu Yoshioka

    Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013     350 - 359  2013  [Refereed]

     View Summary

    In a Web application framework suitable for a code-centric development approach, maintaining the faultlessness of the security features is an issue because the security features are dispersed throughout the code during the implementation. In this paper, we propose a method and develop a static verification tool for Web applications that checks the completeness of the security features implementation. The tool generates a navigation model from an application code while retaining the security properties and then checks the consistency of the security properties on the model since access control is relevant to the application behavior. We applied the proposed tool to various Ruby on Rails Web application source codes and then tested their authentication and authorization features. Results showed that the tool is an effective aid in the implementation of security features in code-centric and iterative Web application development. © 2013 IEEE.

    DOI

  • Validating security design patterns application using model testing

    Takanori Kobashi, Nobukazu Yoshioka, Takao Okubo, Haruhiko Kaiya, Hironori Washizaki, Yoshiaki Fukazawa

    Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013     62 - 71  2013  [Refereed]

     View Summary

    Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved. © 2013 IEEE.

    DOI

  • RAILROADMAP: An Agile Security Testing Framework for Web-application Development

    Seiji Munetoh, Nobukazu Yoshioka

    2013 IEEE SIXTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST 2013)     491 - +  2013  [Refereed]

     View Summary

    We propose a model-assisted security testing framework for developing Web applications. We devised a tool called "RailroadMap" that automatically extracts a behavior model from the code base of Ruby-on-Rails. This model provides a unified point of view for analyzing security problems by representing an application's behavior, which includes all security functions and possible attack scenarios.

    DOI

  • Goal-Oriented Security Requirements Analysis for a System Used in Several Different Activities

    Haruhiko Kaiya, Takao Okubo, Nobuyuki Kanaya, Yuji Suzuki, Shinpei Ogata, Kenji Kaijiri, Nobukazu Yoshioka

    ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS (CAISE)   148   478 - 489  2013  [Refereed]

     View Summary

    Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.

    DOI

  • モデルテストによるセキュリティ分析・設計パターンの適用支援

    小橋 孝紀, 大久保 隆夫, 海谷 治彦, 吉岡 信和, 伊永 祥太, 鷲崎 弘宜, 深澤良彰

    コンピュータセキュリティシンポジウム 2012     655 - 662  2012.10

  • Evaluation of Flexibility to Changes Focusing on the Variable Structures in Legacy Software

    Takanori Sasaki, Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga

    Proc. of JCKBSE 2014   2012   171 - 180  2012.08  [Refereed]

  • Analyzing Impacts on Software Enhancement Caused by Security Design

    Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    International Journal of Secure Software Engineering (IJSSE), IGI Global     37 - 61  2012.02  [Refereed]

  • Intercloud Object Storage Service: Colony

    Shigetoshi Yokoyama, Nobukazu Yoshioka, Motonobu Ichimura

    THIRD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING, GRIDS, AND VIRTUALIZATION (CLOUD COMPUTING 2012)     95 - 98  2012  [Refereed]

     View Summary

    Intercloud object storage services are crucial for inter-organization research collaborations that need huge amounts of remotely stored data and machine image. This study introduces a prototype implementation of wide-area distributed object storage services, called colony, and describes a trial of its cloud storage architecture and intercloud storage services for academic clouds.

  • Multilevel Modeling of Physiological Systems and Simulation Platform: PhysioDesigner, Flint and Flint K3 Service.

    Yoshiyuki Asai, Takeshi Abe, Masao Okita, Tomohiro Okuyama, Nobukazu Yoshioka, Shigetoshi Yokoyama, Masaru Nagaku, Kenichi Hagihara, Hiroaki Kitano

    The 12th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT)     215 - 219  2012  [Refereed]

    DOI

  • An Academic Community Cloud Architecture for Science Applications.

    Shigetoshi Yokoyama, Nobukazu Yoshioka

    The 12th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT)     108 - 112  2012  [Refereed]

    DOI

  • Mutual refinement of security requirements and architecture using twin peaks model

    Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Proceedings - International Computer Software and Applications Conference     367 - 372  2012  [Refereed]

     View Summary

    It is difficult to sufficiently specify software security requirements because they depend on a software architecture that has not yet been designed. Although the Twin Peaks model is a reference model to elicit a sufficient amount of software requirements in conjunction with the architectural requirements, it is still unclear how the security requirements can be elicited while taking the architecture into consideration. We propose a novel method to elicit the security requirements with architecture elaboration based on the Twin Peaks model, which is called the Twin Peaks Model application for Security Analysis (TMP-SA). In our method, security countermeasures for attacks are elicited as the security requirements incrementally according to the refinement of the architecture. We can comprehensively explore the alternatives for the countermeasures (security requirements) and choose the most suitable one for each project because we can focus on the architecture-specific security issues as well as architecture-independent security issues. We have applied our method to several applications and discuss its advantages and limitations. We found that our method is suitable for iterative development, and it enables us to find threats caused by architectural issues that are severely difficult to find when analyzing only the requirements issues. © 2012 IEEE.

    DOI

  • Dodai-Deploy: Fast Cluster Deployment Tool.

    Shigetoshi Yokoyama, Nobukazu Yoshioka

    19th International Conference on Web Services (ICWS 2012)     681 - 682  2012  [Refereed]

    DOI

  • edubase cloud: cloud platform for cloud education.

    Shigetoshi Yokoyama, Nobukazu Yoshioka, Takahiro Shida

    First International Workshop on Software Engineering Education based on Real-World Experiences (EduRex 2012)     17 - 20  2012  [Refereed]

    DOI

  • Cloud in a cloud for cloud education.

    Shigetoshi Yokoyama, Nobukazu Yoshioka, Takahiro Shida

    4th International Workshop on Principles of Engineering Service-Oriented Systems (PESOS)     63 - 64  2012  [Refereed]

    DOI

  • Cluster as a Service for Self-Deployable Cloud Applications.

    Shigetoshi Yokoyama, Nobukazu Yoshioka

    Proc. of 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid 2012)     703 - 704  2012  [Refereed]

    DOI

  • System security requirements analysis with answer set programming

    Gideon Bibu, Nobukazu Yoshioka, Julian Padget

    2012 2nd IEEE International Workshop on Requirements Engineering for Systems, Services, and Systems-of-Systems, RESS 2012 - Proceedings     10 - 13  2012  [Refereed]

     View Summary

    The need for early consideration of security during system design and development cannot be over-emphasized, since this allows security features to be properly integrated into the system rather than added as patches later on. A necessary pre-requisite is the elicitation and analysis of the security requirements prior to system design. Existing methods for the security requirements phase, such as attack trees and misuse case analysis, use manual means for analysis, with which it is difficult to validate and analyse system properties exhaustively. We present a computational solution to this problem using an institutional (also called normative) specification to capture the requirements in the InstAL action language, which in turn is implemented in answer set programming (a kind of logic programming language). The result of solving the answer set program with respect to a set of events is a set of traces that capture the evolution of the model over time (as defined by the occurrence of events). Verification is achieved by querying the traces for specific system properties. Using a simple scenario, we show how any state of the system can be verified with respect to the events that brought about that state. We also demonstrate how the same traces enable: (i) identification of possible times and causes of security breaches and (ii) establishment of possible consequences of security violations. © 2012 IEEE.

    DOI

  • Three misuse patterns for cloud computing

    Keiko Hashizume, Nobukazu Yoshioka, Eduardo B. Fernandez

    Security Engineering for Cloud Computing: Approaches and Tools     36 - 53  2012  [Refereed]

     View Summary

    Cloud computing is a new computing model that allows providers to deliver services on demand by means of virtualization. One of the main concerns in cloud computing is security. In particular, the authors describe some attacks in the form of misuse patterns, where a misuse pattern describes how an attack is performed from the point of view of the attacker. Specially, they describe three misuse patterns: Resource Usage Monitoring Inference, Malicious Virtual Machine Creation, and Malicious Virtual Machine Migration Process. © 2013, IGI Global.

    DOI

  • A Framework for Validating Task Assignment in Multiagent Systems Using Requirements Importance

    Hiroyuki Nakagawa, Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    PRINCIPLES AND PRACTICE OF MULTI-AGENT SYSTEMS   7057   443 - +  2012  [Refereed]

     View Summary

    Multi-agent systems (MASs) are one of the effective approaches for dealing with the recent increase in software complexity and their autonomy. In the MAS research community, there has recently been increasing interest in the adoption of requirements engineering techniques to bridge the gap between the system requirements and the system design. One of the most important tasks based on the requirements description in the MAS design activity is the extraction of roles, which are the fundamental components of multi-agent systems, from it. It is also important to comprehend the relative degree of responsibility of the individual roles. The comprehension helps the developer decide the system architecture and discuss the performance and stability of the system. We introduce the concept of importance as a quantitative metric and an evaluation framework for the extraction of a suitable role set for the system and the task assignment to these roles. The importance is propagated from the requirements to the roles through their assigned tasks. We demonstrate the effectiveness of our framework through a case study and show that our metric and evaluation framework help not only to identify the importance of each role, but also to determine the system architecture.

    DOI

  • A Network-aware Object Storage Service

    Yokoyama, Shigetoshi, Yoshioka, Nobukazu, Ichimura, Motonobu

    2012 SC COMPANION: HIGH PERFORMANCE COMPUTING, NETWORKING, STORAGE AND ANALYSIS (SCC)     556 - 561  2012  [Refereed]

     View Summary

    this study describes a trial for establishing a network-aware object storage service. For scientific applications that need huge amounts of remotely stored data, the cloud infrastructure has functionalities to provide a service called 'cluster as a service' and an inter-cloud object storage service. The scientific applications move from locations with constrained resources to locations where they can be executed practically. The inter-cloud object storage service has to be network-aware in order to perform well.

    DOI

  • ゴール指向分析に基づくモデル検査のための外部環境の抽象化手法

    乾道孝, 吉岡信和, 落水浩一郎

    情報処理学会論文誌   52 ( 12 ) 3205 - 3220  2011.12  [Refereed]

  • Survey on Security Software Engineering

    Nobukazu Yoshioka, Takao Okubo, Seiji Munetoh

    Computer Software, Japan Science and Technology Agency   28 ( 3 ) 43 - 60  2011.09  [Refereed]  [Invited]

    DOI

  • AOJS:JavaScriptのためのアスペクト指向プログラミング・フレームワーク

    大橋昭, 久保淳人, 水町友彦, 江口和樹, 村上真一, 高橋竜一, 鷲崎弘宜, 深澤良彰, 鹿糠秀行, 小高敏裕, 杉本信秀, 永井洋一, 山本里枝子, 吉岡信和, 石川冬樹, 碇尚史

    コンピュータソフトウェア   28 ( 3 ) 114 - 131  2011.08  [Refereed]

    DOI

  • A modelling framework to support internal control

    Takafumi Komoto, Kenji Taguchi, Haralambos Mouratidis, Nobukazu Yoshioka, Kokichi Futatsugi

    2011 5th International Conference on Secure Software Integration and Reliability Improvement - Companion, SSIRI-C 2011     187 - 193  2011  [Refereed]

     View Summary

    This paper presents a modelling framework to support Internal Control. The proposed framework is intended to be used for the design and evaluation of internal controls by organisations and their auditors. One component of the framework is a modelling language and the other is a process to establish internal controls. The proposed modelling language is based on Secure Tropos modelling language. It extends Secure Tropos in several ways in order to conceptualize some aspects of internal controls in which organisational structure and relationships between major stakeholders are taken into account. In this paper we describe the proposed framework by presenting an internal control model and show how risks can be analysed in the models according to the proposed process. © 2011 IEEE.

    DOI

  • Two patterns for distributed systems: Enterprise service bus (ESB) and distributed publish/subscribe

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    ACM International Conference Proceeding Series    2011  [Refereed]

     View Summary

    We present two common patterns for distributed systems: Enterprise Service Bus (ESB) and Distributed Publish/Subscribe (P/S). ESB defines a common bus structure that provides basic brokerage functions as well as a set of other appropriate services. The ESB has been used mostly for web services but it can be used for any distributed system. The P/S realizes a system structure where subscribers register to receive events produced by a publisher. The P/S has been described usually in a centralized environment and we emphasize here its distributed nature. These patterns are mainly intended for web services application and distributed systems architects and designers. In those applications, the ESB and the Distributed P/S are architectural units that need to be combined with other architectural units. © Copyright 2011 Carnegie Mellon University.

    DOI

  • An approach to model-based development of secure and reliable systems

    Eduardo B. Fernandez, Hironori Washizaki, Nobukazu Yoshioka, Michael VanHilst

    Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011     260 - 265  2011  [Refereed]

     View Summary

    A good way to obtain secure systems is to build applications in a systematic way where security is an integral part of the lifecycle. The same applies to reliability. If we want a system which is secure and reliable, both security and reliability must be built together. If we build not only applications but also middleware and operating systems in the same way, we can build systems that not only are inherently secure but also can withstand attacks from malicious applications and resist errors. In addition, all security and reliability constraints should be defined in the application level, where their semantics is understood and propagated to the lower levels. The lower levels provide the assurance that the constraints are being followed. In this approach all security constraints are defined at the conceptual or application level. The lower levels just enforce that there are no ways to bypass these constraints. By mapping to a highly secure platform, e.g., one using capabilities, we can produce a very secure system. Our approach is based on security patterns that are mapped through the architectural levels of the system. We make a case for this approach and we present here three aspects to further develop it. These aspects include a metamodel for security requirements, a mapping of models across architectural levels, and considerations about the degree of security of the system. © 2011 IEEE.

    DOI

  • Effective security impact analysis with patterns for software enhancement

    Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

    Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011     527 - 535  2011  [Refereed]

     View Summary

    Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures. © 2011 IEEE.

    DOI

  • IMPULSE: A design framework for multi-agent systems based on model transformation

    Hiroyuki Nakagawa, Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    Proceedings of the ACM Symposium on Applied Computing     1411 - 1418  2011  [Refereed]

     View Summary

    The purpose of this study is to reduce the difficulties encountered when designing multi-agent systems (MAS). Although MAS are one of the more effective approaches for dealing with the recent increase in software complexity, they are themselves difficult to develop. We believe the difficulties in determining agent responsibilities and the organizational structure as the most significant obstacles to MAS development. In this paper, we propose a design framework for MAS, which includes restriction rules in the goal-oriented requirements description and a generator that transforms the restricted requirements description into a general MAS design model. We demonstrate the effectiveness of our framework through a case study and show how the framework can be used to construct MAS design models more precisely than conventional methods permit. © 2011 ACM.

    DOI

  • Edubase cloud: An open-source cloud platform for cloud engineers

    Nobukazu Yoshioka, Shigetoshi Yokoyama, Yoshionori Tanabe, Shinichi Honiden

    Proceedings - International Conference on Software Engineering     73 - 73  2011  [Refereed]

     View Summary

    Education for cloud engineers is crucial in terms of innovation in the development of cloud technologies. We propose a new cloud platform based on open-source software that uses multi-clouds for the education. © 2011 Authors.

    DOI

  • A Framework for Validating Task Assignment in Multi-agent Systems using Requirements Importance (Early Innovation)

    Hiroyuki Nakagawa, Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    The 13th International Conference on Principles and Practice of Multi-Agent Systems     207 - 214  2010.11  [Refereed]

  • Aligning security requirements and security assurance using the common criteria

    Kenji Taguchi, Nobukazu Yoshioka, Takayuki Tobita, Hiroyuki Kaneko

    SSIRI 2010 - 4th IEEE International Conference on Secure Software Integration and Reliability Improvement     69 - 77  2010  [Refereed]  [Invited]

     View Summary

    This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at providing security requirements modelling method for the system development as well as security assurance under the Common Criteria (IEC/ISO 15408), an international standard for security assurance and evaluation for IT products. We will adopt use case diagrams as a basis for this modelling method and extend them based on a meta model derived from the Common Criteria, which includes all relevant security concepts and their relationships for an analysis of security threats. We take Multi Function Peripherals (MFPs) as a working example and demonstrate how our proposed modelling method can effectively elicit/analyze security requirements in this paper. © 2010 IEEE.

    DOI

  • Model-Driven Security Patterns Application Based on Dependences among Patterns

    Yuki Shiroma, Hironori Washizaki, Yoshiaki Fukazawa, Atsuto Kubo, Nobukazu Yoshioka

    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS     555 - 559  2010  [Refereed]

     View Summary

    The spread of open-software services through the Internet increases the importance of security. A security pattern is one of the techniques in which developers utilize security experts' knowledge. Security patterns contain typical solutions about security problems. However there is a possibility that developers may apply security patterns in inappropriate ways due to a lack of consideration on dependencies among patterns. Application techniques of security patterns that consider such dependencies have not been proposed yet. In this paper, we propose an automated application technique of security patterns in model driven software development by defining applications procedures of security patterns to models as model transformation rules with consideration for pattern dependencies. Our technique prevents inappropriate applications such as the application of security patterns to wrong model elements and that in wrong orders. Therefore our technique supports developers apply security patterns to their own models automatically in appropriate ways.

    DOI

  • Measuring the level of security introduced by security patterns

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Michael VanHilst

    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS     565 - 568  2010  [Refereed]

     View Summary

    It is possible to reasonably measure the security quality of individual security patterns. However, more interesting is to ask: Can we show that a system built using security patterns is secure in some sense? We discuss here some issues about evaluating the security of a system built using security patterns. We consider the use of threats and misuse patterns to perform this evaluation.

    DOI

  • Security patterns: Comparing modeling approaches

    Armstrong Nhlabatsi, Arosha Bandara, Shinpei Hayashi, Charles B. Haley, Jan Jurjens, Haruhiko Kaiya, Atsuto Kubo, Robin Laney, Haralambos Mouratidis, Bashar Nuseibeh, Thein T. Tun, Hironori Washizaki, Nobukazu Yoshioka, Yijun Yu

    Software Engineering for Secure Systems: Industrial and Research Perspectives     75 - 111  2010  [Refereed]

     View Summary

    Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns. © 2011, IGI Global.

    DOI

  • Using security patterns to develop secure systems

    E.B. Fernandez, N. Yoshioka, H. Washizaki, J. Jurjens, M. VanHilst, G. Pernul

    Software Engineering for Secure Systems, IGI Global     16 - 31  2010  [Refereed]

    DOI

  • Model-Driven Security Patterns Application Based on Dependences among Patterns

    Yuki Shiroma, Hironori Washizaki, Yoshiaki Fukazawa, Atsuto Kubo, Nobukazu Yoshioka

    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS     555 - 559  2010  [Refereed]

     View Summary

    The spread of open-software services through the Internet increases the importance of security. A security pattern is one of the techniques in which developers utilize security experts' knowledge. Security patterns contain typical solutions about security problems. However there is a possibility that developers may apply security patterns in inappropriate ways due to a lack of consideration on dependencies among patterns. Application techniques of security patterns that consider such dependencies have not been proposed yet. In this paper, we propose an automated application technique of security patterns in model driven software development by defining applications procedures of security patterns to models as model transformation rules with consideration for pattern dependencies. Our technique prevents inappropriate applications such as the application of security patterns to wrong model elements and that in wrong orders. Therefore our technique supports developers apply security patterns to their own models automatically in appropriate ways.

    DOI

  • A worm misuse pattern

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    ACM International Conference Proceeding Series    2010  [Refereed]

     View Summary

    We have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack or misuse is performed (what system units it uses and how)
    it also provides ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and helps analyzing the attack once it has happened by indicating where can we find forensics data as well as what type of data. A catalog of misuse patterns is needed to let designers evaluate their designs with respect to possible threats. We present here a misuse pattern for a generic worm, which describes the essential and typical characteristics of this type of malware. We consider how to stop this malware and we also discuss some examples and variations.

    DOI

  • A security pattern for data integrity in P2P systems

    Benjamin Schleinzer, Nobukazu Yoshioka

    ACM International Conference Proceeding Series    2010  [Refereed]

     View Summary

    Peer-To-Peer-systems (P2P) introduced new methods to distribute large amounts of data to end users. To increase the distribution speed resources from all participating network nodes, the peers, are used, and therefore the workload on own resources decreases. To utilize all peers large data is split into small pieces, so called chunks, and these chunks are distributed among peers therefore making each chunk available on different peers. To identify and find chunks in P2P-systems hash algorithms are used, and each peer is responsible for a specific range of the hash's keyspace and all chunks that fall within this keyspace. With data stored on multiple peers new security risks in terms of confidentiality, integrity, and availability arise. Our security pattern targeted specifically for P2P-systems helps system designers to identify possible threats and show appropriate countermeasures. We show how secure hash algorithms can guarantee the integrity of the distributed data even though chunks are sent to, received from, and stored by multiple, possible untrustworthy, peers.

    DOI

  • パターン間の関係を考慮したセキュリティパターン適用支援

    城間祐輝, 久保淳人, 吉岡信和, 鷲崎弘宣, 深澤良彰

    ソフトウェアエンジニアリング最前線2009     75 - 82  2009.09  [Refereed]

  • Evolution of a course on model checking for practical applications

    Yasuyuki Tahara, Nobukazu Yoshioka, Kenji Taguchi, Toshiaki Aoki, Shinichi Honiden

    SIGCSE Bulletin Inroads   41 ( 2 ) 38 - 44  2009.06  [Refereed]

     View Summary

    Although model checking is expected as a practical formal verification approach for its automatic nature, it still suffers from difficulties in writing the formal descriptions to be verified and applying model checking tools to them effectively. The difficulties are found mainly in grasping the exact system behaviors, representing them in formal languages, and using model checking tools that fit the best to the verification problems. Even capable software developers need extensive education to overcome the difficulties. In this paper, we report our education course of practical applications of model checking in our education project called Top SE. Our approach consists of the following two features. First, we adopt UML as the design specification language and create the descriptions for each specific model checking tool from the UML diagrams, to enable easy practical application of model checking. Second, we build taxonomies of system behaviors, in particular behaviors of concurrent systems that are main targets of model checking. We can organize the knowledge and the techniques of practical model checking according to the taxonomies. The taxonomies are based on several aspects of system behaviors such as synchronization of transitions, synchronization of communications, and modeling of system environments. In addition, we make clear which model checking tools fit which types of systems. We treat the three different model checking tools: SPIN, SMV, and LTSA. Each tool has its specific features that make the tool easier or more difficult to be applied to specific problems than others. In our education course, we explain the taxonomies, the knowledge, and the techniques using very simple examples. We also assign the students exercises to apply the knowledge and the techniques to more complicated problems such as the dining philosopher problem, data copying between a DVD recorder and a hard disk recorder, and the alternating bit protocol.

    DOI

  • Evolution of a course on model checking for practical applications

    Yasuyuki Tahara, Nobukazu Yoshioka, Kenji Taguchi, Toshiaki Aoki, Shinichi Honiden

    SIGCSE Bulletin Inroads   41 ( 2 ) 38 - 44  2009.06  [Refereed]

     View Summary

    Although model checking is expected as a practical formal verification approach for its automatic nature, it still suffers from difficulties in writing the formal descriptions to be verified and applying model checking tools to them effectively. The difficulties are found mainly in grasping the exact system behaviors, representing them in formal languages, and using model checking tools that fit the best to the verification problems. Even capable software developers need extensive education to overcome the difficulties. In this paper, we report our education course of practical applications of model checking in our education project called Top SE. Our approach consists of the following two features. First, we adopt UML as the design specification language and create the descriptions for each specific model checking tool from the UML diagrams, to enable easy practical application of model checking. Second, we build taxonomies of system behaviors, in particular behaviors of concurrent systems that are main targets of model checking. We can organize the knowledge and the techniques of practical model checking according to the taxonomies. The taxonomies are based on several aspects of system behaviors such as synchronization of transitions, synchronization of communications, and modeling of system environments. In addition, we make clear which model checking tools fit which types of systems. We treat the three different model checking tools: SPIN, SMV, and LTSA. Each tool has its specific features that make the tool easier or more difficult to be applied to specific problems than others. In our education course, we explain the taxonomies, the knowledge, and the techniques using very simple examples. We also assign the students exercises to apply the knowledge and the techniques to more complicated problems such as the dining philosopher problem, data copying between a DVD recorder and a hard disk recorder, and the alternating bit protocol.

    DOI

  • 無線センサネットワークにおける複数プログラムの動的配備

    末永 俊一郎, 吉岡 信和, 本位田 真一

    情報処理学会論文誌   50 ( 1 ) 14 - 30  2009.02  [Refereed]

  • Misuse cases + assets + security goals

    Takao Okubo, Kenji Taguchi, Nobukazu Yoshioka

    Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009   3   424 - 429  2009  [Refereed]

     View Summary

    Security is now the most critical feature of any, computing systems. Eliciting and analyzing security requirements, in the early stages of the system development process is highly, recommended to reduce security vulnerabilities which might be, found in the later stages of the system development process. In, order to address this issue, we will propose a new extension, of the misuse case diagram for analyzing and eliciting security, requirements with special focus on assets and security goals. We, will also present the process model in which business requirements, and system requirements related to security features are, separately analyzed and elicited in different phases. This process, model helps us to analyze the requirements related to business, goals in an earlier phase and to the system goals in a later phase, so that any concerns related to them are dealt with separately.We will illustrate our approach with a case study taken from an, accounting software package. © 2009 IEEE.

    DOI

  • Overview of the 3rd international workshop on software patterns and quality (SPAQu'09)

    Hironori Washizaki, Nobukazu Yoshioka, Eduard B. Fernandez, Jan Jurjens

    Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA     713 - 714  2009  [Refereed]

     View Summary

    We will discuss here the theoretical, social, technological and practical issues related to quality aspects of software patterns including security and safety aspects. The workshop will provide the opportunity for bringing together researchers and practitioners, and for discussing the future prospects of this area. As for the workshop format, first, we will have short talks on what software patterns are, and how they are related to quality. Second, we will have accepted position paper presentations to expose the latest researches and practices on software patterns and quality. Finally, we will discuss several topics related to these presentations in small groups. Newcomers, interested researchers and practitioners are free to attend the workshop to facilitate their understandings, researches and practices on software patterns and quality.

    DOI

  • Proceedings of the Third International Workshop on Software Patterns and Quality(SPAQu'09)

    Hironori Washizaki, Nobukazu Yoshioka, Eduardo B.Fernandez, Jan Jurjens(Editors

    Technical Report GRACE-TR-2009-07,GRACE Center,National Institute of Informatics    2009  [Refereed]

  • What top-level software engineers tackle after learning formal methods: Experiences from the top SE project

    Fuyuki Ishikawa, Kenji Taguchi, Nobukazu Yoshioka, Shinichi Honiden

    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)   5846   57 - 71  2009  [Refereed]

     View Summary

    In order to make practical use of formal methods, it is not sufficient for engineers to obtain general, fundamental knowledge of the methods and tools. Actually, it is also necessary for them to carefully consider their own contexts and determine adequate approaches to their own problems. Specifically, engineers need to choose adequate methods and tools, determine their usage strategies, and even customize or extend them for their effective and efficient use. Regarding the point, this paper reports and discusses experiences on education of formal methods in the Top SE program targeting software engineers in the industry. The program involves education of a variety of scientific methods and tools with group exercises on practical problems, allowing students to compare different approaches while understanding common principles. In addition, the program involves graduation studies where each student identifies and tackles their own problems. Statistics on problem settings in the graduation studies provide interesting insights into what top-level engineers tackles after learning formal methods. © 2009 Springer-Verlag Berlin Heidelberg.

    DOI

  • A propose of the Cooperation Support Agent for face-to-face class and e-learning

    Masako Urakami, Seiji Shimizu, Yasukuni Okataku, Nobukazu Yoshioka, Masakazu Ito, Hiroki Iwasaki, Kenshiro Okamura, Masahiro Sugimoto, Tetsuya Sumida, Masayuki Fujii, Yoshinori Mihara, Fumino Yoshidome, Akira Miyamoto

    Proc.The 4th Asian(OCMT-QDU)Cooperative Technology and Education Conference     39 - 43  2009  [Refereed]

  • Group Migration by Mobile Agents in Wireless Sensor Networks

    Shunichiro Suenaga, Nobukazu Yoshioka, Shinichi Honiden

    The Computer Journal    2009  [Refereed]

  • Improving the Classification of Security Patterns

    Hironori Washizaki, Eduardo B. Fernandez, Katsuhisa Maruyama, Atsuto Kubo, Nobukazu Yoshioka

    PROCEEDINGS OF THE 20TH INTERNATIONAL WORKSHOP ON DATABASE AND EXPERT SYSTEMS APPLICATION     165 - +  2009  [Refereed]

     View Summary

    There are a large number of security patterns encapsulating reusable solutions to recurrent security problems. However, catalogs of security patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. There is a need to conduct more precise classifications of security patterns. We analyze here ways to represent security patterns using specialized models for their precise classification. We define two new types of models, one that describes how a security pattern relates to several classification dimensions (Dimension Graph), and another that describes how security patterns relate to each other (Pattern Graphs). We show these ideas with examples from security patterns.

    DOI

  • AOJS: Aspect-Oriented Java Script Programming Framework for Web Development

    Hironori Washizaki, Atsuto Kubo, Tomohiko Mizumachi, Kazuki Eguchi, Yoshiaki Fukazawa, Nobukazu Yoshioka, Hideyuki Kanuka, Toshihiro Kodaka, Nobuhide Sugimoto, Yoichi Nagai, Rieko Yamamoto

    ACP4IS'09: 8TH WORKSHOP ON ASPECTS, COMPONENTS AND PATTERNS FOR INFRASTRUCTURE SOFTWARE     31 - 35  2009  [Refereed]

     View Summary

    Java Script is a popular scripting language that is particularly useful for client-side programming together with HTML/XML on the Web. As Java Script programs become more complex and large, separation of concerns at the implementation level is a significant challenge. Aspect orientation has been a well known concept to realize improved separation; however, existing mechanisms require modifications in the target modules for aspect weaving in Java Script (i.e., not "complete" separation). In this paper, we propose an Aspect-Oriented Java Script framework, named "AOJS", which realizes the complete separation of aspects and other core modules in Java Script. AOJS can specify function executions, variable assignments and file initializations in Java Script programs as the joinpoints of aspects. Moreover, AOJS guarantees the complete separation of aspects and core program modules by adopting a proxy-based architecture for aspect weaving. By utilizing these features, we confirmed that AOJS offers improved modifiability and extendability for Java Script programming.

    DOI

  • Generative Dynamic Deployment of Multiple Components in Wireless Sensor Networks

    Shunichiro Suenaga, Nobukazu Yoshioka, Shinichi Honiden

    WONS 2009: SIXTH INTERNATIONAL CONFERENCE ON WIRELESS ON-DEMAND NETWORK SYSTEMS AND SERVICES     183 - +  2009  [Refereed]

     View Summary

    Wireless sensor networks (WSN) consist of spatially distributed nodes that monitor physical conditions. In the past, most WSNs have been designed with a single specific application in mind. Recent developments however are expanding the applicability of WSNs and are increasing the demand for deploying multiple applications simultaneously. To host multiple applications in a single WSN, current solutions provide mechanisms for components to be dynamically deployed to nodes. However, two issues make the present form of dynamic deployment impractical for applications involving distributed collaboration and the redeployment of multiple distributed components. For one, existing works lack a suitable architecture for cooperation and interaction between components in WSNs. Another problematic aspect is the insufficiency of current methods in efficiently deploying multiple components throughout the network. To address these issues, we propose an architecture based on multiple components that have specific responsibilities in regard to deployment and a generative approach for dynamic deployment of such components.

    DOI

  • Modeling Misuse Patterns

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2     566 - +  2009  [Refereed]

     View Summary

    Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

  • AOJS: アスペクトを完全分離記述可能な JavaScript アスペクト指向プログラミング・ フレームワーク

    久保淳人, 水町友彦, 鷲崎弘宜, 深澤良彰, 鹿糠秀行, 小高敏裕, 杉本信秀, 永井洋一, 山本里枝子, 吉岡信和

    ソフトウェア工学の基礎〈15〉日本ソフトウェア科学会FOSE 2008    2008.11  [Refereed]

  • 診療情報共有のための新しいセキュリティ基盤システムの開発

    山上 浩志他

    医療情報学    2008.11  [Refereed]

  • トップエスイー:ソフトウェア開発におけるトップレベル技術者の育成

    鷲崎弘宜, 田口研治, 吉岡信和, 粂野文洋, 田原康之, 本位田 真一

    Quality One   4   5 - 11  2008.11  [Refereed]

  • Education Course of Practical Model Checking

    Yasuyuki Tahara, Nobukazu Yoshioka, Kenji Taguchi, Toshiaki Aoki, Shinichi Honiden

    First International Workshop on Formal Methods Education and Training, Technical Report GRACE-TR-2008-03   3   33 - 48  2008.10  [Refereed]

  • ユビキタスコンピューティングにおけるアプリケーション開発手法に関する研究動向

    鄭顕志, 中川博之, 川俣洋次郎, 吉岡信和, 深澤良彰, 本位田真一

    コンピュータソフトウェア   25 ( 4 ) 121 - 132  2008.10  [Refereed]

  • 適応エージェントのためのユビキタスコンピューティングミドルウェア

    鄭 顕志, 石川 冬樹, 吉岡 信和, 深澤 良彰, 本位田 真一

    コンピュータソフトウェア   25 ( 4 ) 11 - 19  2008.10  [Refereed]

    DOI

  • ユビキタスコンピューティングにおける分散協調・連携技術の研究動向

    石川 冬樹, 阿部 玲, 高橋 竜一, 吉岡 信和, 深澤 良彰, 本位田 真一

    コンピュータソフトウェア   25 ( 4 ) 133 - 144  2008.10  [Refereed]

  • Transparent Application Lifetime Management in Wireless Sensor Networks

    Eric Platon, Shunichiro Suenaga, Nobukazu Yoshioka, Shinichi Honiden

    the 10th International Conference on Ubiquitous Computing (UbiComp 2008)    2008.09  [Refereed]

  • ユビキタスコンピューティングにおけるイベントに基づいたアクセス制御

    石川 冬樹, 清 雄一, 吉岡 信和, 本位田 真一

    マルチメディア,分散,協調とモバイル(DICOMO2008)シンポジウム 論文集     435 - 438  2008.07  [Refereed]

  • Design and Construction of the Cooperation Support Agent for Face-to-face Class and E-learning

    Masaaki Kunishige, Misako Urakami, Seiji Shimizu, Yasukuni Okataku, Nobukazu Yoshioka

    The 23rd International Technical Conference on Circuits/Systems, Computers and Communications    2008.06  [Refereed]

  • A Survey on Security Patterns

    Nobukazu Yoshioka, Hironori Washizaki, Katsuhisa Maruyama

    Progress in Informatics   5   35 - 47  2008.05  [Refereed]

    DOI

  • Report on the 2nd Workshop on Software Patterns and Quality: (SPAQu'08)

    Hironori Washizaki, Nobukazu Yoshioka, Eduardo B. Fernandez, Jan Ju'rjens

    PLoP08 - 15th Conference on Pattern Languages of Programs, Proceedings    2008  [Refereed]

     View Summary

    We held the 2nd Workshop on Software Patterns and Quality (SPAQu'08) as a focus group of the 15th Conference on Pattern Languages of Programs (PLoP '08), to discuss the theoretical, social, technological and practical issues related to quality aspects of software patterns, including security aspects. In this report we summarize the objectives and results of the workshop. © 2008 is held by the author(s).

    DOI

  • Abstract security patterns

    Eduardo B. Fernandez, Hironori Washizaki, Nobukazu Yoshioka

    PLoP08 - 15th Conference on Pattern Languages of Programs, Proceedings    2008  [Refereed]

     View Summary

    We introduce the concept of "abstract" security patterns that deal with abstract security mechanisms, rather than concrete implementations. We also show an organization of abstract security patterns and concrete ones into hierarchies. © 2008 is held by the author(s).

    DOI

  • Enforcing a security pattern in stakeholder goal models

    Yijun Yu, Haruhiko Kaiya, Hironori Washizaki, Yingfei Xiong, Zhenjiang Hu, Nobukazu Yoshioka

    Proceedings of the ACM Conference on Computer and Communications Security     9 - 13  2008  [Refereed]

     View Summary

    Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements. Copyright 2008 ACM.

    DOI

  • Incorporating database systems into a secure software development methodology

    Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, Hironori Washizaki

    DEXA 2008: 19TH INTERNATIONAL CONFERENCE ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS     310 - +  2008  [Refereed]

     View Summary

    We have proposed in the past three separate methodologies for secure software development. We have found that they have many common and complementary aspects and we proposed a combination of them that appears as a good approach to secure software development. The combined methodology applies security at all stages, considers the architectural levels of the system, applies security policies through the use of patterns, and formalizes some portions of the design. We have studied in some detail how to elicit and describe security requirements, how to reflect these requirements in the conceptual model, how to estimate some performance aspects, how to formalize some aspects such as communication protocols, and how to map the conceptual requirements into design artifacts. A design aspect which we have not studied is the incorporation of databases as part of the secure architecture. The database system is a fundamental aspect for security because it stores the persistent information, which constitutes most of the information assets of the institution. We present here some ideas on how to make sure that the database system has the same level of security than the rest of the secure application.

    DOI

  • Classifying security patterns

    Eduardo B. Fernandez, Hironori Washizaki, Nobukazu Yoshioka, Atsuto Kubo, Yoshiaki Fukazawa

    PROGRESS IN WWW RESEARCH AND DEVELOPMENT, PROCEEDINGS   4976   342 - +  2008  [Refereed]

     View Summary

    Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. In addition to their value for new system design, security patterns are useful to evaluate existing systems. They are also useful to compare security standards and to verify that products comply with some standard. A variety of security patterns has been developed for the construction of secure systems and catalogs of them are appearing. However, catalogs of patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. We discuss here several ways to classify patterns. We show a way to use these classifications through pattern diagrams where a designer can navigate to perform her pattern selection.

    DOI

  • Developing Consistent Contractual Policies in Service Composition

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    The 2007 IEEE Asia-Pacific Services Computing Conference (IEEE APSCC 2007)     527 - 534  2007.12  [Refereed]

    DOI

  • モデル変換に基づく要求記述を利用した形式仕様記述の構築

    中川博之, 吉岡信和, 田口研治, 本位田真一

       2007.11  [Refereed]

  • Agreements and Policies in Cooperative Mobile Agents: Formalization and Implementation

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    The 9th International Symposium on Distributed Objects Middleware and Applications (DOA 2007)     683 - 700  2007.11  [Refereed]

  • ユビキタスコンピューティングにおけるコンテキストのモデル化,管理に関する研究動向

    中村善行, 清家良太, 鄭顕志, 吉岡信和, 深澤良彰, 本位田真一

    合同エージェントワークショップ&シンポジウム2007 (JAWS2007)    2007.10  [Refereed]

  • Errors and Misconceptions in Learning i*

    Toshihiko Tsumaki, Yasuyuki Tahara, Nobukazu Yoshioka, Haruhiko Kaiya, Kenji Taguchi, Shinichi Honiden

    2nd International Workshop on Requirements Engineering Education and Training (REET'07)    2007.10

  • サービス合成における契約ポリシーの決定・検証問題の形式化とその支援

    石川冬樹, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2007 (JAWS2007)    2007.10  [Refereed]

  • 要求の重要度を用いたマルチエージェントシステムの分析モデル検証

    中川博之, 吉岡信和, 本位田真一

    電子情報通信学会論文誌   J90-D ( 9 ) 2281 - 2292  2007.09  [Refereed]  [Invited]

  • Event Calculusに基づく合意を用いたモバイルエージェントの協調

    石川冬樹, 吉岡信和, 本位田真一

    電子情報通信学会論文誌   J90-D ( 9 ) 2349 - 2364  2007.09  [Refereed]  [Invited]

  • IMPULSE: KAOSを利用したマルチエージェントシステムの分析モデル構築

    中川博之, 吉岡信和, 本位田真一

    情報処理学会論文誌処理   48 ( 8 ) 2551 - 2565  2007.08  [Refereed]  [Invited]

  • Policy-based Runtime Partner Management in Process-Based Services

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    2007 IEEE International Conference on Web Services (ICWS 2007)    2007.07  [Refereed]

    DOI

  • トップエスイー教育プログラム

    Shinichi Honiden, Yasuyuki Tahara, Nobukazu Yoshioka, Kenji Taguchi

    In Proc. of 29th International Conferene of Sotware Engineering (ICSE 2007), IEEE CS,     708 - 717  2007.05  [Refereed]  [Invited]

  • "プロセス記述によるサービス合成のパーベイシブコンピューティングへの適用 ,"

    石川 冬樹, 吉岡 信和, 本位田 真一

    情報処理学会論文誌   ( Vol.48 No.4 ) 1785 - 1798  2007.04  [Refereed]  [Invited]

  • セキュリティパターンに基づく安全で効率的な企業間連携システムの設計法

    Nobukazu Yoshioka, Shinichi Honiden, Anthony Finkelstein

    Proc. of The 8th International IEEE Enterprise Distributed Object Computing Conference (EDOC 2004),     84 - 97  2007.04  [Refereed]  [Invited]

  • プロセス記述によるサービス合成のパーベイシブコンピューティングへの適用

    石川 冬樹, 吉岡 信和, 本位田 真一

    情報処理学会論文誌   48 ( 4 ) 1785 - 1798  2007.04  [Refereed]  [Invited]

  • ゴール指向要求工学方法論の共通用語モデルと共通パターン

    田原康之, 長野伸一, 吉岡信和, 本位田真一

    情報処理学会論文誌   48 ( 3 )  2007.03  [Refereed]

  • ユビキタス環境で活躍するエージェント

    吉岡信和, 本位田真一

    情報処理   ( Vol.48,No.3 ) 29 - 35  2007.03  [Refereed]  [Invited]

  • Using security patterns to build secure systems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Jan Jurjens

    Proceedings of the 1st International Workshop on Software Patterns and Quality (SPAQu'07)     47 - 48  2007  [Refereed]

  • 1st international workshop on software patterns and quality (SPAQu'07)

    Hironori Washizaki, Nobukazu Yoshioka

    Proceedings - Asia-Pacific Software Engineering Conference, APSEC     557 - 558  2007

     View Summary

    Although numbers of software pattern catalogues and languages have been published, little is known about quality of patterns, quality by patterns and quality aspects of pattern activities. This workshop seeks to gain an improved understanding on the theoretical, social, technological and practical issues related to quality aspects of patterns including security and safety. © 2007 IEEE.

    DOI

  • Novel Applications in Ubiquitous Computing

    Christian Sommer, Shunichiro Suenaga, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007) 2007年10月29日 合同エージェントワークショップ&シンポジウム2007(JAWS2007)   - suenaga  2007  [Refereed]

  • Top SE: Educating superarchitects who can apply software engineering tools to practical development in Japana

    Shinichi Honiden, Yasuyuki Tahara, Nobukazu Yoshioka, Kenji Taguchi, Hironori Washizaki

    ICSE 2007: 29TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS     708 - +  2007

     View Summary

    This paper discusses the Top SE program established to bridge the industry-academia gap. The program features extensive use of software engineering tools, not only to introduce students to the tools, but also as a conduit for learning the techniques and guidelines needed to apply the tools to practical software development situations. The curriculum is organized around practical problems mainly from the area of digital home appliances and focuses on upper stream software development processes.
    The Top SE program is developed and operated by a close collaboration between industry and academia. We illustrate our discussion with examples from one of the courses, Verification of Design Models, which takes up model checking technologies, including three specific tools: SPIN, SMV, and LTSA.

    DOI

  • Smartive: Agreement-based Mobile Composite Agents for Multimedia Services

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    International Conference on Intelligent Agents Web Technologies and Internet Commerce (IAWTIC 2006)    2006.11  [Refereed]

    DOI

  • Context-awareなコンテンツ流通のためのセキュリティアーキテクチャ

    清雄一, 粂野文洋, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2006 (JAWS2006)    2006.10  [Refereed]  [Invited]

  • Formal Model of Mobile BPEL4WS Process

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    International Journal of Business Process Integration and Management (IJBPIM)   Vol. 1 ( Issue 3 ) 192 - 209  2006.09  [Refereed]

    DOI

  • Service-Oriented and Autonomous Distribution and Provision of Multimedia Contents

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    Poster Track at The 5th International Joint Conference on Autonomous Agents and Multi Agent Systems (AAMAS 2006)     949 - 951  2006.05  [Refereed]

    DOI

  • モバイルエージェントの合意に基づいた協調とサービス管理

    石川 冬樹, 吉岡 信和, 本位田 真一

    合同エージェントワークショップ&シンポジウム2006 (JAWS2006)    2006.03  [Refereed]  [Invited]

  • "コンテンツ流通エージェントのための強化学習メカニズム ," (2006).

    片岡慧, 吉岡信和, 石川冬樹, 鄭顕志, 本位田真一

    合同エージェントワークショップ&シンポジウム2006 (JAWS2006)    2006.03  [Refereed]  [Invited]

  • マルチメディアサービスのためのモバイル合成エージェント:Smartive

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    International Conference on Intelligent Agents, Web Technologies and Internet Commerce (IAWTIC 2006)    2006.03  [Refereed]  [Invited]

  • サービス指向で自律的なマルチメディアコンテンツの流通と提供

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    Proc. of the Fifth International Joint Conference on Autonomous Agents and Multi Agent Systems (AAMAS 2006), ACM     949 - 951  2006.03  [Refereed]  [Invited]

  • ソフトウェア設計に対するモデル駆動型検証プロセス

    長野 伸一, 吉岡 信和, 田原 康之, 本位田 真一

    情報処理学会論文誌   ( vol.47, no.1 ) 193 - 208  2006.03  [Refereed]  [Invited]

  • ゴール指向要求工学の体系化のための共通用語

    田原 康之, 長野 伸一, 吉岡 信和, 本位田 真一

    情報処理学会論文誌   Vol.47 ( No.2 ) 596 - 608  2006.03  [Refereed]  [Invited]

  • エージェント間協調のためのプロトコルを利用したポリシー表現とその監視法の提案

    吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2006 (JAWS2006)    2006.03  [Refereed]  [Invited]

  • Incorporating Agreements on Service Options into BPEL-based Services

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    International Conference on Intelligent Agents Web Technology and Internet Commerce (IAWTIC'2005)     796 - 803  2005.11  [Refereed]

  • Location Scope : A Conceptual Event Modeling for Location-Aware Application Development

    Kazutaka Matsuzaki, Nobukazu Yoshioka, Shinichi Honiden

    2nd International Workshop on Mobility Aware Technologies and Applications, October 17-19, 2005, Montreal, Canada    2005.10  [Refereed]

  • Common Metamodel of Goal-Oriented Requirements Engineering Methodologies

    Yasuyuki Tahara, Shinichi Nagano, Nobukazu Yoshioka, Sshinichi Honiden

    The Third International Workshop on Comparative Evaluation in Requirements Engineering Paris, France August 29, 2005    2005.10  [Refereed]

  • Mobile agent system for Web service integration in pervasive network

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    Systems and Computers in Japan   36 ( 11 ) 34 - 48  2005.10

     View Summary

    Efforts to realize Web service technology for dynamic integration of distributed components have been started. There is also a proposal for a language that describes the integration flow in a platform-independent form. It is expected that Web service integration will be applied not only to the Internet, but also to various environments such as pervasive networks composed of mobile devices with wireless connections. In the latter case, it is necessary to deal with resource saving problems such as those that arise in a relatively low speed and unstable wireless channel. This study applies the mobile agent technique to the above problem and proposes a mobile agent system for Web service integration. In the proposed system, the physical actions of the mobile agents, that is, migration and cloning, are separated from the integration logic, and are represented as rules to be added to the integration flow description. By this separation, the physical behavior can be added or modified according to environmental conditions without modifying the integration flow. © 2005 Wiley Periodicals, Inc.

    DOI

  • A Framework for Synthesis of Web Services and Mobile Agents

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    International Journal of Pervasive Computing and Communications (JPCC)   Vol.1 ( Issue3 ) 227 - 245  2005.09  [Refereed]

  • Developing Service-Oriented Compounds of Cooperative Mobile Agents

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    Workshop on Service-Oriented Computing and Agent-Based Engineering, Utrecht, The Netherlands    2005.07  [Refereed]

  • Agent Synthesis: Partnership and Agreement in Cooperative Mobile Agents

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    The Fourth International Joint Conference on Autonomous Agents and Multi Agent Systems (AAMAS 2005), July 25 to 29, 2005, The Netherlands     1267 - 1268  2005.07  [Refereed]

  • IOM/T : An Interaction Description Language for multi-agent systems

    Takuo DOI, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    The Fourth International Joint Conference on Autonomous Agents and Multi Agent Systems, July 25 to 29, 2005,The Netherlands     778 - 785  2005.07  [Refereed]

  • Framework for Hierarchical Agent Synthesis and Its Multimedia Application

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    SOCABE Workshop at AAMAS2005     1267 - 1268  2005.07  [Refereed]

  • FRAMEWORK FOR HIERARCHICAL MOBILE AGENTS: TOWARD SERVICE-ORIENTED AGENT COMPOUND

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    The 7th International Conference on Enterprise Information Systems (ICEIS-2005)    2005.05  [Refereed]

  • BPELに基づくサービスへのサービスオプションに関する合意の組み込み

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    Web Technology and Internet Commerce (IAWTIC'2005)     796 - 803  2005.03  [Refereed]  [Invited]

  • ユビキタス環境下での柔軟で管理可能なコンテンツの活動

    Kazutaka Matsuzaki, Nobukazu Yoshioka, Shinichi Honiden

    OTM Workshops, LNCS 3762, Springer-Verlag (2005).    2005.03  [Refereed]  [Invited]

  • Webサービスとモバイルエージェントの統合のためのフレームワーク

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    International Journal of Pervasive Computing and Communications (JPCC)   ( Vol.1 Issue3 ) 227 - 245  2005.03  [Refereed]  [Invited]

  • 協調的なモバイルエージェントのサービス指向合成の開発

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    不明    2005.03  [Refereed]  [Invited]

  • MANET上の場所に束縛されたモバイルエージェント

    Kenji Tei, Nobukazu Yoshioka, Yoshiaki Fukazawa, Shinichi Honiden

    不明    2005.03  [Refereed]  [Invited]

  • 階層型エージェント合成のためのフレームワークとそのマルチメディアアプリケーション応用

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    不明    2005.03  [Refereed]  [Invited]

  • インタラクション記述言語: IOM/T

    Takuo Doi, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    不明    2005.03  [Refereed]  [Invited]

  • 階層型に拡張されたモバイルエージェントフレームワークとそのマルチメディアアプリケーション応用

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    7th International Conference on Enterprise Information Systems(ICEIS-2005)    2005.03  [Refereed]  [Invited]

  • 自己制御型コンテンツのポリシーに基づく開発支援手法の提案

    松崎和賢, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2005 (JAWS2005) (2005).    2005.03  [Refereed]  [Invited]

  • サービス指向に基づいたマルチメディアコンテンツの自律的な流通と提供

    石川冬樹, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2005 (JAWS2005) (2005).    2005.03  [Refereed]  [Invited]

  • 契約による設計を用いたインタラクションの実装

    土肥拓生, 吉岡信和, 田原康之, 本位田真一

    合同エージェントワークショップ&シンポジウム2005 (JAWS2005) (2005).    2005.03  [Refereed]  [Invited]

  • Location Scope:ロケーションアウェアソフトウェア開発支援手法の提案

    松崎和賢, 吉岡信和, 本位田真一

    情報処理学会論文誌   ( Vol.46, No.12 ) 2925 - 2939  2005.03  [Refereed]  [Invited]

  • 分散システム開発におけるモデル検査への視覚的支援手法

    田原康之, 吉岡信和, 大須賀昭彦, 本位田真一

    情報処理学会論文誌   ( Vol.46, No.2 ) 459 - 469  2005.03  [Refereed]  [Invited]

  • モバイルエージェントによるバッテリ切れ避難システム:EASTER

    粂野文洋, 金子平祐, 吉岡信和, 深澤良彰, 本位田真一

    電子情報通信学会論文誌   D-I Vol.J88 ( No.9 ) 1388 - 1401  2005.03  [Refereed]  [Invited]

  • 階層構造制御に注目したモバイルエージェントフレームワークとそのマルチメディア応用

    石川 冬樹, 吉岡 信和, 田原 康之, 本位田 真一

    電子情報通信学会論文誌   ( Vol. J88-D-I No.9 ) 1402 - 1417  2005.03  [Refereed]  [Invited]

  • 階層構造制御に注目したモバイルエージェントフレームワークとそのマルチメディア応用

    石川冬樹, 吉岡信和, 田原康之, 本位田真一

    電子情報通信学会論文誌, 「ソフトウェアエージェントとその応用」特集号   VOL.J88-D1 ( No.9 ) 1402  2005.03  [Refereed]  [Invited]

  • インタラクション記述言語IOM/T

    土肥拓生, 吉岡信和, 田原康之, 本位田真一

    電子情報通信学会論文誌 「ソフトウェアエージェントとその応用」特集号   ( VOL.J88-D1, No.9 ) 1299 - 1311  2005.03  [Refereed]  [Invited]

  • ユビキタス情報システムのためのマルチエージェントフレームワーク: Mobeet

    Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden,Mobeet

    LNCS 3508, Springer-Verlag     18 - 35  2005.03  [Refereed]  [Invited]

  • モバイルBPEL4WSプロセスのための形式モデル

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    International Journal of Business Process Integration and Management (IJBPIM).   Vol.1 ( Issue3 )  2005.03  [Refereed]  [Invited]

  • Mobile and cooperative compounds of multimedia services

    F Ishikawa, N Yoshioka, Y Tahara, S Honiden

    2005 IEEE International Conference on Services Computing, Vol 1, Proceedings     129 - 136  2005  [Refereed]

     View Summary

    This work proposes a novel model where multimedia contents with their related services (business processes and functions) are packaged together as mobile agents. This is intended to enable content providers both to encapsulate their contents and to provide value-added services, for flexible content editing, delivery, and presentation. In addition, agents encapsulating contents/services can contain other agents in themselves (synthesis of agents). A mobile agent compound integrating multiple contents/services can be thus dynamically formed, in which multiple agents work cooperatively and migrate together as a unit. This paper also describes our proposed MAFEH/WS framework for the model. Agents in the model can be developed by incorporating simple parameter settings for synthesis control into business process descriptions in BPEL4WS.

  • Flexible and maintainable contents activities in ubiquitous environment

    K Matsuzaki, N Yoshioka, S Honiden

    ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2005: OTM 2005 WORKSHOPS, PROCEEDINGS   3762   14 - 15  2005  [Refereed]

     View Summary

    In future ubiquitous environments, contents (data, movie, text, graphics, etc.) will be more sophisticated and context-aware so that they can enrich user experience. We have proposed the Active Contents (AC) framework, which is based on contents encapsulation with program and aspect definition to allow contents to behave actively. AC can be seen as a software component with several viewpoints of contributors (planner, designer, programmer, etc.). The problem is about maintainability of AC which is modified by the contributors based on their own viewpoints.
    In this position paper, we propose a mechanism to allow such contributors to modify AC with context-aware aspect. In our mechanism, based on location binding analysis for AC, parallel executions to be performed at a sepaxate location axe detected and automatically executed using workflow-aware communication.

    DOI

  • Using mobile agent for location-specific data retrieval in MANET

    K Tei, N Yoshioka, Y Fukazawa, S Honiden

    INTELLIGENCE IN COMMUNICATION SYSTEMS   190   157 - 168  2005  [Refereed]

     View Summary

    Location-specific data retrieval is an attractive application in a Mobile Ad-hoc Network (MANET). Simple solution for it is that an observer retrieves the data by geocasting from an observer node, but its overhead highly depends on location of the observer and the designated region. We propose a mobile agent approach. A mobile agent migrates from the observer node to a node in the designated region, retrieves data from there, and summarizes, filters, and compresses the retrieved data, This data is sent back to the observer, when the observer request. Since the data is retrieved by the mobile agent located near the data Sources, the data retrieval in the mobile agent approach would involve low overhead, even if the observer is far from the target region or moves around. In the MANET, however, even after the first migration; to stay near data Sources, a mobile agent should migrate to another node in response to node movements.. In this paper, we propose the Geographically Bound Mobile Agent (GBMA) which is a mobile agent that migrates to always be located in a designated region. Moreover, to clarify where the GBMA should be located and when the GBMA starts to migrate, we introduce two geographic zones: required zone and expected zone, Compared with the conventional methods with geocast or with a conventional mobile agent, the GBMA with these zones for retrieving location-specific data can reduce the total number of messages.

  • Mobeet: A multi-agent framework for ubiquitous information systems

    N Yoshioka, A Ohsuga, S Honiden

    AGENT-ORIENTED INFORMATION SYSTEMS II   3508   19 - 35  2005

     View Summary

    In recent years, the rapid development of network infrastructure and the spread of terminals capable of network access have made it possible to access networks at any place and at any time. Ubiquitous information systems, in which necessary information can be accessed easily and safely at any place, are becoming an important issue. It is, however, hard to design such distributed systems when the user uses many kinds of terminals and migrates with these. That is, traditional approaches to development of distributed systems have problems when the systems are used in a ubiquitous environment. This paper proposes a new framework for ubiquitous information systems. The framework includes three kinds of agents: User Interface Agents, Programmable Agents and Service Mediation Agents. We can easily design ubiquitous information systems by ensuring that these agents collaborate. In addition, in cases where distributed systems must be implemented on various networks and terminals, it gives a high degree of flexibility to the systems. We also evaluate the framework's flexibility.

  • Geographically bound mobile agent in MANET

    K Tei, N Yoshioka, Y Fukazawa, S Honiden

    PROCEEDINGS OF MOBIQUITOUS 2005     516 - 518  2005  [Refereed]

     View Summary

    A location-specific data retrieval, which is data retrieval from nodes in a designated region at the time, is an attractive application in a Mobile Ad-hon Network (MANET). However, almost all nodes in a MANET are powered by batteries, the location-specific data retrieval should involve a small number of messages. In this paper, we use a mobile agent to retrieve the location-specific data. A mobile agent migrates to a node in a designated region, and retrieves data from nodes in this region. Since, after migration, the agent can communicate with nodes in the designated region through low overhead short length hops, the mobile agent can retrieve data at low message cost for long periods, even if the owner of this agent moves around. However, even after migrating to node in the designated region, in order to stay near this region, a mobile agent should migrate to other nodes in response to the movement of the node hosting this agent. In this paper, we propose the Geographically Bound Mobile Agent (GBMA) which is a mobile agent that periodically migrates in order to always be located in a designated region. In order to clarify where the GBMA should be located and when the GBMA starts to migrate, two geographic zones are set to the GBMA: required zone and expected zone. The required zone ease tracking of the GBMA, and the expected zone ease adjustment of the GBMA migration timing.

    DOI

  • Mobile and cooperative compounds of multimedia services

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    Proceedings - 2005 IEEE International Conference onServices Computing, SCC 2005   I   129 - 136  2005  [Refereed]  [Invited]

     View Summary

    This work proposes a novel model where multimedia contents with their related services (business processes and functions) are packaged together as mobile agents. This is intended to enable content providers both to encapsulate their contents and to provide value-added services, for flexible content editing, delivery, and presentation. In addition, agents encapsulating contents/services can contain other agents in themselves (synthesis of agents). A mobile agent compound integrating multiple contents/services can be thus dynamically formed, in which multiple agents work cooperatively and migrate together as a unit. This paper also describes our proposed MAFEH/WS framework for the model. Agents in the model can be developed by incorporating simple parameter settings for synthesis control into business process descriptions in BPEL4WS. © 2005 IEEE.

    DOI

  • Product recommendation system based on personal preference model using CAM

    Tomoko Murakami, Nobukazu Yoshioka, Ryohei Orihara, Koichi Furukawa

    Transactions of the Japanese Society for Artificial Intelligence   20 ( 5 ) 346 - 355  2005  [Refereed]  [Invited]

     View Summary

    Product recommendation system is realized by applying business rules acquired by data maining techniques. Business rules such as demographical patterns of purchase, are able to cover the groups of users that have a tendency to purchase products, but it is difficult to recommend products adaptive to various personal preferences only by utilizing them. In addition to that, it is very costly to gather the large volume of high quality survey data, which is necessary for good recommendation based on personal preference model. A method collecting kansei information automatically without questionnaire survey is required. The constructing personal preference model from less favor data is also necessary, since it is costly for the user to input favor data. In this paper, we propose product recommendation system based on kansei information extracted by text mining and user's preference model constructed by Category-guided Adaptive Modeling, CAM for short. CAM is a feature construction method that can generate new features constructing the space where same labeled examples are close and different labeled examples are far away from some labeled examples. It is possible to construct personal preference model by CAM despite less information of likes and dislikes categories. In the system, retrieval agent gathers the products' specification and user agent manages preference model, user's likes and dislikes. Kansei information of the products is gained by applying text mining technique to the reputation documents about the products on the web site. We carry out some experimental studies to make sure that prefrence model obtained by our method performs effectively.

    DOI CiNii

  • A multiagent framework for pervasive computing: The Mobeet framework

    N Yoshioka, A Ohsuga, S Honiden

    ELECTRICAL ENGINEERING IN JAPAN   149 ( 3 ) 49 - 64  2004.11  [Refereed]

     View Summary

    Pervasive computing is becoming a more important issue for open distributed systems. It is, however, hard to design such distributed systems when the user uses many kinds of terminals and migrates with these. This paper has proposed a new framework for pervasive computing. The framework includes three kinds of agents: User Interface Agents, Programmable Agents, and Service Mediation Agents. We can easily design a flexible distributed system by collaborating these agents. We also evaluate the framework from the flexibility point of view. (C) 2004 Wiley Periodicals, Inc.

  • Location-aware Application Development Methodology using Mobile Agent-based System

    K. Matsuzaki, N. Yoshioka, S. Honiden

    International Workshop on Mobility Aware Technologies and Applications (MATA2004), October 20-22, 2004 - Florian?polis, Brazil    2004.10  [Refereed]

  • Security Patterns: A Method for Constructing Secure and Efficient Inter-Company Coordination Systems

    N. Yoshioka, S. Honiden, A. Finkelstein

    The 8th International IEEE Enterprise Distributed Object Computing Conference (EDOC 2004) 20-24 September 2004, Monterey, California, USA     84 - 97  2004.09  [Refereed]

    DOI

  • Bridging the Gap between AUML and Implementation using FOPL

    Takuo Doi, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    Proc. of the Second International Workshop on Programming Multi-Agent Systems(ProMAS 2004)     69 - 78  2004.07  [Refereed]

  • Behavior Descriptions of Mobile Agents for Web Services Integration

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    2004 IEEE International Conference on Web Services (ICWS 2004)     342 - 349  2004.07  [Refereed]

    DOI

  • Toward Synthesis of Web Services and Mobile Agents

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    AAMAS'2004 Workshop on Web Services and Agent-based Engineering (WSABE2004)     48 - 55  2004.07  [Refereed]

  • モバイルエージェントを用いたユビキタスアプリケーション開発法

    Kazutaka Matsuzaki, Nobukazu Yoshioka, Shinichi Honiden

    International Workshop on Ubiquitous Computing (IWUC 2004)    2004.04  [Refereed]  [Invited]

  • Ubiquitous Application Development using a Mobile Agent-based System

    K. Matsuzaki, N. Yoshioka, S. Honiden

    International Workshop on Ubiquitous Computing (IWUC 2004), April 13-14, 2004 - Porto, Portugal     204 - 212  2004.04  [Refereed]

  • Mobile Agent System for Web Services Integration in Pervasive Networks

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    International Workshop on Ubiquitous Computing (IWUC 2004)     38 - 47  2004.04  [Refereed]

  • ロジック書き換えパターンの検証方法の提案

    吉岡信和, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • マルチメディアコンテンツ流通のためのモバイルエージェントのモデル駆動開発

    苅部卓哉, 吉岡信和, 田原康之, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • マルチエージェントシステムのためのインタラクション主導開発におけるシステム分析

    土肥拓生, 吉岡信和, 田原康之, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • 階層型モバイルエージェントの自律的な合成のための記述とその基板に関する検討

    石川冬樹, 田原康之, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • P2Pグリッドにおけるモバイルエージェントを用いた生存性の高いサービスの構築

    鄭顕志, 吉岡信和, 深澤良彰, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • 位置指向設計プロセス:モバイル環境における状況依存アプリケーションのアスペクト指向設計

    松崎和賢, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎XI,日本ソフトウェア科学会    2004.03  [Refereed]  [Invited]

  • 位置情報を利用するエージェントのロケーション指向設計

    松崎和賢, 吉岡信和, 本位田真一

    エージェント合同シンポジウム(JAWS 2004)論文集    2004.03  [Refereed]  [Invited]

  • マルチエージェントシステムのインタラクション主導要求分析

    土肥拓生, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム(JAWS 2004)論文集    2004.03  [Refereed]  [Invited]

  • P2P グリッドにおけるサービスの効率的障害退避

    鄭顕志, 吉岡信和, 深澤良彰, 本位田真一

    エージェント合同シンポジウム(JAWS 2004)論文集    2004.03  [Refereed]  [Invited]

  • 階層型モバイルエージェントの合成における合意記述

    石川冬樹, 田原康之, 吉岡信和, 本位田真一

    エージェント合同シンポジウム(JAWS 2004)論文集    2004.03  [Refereed]  [Invited]

  • アクティブコンテンツ:コンテンツ流通のためのモバイルエージェントフレームワーク

    苅部卓哉, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム(JAWS 2004)論文集    2004.03  [Refereed]  [Invited]

  • モバイルエージェントを使ったLocation-awareアプリケーションの開発法

    Kazutaka Matsuzaki, Nobukazu Yoshioka, Shinichi Honiden

    Proc. of International Workshop on Mobility Aware Technologies and Applications (MATA2004), LNCS 3284     13 - 26  2004.03  [Refereed]  [Invited]

  • Webサービスとモバイルエージェントの統合

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    AAMAS'2004 Workshop on Web Services and Agent-based Engineering (WSABE) (2004).    2004.03  [Refereed]  [Invited]

  • IOM/TによるAUMLと実装のギャップの解決

    Takuo Doi, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    International Workshop on Programming Multi-Agent Systems(ProMAS 2004), LNAI 3346     147 - 162  2004.03  [Refereed]  [Invited]

  • Webサービス連携のためのモバイルエージェントのビヘイビア記述

    Fuyuki Ishikawa, Yasuyuki Tahara, Nobukazu Yoshioka, Shinichi Honiden

    2004 IEEE International Conference on Web Services (ICWS 2004)     342 - 349  2004.03  [Refereed]  [Invited]

  • Webサービス連携のためのモバイルエージェントシステム

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yasuyuki Tahara, Shinichi Honiden

    International Workshop on Ubiquitous Computing (IWUC 2004)    2004.03  [Refereed]  [Invited]

  • Webサービス連携のためのモバイルエージェント動作記述

    石川冬樹, 田原康之, 吉岡信和, 本位田真一

    情報処理学会論文誌   ( Vol.45 No.6 ) 1614 - 1629  2004.03  [Refereed]  [Invited]

  • パーベイシブネットワークにおけるWebサービス連携のためのモバイルエージェントシステム

    石川冬樹, 吉岡信和, 本位田真一

    電子情報通信学会論文誌   VOL.J87-D-I ( NO.7 ) 782 - 795  2004.03  [Refereed]  [Invited]

  • パーベイシブコンピューティングのためのマルチエージェントフレームワーク: Mobeetフレームワーク

    N. Yoshioka, A. Ohsuga, S. Honiden

    Electrical Engineering in Japan,John Wiley & Sons, Inc   ( Vol.149, Issue 3 ) 49 - 64  2004.03  [Refereed]  [Invited]

  • ユビキタス環境のためのエージェント指向ソフトウェアの開発と応用

    吉岡信和, 大須賀昭彦, 本位田真一

    システム/制御/情報   ( Vol.48, No.11 ) 22 - 27  2004.03  [Refereed]  [Invited]

    DOI

  • パターンに基づくモバイル環境のためのモバイルエージェントフレームワーク

    Nobukazu Yoshioka, Shinichi Honiden

    Proc. of International Workshop on Mobility Aware Technologies and Applications (MATA2004), LNCS 3284, Springer-Verlag,     369 - 380  2004.03  [Refereed]  [Invited]

  • パターンを用いたセキュアなモバイルエージェントシステム設計法

    吉岡信和, 田原康之, 大須賀昭彦, 本位田真一

    情報処理学会論文誌   ( Vol.45, No.3 ) 842 - 857  2004.03  [Refereed]  [Invited]

  • A pattern oriented mobile agent framework for mobile computing

    N Yoshioka, S Honiden

    MOBILITY AWARE TECHNOLOGIES AND APPLICATIONS, PROCEEDINGS   3284   369 - 380  2004  [Refereed]

     View Summary

    As a consequence of the increasing role of computers throughout society, computers, especially mobile devices, are used in diverse situations. Additionally, the computing environment is becoming more changeable. A network application coordinating mobile devices needs to be able to adapt to changes in the environments. In this paper, we propose a new architecture for mobile computing, which uses a mobile agent technology and adapts to changes flexibly. The framework splits the specification of an application into network environments, coordination logic and patterns. Patterns are applied to the coordination logic in order to derive appropriate behaviors automatically.

  • The methodology for developing mobile agent application for ubiquitous environment

    Kazutaka Matsuzaki, Nobukazu Yoshioka, Shinichi Honiden

    Transactions of the Japanese Society for Artificial Intelligence   19 ( 4 ) 311 - 321  2004  [Refereed]  [Invited]

     View Summary

    A methodology which enables a flexible and reusable development of mobile agent application to a mobility aware indoor environment is provided in this study. The methodology is named Workflow-awareness model based on a concept of a pair of mobile agents cooperating to perform a given task. A monolithic mobile agent application with numerous concerns in a mobility aware setting is divided into a master agent (MA) and a shadow agent (SA) according to a type of tasks. The MA executes a main application logic which includes monitoring a user's physical movement and coordinating various services. The SA performs additional tasks depending on environments to aid the MA in achieving efficient execution without losing application logic. "Workflow-awareness (WFA) " means that the SA knows the MA's execution state transition so that the SA can provide a proper task at a proper timing. A prototype implementation of the methodology is done with a practical use of AspectJ. AspectJ is used to automate WFA by weaving communication modules to both MA and SA. Usefulness of this methodology concerning its efficiency and software engineering aspects are analyzed. As for the effectiveness, the overhead of WFA is relatively small to the whole expenditure time. And from the view of the software engineering, WFA is possible to provide a mechanism to deploy one application in various situations.

    DOI

  • A Highly Secure Mobile Agent System Architecture

    Yasukuni Okataku, Hidetoshi Okutomi, Nobuyuki Ohgishi, Nobukazu Yoshioka, Shinichi Honiden

    IEEJ Transactions on Electronics, Information and Systems   124 ( 1 ) 56 - 63  2004  [Refereed]  [Invited]

     View Summary

    We propose a system architecture for mobile agents to improve their security in the environments of insecure networks and non-sophisticated terminals such as PDAs. As mobile agents freely migrate onto their favorite terminals through insecure networks or terminals, it is not appropriate for them to store some secret information for authentication and encryption/decryption. We introduce one and more secure nodes(OASIS NODE) for securely generating and verifying authentication codes. The each agent's data are encrypted by a pseudo-chaos cipher mechanism which doesn't need any floating processing co-processor. We've constructed a prototype system on a Java mobile agent framework, “Bee-gent” which implements the proposed authentication and cipher mechanisms, and evaluated their performances and their applicability to business fields such as an auction system by mobile agents. © 2004, The Institute of Electrical Engineers of Japan. All rights reserved.

    DOI

  • ユビキタスネットワークに対応した動的パターン適用に基づくモバイルエージェントシステム構築法

    吉岡信和, 本位田真一

    IEEE Computer Society, 情報処理学会論文誌   ( Vol.45, No.1 ) 12 - 23  2004.01  [Refereed]  [Invited]

  • An authentication architecture for collaboration among agents in ad hoc networks

    Y Okataku, N Yoshioka, S Honiden

    ELECTRONICS AND COMMUNICATIONS IN JAPAN PART I-COMMUNICATIONS   87 ( 5 ) 11 - 19  2004  [Refereed]  [Invited]

     View Summary

    This paper proposes an authentication architecture for collaboration among agents in a network environment without security assurance. The architecture requires that there should exist at least one secure node (oasis node). The oasis node generates the same number of authentication codes as the number of objects of authentication, using random numbers and agent information, and distributes the codes among the agents. The agents gather at the specified oasis node and obtain verification by the oasis node, based on the distributed random value and the authentication code. In the authentication architecture proposed in this paper, the random number and the authentication code are publicized information which can be compromised by eavesdropping. But the algorithm for generation and verification of the authentication code is not publicized. The architecture is suited for handling authentication processing in ad hoc collaboration among an unspecified number of agents. (C) 2004 Wiley Periodicals, Inc. Electron Comm Jpn Pt 1, 87(5): 11-19, 2004; Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/ ecja.10165.

    DOI

  • A Security Architecture for Collaboration Among Many and Unspecified Agents

    Y. Ohtsuka, H. Okutomi, N. Yoshioka, S. Honiden

    8th International Workshop on Mobile Multimedia Communications (MoMuC2003), Oct.6-8, 2003, Munich, Germany    2003.10  [Refereed]

  • Ambient Calculusに基づくアクティブコンテンツの形式モデル

    Y. Tahara, N. Yoshioka, S. Honiden

    Proc. of 5th International Workshop on Mobile Agents for Telecommunication Applications (MATA’03), LNCS 2881     132 - 141  2003.10  [Refereed]  [Invited]

  • パターンを利用したセキュアかつ効率的なモバイルエージェントアプリケーション開発

    田原康之, 吉岡信和, 大須賀昭彦, 本位田真一

    情報処理学会論文誌   ( Vol. 44, No.6 ) 1483 - 1497  2003.06  [Refereed]  [Invited]

  • Webサービス連携のためのモバイルエージェント動作記述

    石川冬樹, 田原康之, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎X,日本ソフトウェア科学会    2003.03  [Refereed]  [Invited]

  • エージェントのペアリングによる再利用性と動的環境適応性を考慮に入れた記述分離

    松崎和賢, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎X,日本ソフトウェア科学会    2003.03  [Refereed]  [Invited]

  • UMLを用いたセキュアなアプリケーション開発のための支援手法

    苅部卓哉, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎X,日本ソフトウェア科学会    2003.03  [Refereed]  [Invited]

  • エージェント間プロトコル記述言語FOPLの提案

    土肥拓生, 吉岡信和, 本位田真一

    ソフトウェア工学の基礎X,日本ソフトウェア科学会    2003.03  [Refereed]  [Invited]

  • モバイルエージェントによる柔軟なコンテンツ流通を実現するアクティブコンテンツ

    吉岡信和, 田原康之, 本位田真一

    ソフトウェア工学の基礎X,日本ソフトウェア科学会    2003.03  [Refereed]  [Invited]

  • モバイルエージェントによるデジタルコンテンツ流通

    苅部卓哉, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム(JAWS 2003)論文集    2003.03  [Refereed]  [Invited]

  • モバイルエージェントによるWeb サービス連携モデル

    石川冬樹, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム(JAWS 2003)論文集    2003.03  [Refereed]  [Invited]

  • インタラクションプロトコル記述言語FOPL

    土肥拓生, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム(JAWS 2003)論文集    2003.03  [Refereed]  [Invited]

  • アドホックなサービス利用を援するエージェントプラットフォーム拡張の提案

    松崎和賢, 吉岡信和, 田原康之, 本位田真一

    エージェント合同シンポジウム (JAWS 2003) 論文集    2003.03  [Refereed]  [Invited]

  • モバイルエージェントを用いた小規模Grid 構築

    鄭顕志, 吉岡信和, 本位田真一, 深澤良彰

    エージェント合同シンポジウム(JAWS 2003)論文集    2003.03  [Refereed]  [Invited]

  • パーベイシブネットワークにおけるWebサービス連携のためのモバイルエージェントシステム

    石川冬樹, 吉岡信和, 本位田真一

    オブジェクト指向シンポジウム2003    2003.03  [Refereed]  [Invited]

  • バッテリー切れを考慮したモバイルエージェントを使ったシステム退避システム: Easter

    H. Kaneko, Y. Fukazawa, F. Kumeno, N. Yoshioka, S. Honiden

    不明    2003.03  [Refereed]  [Invited]

  • 不特定多数のエージェントの協調のためのセキュリティアーキテクチャ

    Y. Okataku, H. Okutomi, N. Ohgishi, N. Yoshioka, S. Honiden

    8th International Workshop on Mobile Multimedia Communications, (2003).    2003.03  [Refereed]  [Invited]

  • アドホックネットワークにおけるエージェント間共同作業のための認証機構

    岡宅泰邦, 吉岡信和, 本位田真一

    電子情報通信学会論文誌   ( Vol.J86-B, No.3 ) 419 - 427  2003.03  [Refereed]  [Invited]

  • モバイルエージェントによる柔軟なコンテンツ流通を実現するアクティブコンテンツ

    吉岡信和, 田原康之, 本位田真一

    情報処理学会論文誌:データベース   ( Vol.44, No.SIG 18 ) 45 - 57  2003.03  [Refereed]  [Invited]

  • Mobile agent based evacuation system when the battery runs out: EASTER

    H Kaneko, Y Fukazawa, F Kumeno, N Yoshioka, S Honiden

    PROCEEDINGS OF THE FIRST IEEE INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING AND COMMUNICATIONS (PERCOM 2003)     460 - 469  2003  [Refereed]

     View Summary

    As mobile computing becomes common, the battery issue of mobile computing devices has become increasingly notable. To this end, research and development of various power-conservation devices and methods are actively taking place. However, the conventional method of extending the battery life through power-conservation can never prevent the unintentional shutdowns of applications due to the dead battery. This research aims to realize the evacuation of applications on a mobile computing device to another device before the battery runs out by creating the application as a mobile agent Particularly, by introducing the concept of the Crisis Management Center dynamic and smooth evacuation of multiple application agents will become possible. This paper explains and verifies the effectiveness of the EASTER (Escape Agent System from dying batTERy), a system developed for the purpose of recovering the applications when a battery is running out through the use of mobile agent system.

  • A formal model of active contents based on the ambient calculus

    Y Tahara, N Yoshioka, S Honiden

    MOBILE AGENTS FOR TELECOMMUNICATION APPLICATIONS, PROCEEDINGS   2881   132 - 141  2003  [Refereed]

     View Summary

    The recent innovation of telecommunication and networking technology is enabling easy and flexible distribution of digital multimedia contents. However, such rapid progress has brought about various problems on intellectual properties and security. We are investigating a technique to solve the problem called active contents based on hierarchical structures of mobile agents. The agents work as wrappers of contents and can easily manage the policies for contents distribution. In this paper, we give a formal model of active contents in order to establish rigorous foundations for the active contents technique, especially the system of the policy control mechanisms. Using the model, we can verify if the behaviors of the active contents satisfy the given policies or not. An example of the redistribution prohibition policy illustrates how the verification works.

  • A Proposal of Replica Management Based on MIC Method Suitable for Mobile Computation Environments

    Yasukuni Okataku, Nobukazu Yoshioka, Shinichi Honiden

    IEEJ Transactions on Electronics, Information and Systems   123 ( 4 ) 670 - 676  2003  [Refereed]  [Invited]

     View Summary

    We propose a fault-tolerant mechanism based on message integrity code (MIC) method for mobile agent authentication under non-secured network environment. We introduce one or more secured nodes (OASIS NODE) and a mobile agent (FT_Agent) having a replica management mechanism. We assume that the candidate agents for authentication are safely stored in an OASIS NODE and a shared secret key is safely distributed to user terminals from the OASIS NODE at the beginning. When the replica agents on user terminals need their authentication, they calculate MIC by using the shared secret key and move themselves having the MIC to the OASIS NODE, which verifies the MIC. The FT_Agents which are also verified by an OASIS NODE are distributed to the each agent and dynamically manage active replicas and passive replicas. By introducing the MIC method and the replica management mechanism, a secured fault-tolerant system suitable for mobile agents under non-secured network environment can be constructed. © 2003, The Institute of Electrical Engineers of Japan. All rights reserved.

    DOI CiNii

  • A Multi Agent Framework for Pervasive Computing: Mobeet Framework

    Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    IEEJ Transactions on Electronics, Information and Systems   123 ( 8 ) 1473 - 1485  2003  [Refereed]  [Invited]

     View Summary

    Pervasive computing is becoming a more important issue for open distributed systems. It is, however, hard to design such distributed systems when the user uses many kinds of terminals and migrates with these. This paper has proposed a new framework for pervasive computing. The framework includes three kinds of agents: User Interface Agents, Programmable Agents and Service Mediation Agents. We can easily design a flexible distributed system by collaborating these agents. We also evaluate the framework from flexibility point of view. © 2003, The Institute of Electrical Engineers of Japan. All rights reserved.

    DOI

  • PCクラスタ対応マルチエージェントフレームワーク

    吉岡信和, 鄭顕志, 深澤良彰, 本位田真一

    合同エージェントワークショップ&シンポジウム(JAWS2002)     119 - 130  2002.11  [Refereed]

  • Evaluation of a multi agent framework for open distributed systems

    N Yoshioka, T Kawamura, A Ohsuga, S Honiden

    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES   E85A ( 11 ) 2396 - 2406  2002.11  [Refereed]

     View Summary

    Interoperability between different systems is becoming a more important issue for open distributed systems. In this paper, we investigate what kind of framework we need for constructing open distributed systems. Firstly, we enumerate the features and functions which the framework should have. We then evaluate a proposed multi-agent framework, Bee-gent, by using a typical example of open distributed systems. Lastly, we show clearly what is required for such a framework.

  • オープン分散システムのためのマルチエージェントフレームワークの評価

    Nobukazu Yoshioka, Takahiro Kawamura, Akihiko Ohsuga, Shinichi Honiden

    IEICE TRANS. FUNDAMETALS   VOL.E85-A ( NO.11 ) 2396 - 2406  2002.11  [Refereed]  [Invited]

  • Pattern based Design for Secure and Safe Mobile Agent Systems

    N. Yoshioka, Y. Tahara, S. Honiden, A. Ohsuga

    Artificial and Computational Intelligence (ACI 2002)     365 - 117  2002.09

  • 携帯電話アプリケーション開発のためのスクリプトシステムの提案

    直原正樹, 吉岡信和, 深澤良彰, 本位田真一

    エージェント合同シンポジウム (JAWS 2002)論文集     461 - 462  2002.03  [Refereed]  [Invited]

  • モバイル端末連携支援Bee-gent 拡張フレームワーク

    松崎和賢, 吉岡信和, 本位田真一

    エージェント合同シンポジウム(JAWS 2002)論文集     321 - 322  2002.03  [Refereed]  [Invited]

  • Webサービス連携エージェントのためのビヘイビアルール記述言語

    石川冬樹, 吉岡信和, 本位田真一

    エージェント合同シンポジウム (JAWS 2002)論文集     353 - 363  2002.03  [Refereed]  [Invited]

  • モバイルエージェントによるバッテリ切れ避難システム : Easter

    金子平祐, 深澤良彰, 粂野文洋, 吉岡信和, 本位田真一

    エージェント合同シンポジウム(JAWS 2002)論文集     314 - 320  2002.03  [Refereed]  [Invited]

  • パターンを利用したセキュアかつ効率的なモバイルエージェントアプリケーション開発

    田原康之, 吉岡信和, 大須賀昭彦, 本位田真一

    情報処理学会     43 - 50  2002.03  [Refereed]  [Invited]

  • PCクラスタに対応したマルチエージェントシステムの提案

    吉岡信和, 鄭顕志, 深澤良彰, 本位田真一

    エージェント合同シンポジウム (JAWS 2002)論文集     353 - 363  2002.03  [Refereed]  [Invited]

  • セキュリティとセーフティのためのパターンに基づくモバイルエージェント設計法

    Yoshioka, Tahara, Ohsuga, Honiden

    ACI 2002, Proc. of IASTED (2002).    2002.03  [Refereed]  [Invited]

  • Secure and Efficient Mobile Agent Application Reuse Using Patterns

    Yasuyuki Tahara, Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    Proceedings of the 2001 symposium on Software reusability: putting software reuse in context     78 - 85  2001.05  [Refereed]

  • パターンを使った安全で効率のよいモバイルエージェントアプリケーションの再利用

    Yasuyuki Tahara, Nobukazu Yoshioka, Akihiko Ohsuga

    ACM SIGSOFT Software Engineering Notes   ( Volume 26 , Issue 3 ) 78 - 85  2001.03  [Refereed]  [Invited]

  • Security for mobile agents

    Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga, Shinichi Honiden

    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)   1957 ( LNCS No.1957 ) 223 - 234  2001  [Refereed]  [Invited]

     View Summary

    In view of the proliferation and expansion of wide-area open networks such as the intranets and extra-nets, agent technology is attracting greater attention. However, as yet there is well-established and widely used method of developing safe and secure agent systems. In this paper, we propose a methodology that supports the step-by-step development of mobile agent systems while ensuring consideration of security issues. This approach results in a robust infrastructure for practical system development, and by supporting calculation of various costs allows efficiency and security tradeoffs to be objectively evaluated. © 2001 Springer Berlin Heidelberg.

    DOI

  • セーフティ・セキュリティを考慮したモバイルエージェントの開発法,オブジェクト指向シンポジウム2000

    吉岡信和, 田原康之, 大須賀昭彦, 本位田真一

    情報処理学会     33 - 40  2000.03  [Refereed]  [Invited]

  • A Methodology for Safety of Mobile Agents, Proc. of MAMA'2000 held at the ISA 2000.

    Yoshioka, Tahara, Ohsuga, Honiden

    不明    2000.03  [Refereed]  [Invited]

  • A Methodology For Safety Of Mobile Agents

    Shinichi Honiden

    International ICSC Symposium on Multi-Agents and Mobile Agents in Virtual Organizations and E-Commerce (MAMA'2000)    2000  [Refereed]

  • 抽象解釈を用いたプログラムの段階的具象化法

    Nobukazu Yoshioka, Masato Suzuki, Takuya Katayama

    IWSSD'98     126 - 134  1998.03  [Refereed]  [Invited]

  • 抽象解釈を用いたプログラムの段階的具象化法,ソフトウェア工学の基礎III

    吉岡信和, 鈴木正人, 片山卓也

    日本ソフトウェア科学会    1996.03  [Refereed]  [Invited]

  • セキュリティを考慮したモバイルエージェントシステム構築法

    吉岡信和, 大須賀昭彦, 田原康之, 本位田真一

    情報処理学会論文誌掲載予定    [Refereed]

▼display all

Books and Other Publications

  • CC-Case: Safety & Security Engineering Methodology for AI/IoT

    Tomoko Kaneko, Nobukazu Yoshioka( Part: Joint author)

    Nova Science Publishers  2020.07

  • Assessing Security and Privacy Behavioural Risks for Self-Protection Systems

    Yijun Yu, Nobukazu Yoshioka, Tetsuo Tamai( Part: Joint author)

    Springer  2019.01

  • Education of Scientific Approaches to Trustworthy Systems for Industry - After 10 Years

    Fuyuki Ishikawa, Nobukazu Yoshioka, Yoshinori Tanabe( Part: Joint author)

    CRC Press  2016.09

  • Three Misuse Patterns for Cloud Computing

    Keiko Hashizume, Nobukazu Yoshioka, Eduardo B. Fernandez( Part: Joint author)

    IGI Global  2012.09

  • アカデミッククラウド調査報告書2012

    吉岡信和, 棟朝雅晴, 本橋賢二, 西村一彦, 谷沢智史, 横山重俊( Part: Joint author)

    (株)インプレスR&D  2012.08

  • Security Patterns: Comparing Modeling Approaches

    A. Bandara, S. Hayashi, J. Jurjens, H. Kaiya, A. Kubo, R. Laney, H. Mouratidis, A. Nhlabatsi, B. Nuseibeh, H. Shinpei, Y. Tahara, T. Tun, H. Washizaki, N. Yoshioka, Y. Yu

    Information Science Reference  2010.09

  • Using security patterns to develop secure systems

    E.B. Fernandez, N. Yoshioka, H. Washizaki, J. Jurjens, M. VanHilst, G. Pernul

    Information Science Reference  2010.09

  • XAC Project: Towards a Middleware for Open Wireless Sensor Networks

    Kenji Tei, Shunichiro Suenaga, Yoshiyuki Nakamura, Yuichi Sei, Hikotoshi Nakazato, Yoichi Kaneki, Nobukazu Yoshioka, Yoshiaki Fukazawa, Shinichi Honiden

    Information Science Publishing  2010.03

  • SPINによる設計モデル検証?モデル検査の実践ソフトウェア検証

    吉岡信和, 青木利晃, 田原康之

    近代科学社  2008.09 ISBN: 4764903547

  • 考えるコンテンツ 「スマーティブ」,丸善ライブラリー374 ,丸善,ISBN 4-621-05374-4 (2005)

    本位田真一, 吉岡信和, 由利伸子

    丸善株式会社  2005.03

▼display all

Misc

  • STAMP S&S システム理論によるセーフティ・セキュリティ統合リスク分析

    金子朋子, 林浩史, 高橋雄志, 吉岡信和, 大久保隆夫, 佐々木良一

    コンピュータセキュリティシンポジウム 2019     41 - 47  2019.10

    Research paper, summary (national, other academic conference)  

  • イベント割込みによる業務プロセスの伝票不整合リスクの改善手法

    河本高文, 二木厚吉, 吉岡信和

    コンピュータセキュリティシンポジウム 2019     1 - 8  2019.10

    Research paper, summary (national, other academic conference)  

  • ソフトウェアセキュリティ知識ベースを用いた要求分析及び設計における知識提示手法の開発とケーススタディによる評価

    山田侑樹, 櫨山淳雄, 吉岡信和

    電子情報通信学会技術研究報告知能ソフトウェア工学   118 ( 463 ) 51 - 56  2019.03

  • ICSE 2018 参加報告

    吉岡信和, 鵜林尚靖, 石川冬樹, 鄭顕志, 鷲崎弘宜

    コンピュータソフトウェア    2019.01  [Refereed]  [Invited]

    Meeting report  

  • 機械学習応用システムのセキュリティとプライバシ

    吉岡 信和

    情報処理   60 ( 1 ) 34 - 39  2018.12  [Invited]

    Article, review, commentary, editorial, etc. (scientific journal)  

  • セキュリティパターン研究の分類体系と文献調査

    鷲崎弘宜, XIA Tian, 鎌田夏実, 大久保隆夫, 小形真平, 海谷治彦, 加藤岳久, 鹿糠秀行, 田中昂文, 櫨山淳雄, 山本暖, 吉岡信和, 吉野雅之

    情報処理学会研究報告(Web)   2018 ( SE-198 ) Vol.2018‐SE‐198,No.25,1‐7 (WEB ONLY)  2018.03

    J-GLOBAL

  • Development of a System Supporting Security Design from Security Requirements Analysis using Software Security Knowledge Base

    宮原光, 櫨山淳雄, 田中昂文, 鷲崎弘宜, 海谷治彦, 大久保隆夫, 吉岡信和

    電子情報通信学会技術研究報告   117 ( 465(KBSE2017 39-63) ) 67‐72  2018.02

    J-GLOBAL

  • Introduction to the Special Issue on Practical IT Education

    UBAYASHI Naoyasu, YOSHIDA Norihiro, IGAKI Hiroshi, OKUBO Takao, OBA Michiko, KUMENO Fumihiro, MORIMOTO Chikako, YOSHIOKA Nobukazu

    Computer Software   35 ( 1 ) 1_2 - 1_2  2018

    DOI CiNii

  • ER 2016参加報告

    中川 博之, 小林 努, 林 晋平, 吉岡 信和, 鵜林 尚靖

    コンピュータソフトウェア   34 ( 3 ) 75 - 80  2017.08  [Refereed]  [Invited]

    Meeting report  

  • Evaluation Practice for the Effectiveness of CC-Case as an Integrated Method of Security Requirement Analysis and Assurance

    金子朋子, 高橋雄志, 勅使河原可海, 吉岡信和, 山本修一郎, 大久保隆夫, 田中英彦

    情報処理学会研究報告(Web)   2017 ( CDS-19 ) Vol.2017‐CDS‐19,No.16,1‐8 (WEB ONLY)  2017.05

    J-GLOBAL

  • ソフトウェアセキュリティ知識ベースを活用したセキュリティ要求分析からセキュリティ設計を支援するシステムの提案

    櫨山淳雄, 宮原光, 田中昂文, 橋浦弘明, 鷲崎弘宜, 吉岡信和, 海谷治彦, 大久保隆夫

    情報処理学会全国大会講演論文集   79th ( 1 ) 1.335‐1.336  2017.03

    J-GLOBAL

  • プライバシーを考慮したソフトウェア開発技術の文献に基づく動向調査

    櫨山淳雄, 鷲崎弘宜, 吉岡信和, 海谷治彦, 大久保隆夫

    人工知能学会第18回知識流通ネットワーク研究会    2016.03

  • Distributed Cloud with Overlay Cloud Architecture

    横山 重俊, 政谷 好伸, 吉岡 信和

    電子情報通信学会技術研究報告 = IEICE technical report : 信学技報   115 ( 236 ) 23 - 26  2015.10

    CiNii

  • 形式検証を用いた攻撃分析フレームワークの提案

    大久保 隆夫, 海谷 治彦, 鷲崎 弘宣, 吉岡 信和

    コンピュータセキュリティシンポジウム2015    2015.10

    Research paper, summary (national, other academic conference)  

  • クラウドサービスの開発と運用においてセキュリティとプライバシを扱うためのメタモデル

    鷲崎 弘宜, 福本 創太, 山本 美聡, 芳澤 正敏, 大久保 隆夫, 小形 真平, 海谷 治彦, 加藤 岳久, 櫨山 淳雄, 吉岡 信和

    コンピュータセキュリティシンポジウム2015    2015.10

    Research paper, summary (national, other academic conference)  

  • A Scientific Paper Reproducible Environment with Overlay Cloud Architecture

    YOKOYAMA SHIGETOSHI, MASATANI YOSHINOBU, OGASAWARA OSAMU, OTA TATSURO, YOSHIOKA NOBUKAZU, AIDA KENTO

    情報処理学会研究報告(Web)   2015 ( IOT-31 ) VOL.2015-IOT-31,NO.1 (WEB ONLY)  2015.09

    J-GLOBAL

  • セキュリティ, プライバシー向け共通問題EMSsecの提案

    大久保隆夫, 海谷治彦, 鷲崎弘宣, 小形真平, 柿崎淑郎, 櫨山淳雄, 吉岡信和

    電子情報通信学会技術研究報告知能ソフトウェア工学   ( KBSE2015-15 ) 69 - 74  2015.07

  • A Case Study on Web Service Back-up site deployments on Overlay Cloud Architecture

    横山重俊, 政谷好伸, 吉岡信和, 合田憲人

    情報処理学会研究報告(Web)   2015 ( IOT-30 ) VOL.2015-IOT-30,NO.12 (WEB ONLY)  2015.06

    J-GLOBAL

  • Overlay Cloud Architecture

    Shigetoshi Yokoyama, Yoshinobu Masatani, Nobukazu Yoshioka, Kento Aida

    IEICE Technical Committee on Service Computing (SC)    2015.06

    Research paper, summary (national, other academic conference)  

  • Access Log Analysis for Improvements of Cloud Monitoring using a huge Map

    Satoshi Yazawa, Shingo Nakagawa, Bunmei Kanazashi, Kazuhiko Nishimura, Yoshinobu Masatani, Shigetoshi Yokoyama, Nobukazu Yoshioka

    IEICE Technical Committee on Service Computing (SC)    2015.06

    Research paper, summary (national, other academic conference)  

  • Enlightening Test-Driven with Formal, Formal with Test-Driven through Spec-Test-Go-Round

    Fuyuki Ishikawa, Takuo Doi, Kazunori Sakamoto, Nobukazu Yoshioka, Yoshinori Tanabe

    GRACE Center, National Institute of Informatics   ( GRACE-TR-2015-05 ) 1 - 17  2015.06

    Internal/External technical report, pre-print, etc.  

  • ソフトウェアセキュリティ知識ベースを活用したセキュアなソフトウェア開発事例ベースの提案

    櫨山淳雄, 齊藤大仁, 吉岡信和, 小橋孝紀, 鷲崎弘宜, 海谷治彦, 大久保隆夫

    情報処理学会全国大会講演論文集   77th ( 1 ) 1.185-1.186  2015.03

    J-GLOBAL

  • ソフトウェアセキュリティ知識を活用したセキュアなソフトウェア開発のための事例ベース管理システムの開発

    齊藤大仁, 櫨山淳雄, 吉岡信和, 小橋孝紀, 鷲崎弘宜, 海谷治彦, 大久保隆夫

    電子情報通信学会技術研究報告   114 ( 501(KBSE2014 52-64) ) 31 - 36  2015.02

    J-GLOBAL

  • D-9-25 Evacuation Plan Recommendation Using Miniblogs (2) : Application of Self-Adaptive System Approach

    Tahara Yasuyuki, Ohsuga Akihiko, Kawamura Takahiro, Sei Yuichi, Nakagawa Hiroyuki, Yoshioka Nobukazu, Matsumoto Kazunori, Isshiki Masao

    Proceedings of the IEICE General Conference   2015 ( 1 ) 142 - 142  2015.02

    CiNii

  • ミニブログを利用した避難行動推薦(2)―自己適応システム技術の適用―

    田原康之, 大須賀昭彦, 川村隆浩, 清雄一, 中川博之, 吉岡信和, 松本一教, 一色正男

    電子情報通信学会大会講演論文集(CD-ROM)   2015   ROMBUNNO.D-9-25  2015.02

    J-GLOBAL

  • ミニブログを利用した避難行動推薦(3)―プライバシ保護データマイニングの適用―

    清雄一, 大須賀昭彦, 田原康之, 川村隆浩, 中川博之, 吉岡信和, 松本一教, 一色正男

    電子情報通信学会大会講演論文集(CD-ROM)   2015   ROMBUNNO.D-9-26  2015.02

    J-GLOBAL

  • ミニブログを利用した避難行動推薦(1)―システム概要―

    大須賀昭彦, 田原康之, 川村隆浩, 清雄一, 中川博之, 吉岡信和, 松本一教, 一色正男

    電子情報通信学会大会講演論文集(CD-ROM)   2015   ROMBUNNO.D-9-24  2015.02

    J-GLOBAL

  • BP-2-5 Toward On-demand Deployment of Inter-Cloud

    Aida Kento, Yokoyama Shigetoshi, Masatani Yoshinobu, Yoshioka Nobukazu, Urushidani Shigeo

    Proceedings of the IEICE General Conference   2015 ( 2 ) "SS - 11"-"SS-12"  2015.02

    CiNii

  • インタークラウドのオンデマンド構築にむけて

    AIDA KENTO, YOKOYAMA SHIGETOSHI, MASATANI YOSHINOBU, YOSHIOKA NOBUKAZU, URUSHIDANI SHIGEO

    電子情報通信学会大会講演論文集(CD-ROM)   2015   ROMBUNNO.BP-2-5  2015.02

    J-GLOBAL

  • ソフトウェアセキュリティ知識ベースを活用したセキュアなWebアプリケーション開発事例ベースの試作

    櫨山淳雄, 齊藤大仁, 吉岡信和, 熊谷梓, 小橋孝紀, 鷲崎弘宜, 海谷治彦, 大久保隆夫

    電子情報通信学会技術研究報告   114 ( 420(KBSE2014 39-51) ) 49 - 54  2015.01

    J-GLOBAL

  • A trial of improvement of Cloud Monitoring ”Map” using the Access Log

    谷沢智史, 中川晋吾, 金指文明, 西村一彦, 長久勝, 政谷好伸, 横山重俊, 吉岡信和

    電子情報通信学会技術研究報告   115 ( 72(SC2015 1-8) )  2015

    J-GLOBAL

  • ビブリオ・トーク -私のオススメ-:ピープルウエア 第3版 -ヤル気こそプロジェクト成功の鍵

    吉岡 信和

    情報処理   55 ( 10 ) 1128 - 1129  2014.09  [Invited]

    Book review, literature introduction, etc.  

  • MASG: Advanced Misuse Case Analysis Model with Assets and Security Goals

    Takao Okubo, Kenji Taguchi, Haruhiko Kaiya, Nobukazu Yoshioka

      55 ( 5 )  2014.05

    CiNii

  • 『研究会温故知新シリーズ』ー研究会の30年をふりかえってー

    吉岡 信和

    コンピュータソフトウェア   31 ( 4 ) 19 - 22  2014.05  [Invited]

    Article, review, commentary, editorial, etc. (scientific journal)  

  • Design of Academic Intercloud

    AIDA Kento, YOKOYAMA Shigetoshi, YOSHIOKA Nobukazu, YAMANAKA Kenjiro, NAGAKU Masaru, AOKI Michihiro, ABE Shunji, URUSHIDANI Shigeo

    IEICE technical report. SC, Services Computing   113 ( 376 ) 1 - 6  2014.01

     View Summary

    Cloud computing is now widely used in the academic community. Users in the academic community have a lot of opportunities to use public clouds and private clouds operated in universities. This paper presents the draft design of the academic intercloud. The academic intercloud connects private clouds operated in universities and the cloud platform shared among the universities via the high performance and secure network. It also offers services for federating/sharing computing resources among clouds in order to support advanced research and education.

    CiNii

  • プライバシー要求工学の概要と展望

    吉岡 信和

      54 ( 11 ) 1115 - 1120  2013.10  [Invited]

    Article, review, commentary, editorial, etc. (scientific journal)  

  • A Study of the Application of Model Checking to Embedded Software Based on Interrupt Processing

    SASAKI Takanori, YOSHIOKA Nobukazu, TAHARA Yasuyuki, OHSUGA Akihiko

    Technical report of IEICE. KBSE   113 ( 215 ) 19 - 24  2013.09

     View Summary

    Detecting errors from incorrect interrupt processing when testing embedded systems is difficult because same scenario can not be reproduced. It is possible to resolve the problem using Model Checking. However there are not enough researches to suggest that Model Checking is effective and practical for hardware-dependent systems. In this paper, we clarify the necessity of the system modeling including hardware and propose the framework of interrupt processing designed by Promela language. This method was applied for ARP protocol behavior and confirmed that it is able to execute the Model Checking effectively for the software engineers who don't know the hardware systems and model checking.

    CiNii

  • Continuous Delivery of Cloud Software

      ( 2013 ) 71 - 72  2013.01

    CiNii

  • Security Requirements Analysis under Bring Your Own Device

    SUZUKI Yuji, KAIYA Haruhiko, OGATA Sinpei, OKUBO Takao, KANAYA Nobuyuki, YOSHIOKA Nobukazu

      112 ( 314 ) 55 - 60  2012.11

    CiNii

  • Proposal of an architecture for monitoring private cloud

    YAZAWA SATOSHI, NISHIMURA KAZUHIKO, NAGAKU MASARU, YOKOYAMA SHIGETOSHI, YOSHIOKA NOBUKAZU

    電子情報通信学会技術研究報告   112 ( 77(SC2012 1-4) ) 1 - 6  2012.06

     View Summary

    National Institute of Informatics has developed a private cloud "edubase Cloud" under the concept of [IT labs for experimenting one's ideas as much as one can], edubase Cloud offers the most advanced IT environment and serves as the driving force to accelerate the development of leading IT specialists. Running and maintaining edubase Cloud, we are facing the following problems: (1) Each monitoring services of various hardwares and softwares of the system has been provided as different softwares making single point monitoring and administration of whole system more than difficult, and (2)With different monitoring viewpoints (usage growth, system operation, etc), defining view configuration in advance has been difficult too. In this paper, we propose an architecture to solve these problems and introduce a prototype tool.

    CiNii J-GLOBAL

  • 物理・仮想マシンの統一的なクラスタ管理フレームワーク:dodai

    横山重俊, 長久勝, 吉岡信和

    情報処理学会シンポジウム論文集   2012 ( 1 ) 29 - 30  2012.01

    J-GLOBAL

  • クラウドコンピューティングで変わる大学のIT活用

    吉岡 信和

    医学図書館   59 ( 4 ) 207 - 211  2012  [Invited]

    Rapid communication, short report, research note, etc. (scientific journal)  

  • 教育・研究のためのクラウド基盤:edubase Cloud

    吉岡信和, 長久勝, 横山重俊, 本位田真一

    全国共同利用情報基盤センター研究開発論文集   ( 33 ) 115 - 119  2011.11

    J-GLOBAL

  • Security Patterns for security knowledge sharing,

    Nobukazu Yoshioka

    IPSJ Magazine, Information Processign Society of Japan   52 ( 9 ) 1134 - 1139  2011.09  [Invited]

    Article, review, commentary, editorial, etc. (scientific journal)  

  • Amazon事例,国内新サービスから学ぶ クラウド時代のシステム管理実践基礎知識 設定作業/ロードバランサ/サーバ監視...第7章 クラウドが向かう先 クラウド間相互連携,グリッド連携...

    吉岡信和, 横山重俊, 西村一彦, KARANJIT Prabin

    Softw Des   ( 241 ) 55 - 59  2010.11

    J-GLOBAL

  • A Report on Trends in Aspect-Oriented Software Development Technology for Ensuring Dependability

    WASHIZAKI HIRONORI, TAKAHASHI RYUICHI, MURAKAMI SHINICHI, OHASHI AKIRA, YOSHIOKA NOBUKAZU, ISHIKAWA FUYUKI, KUBO ATSUTO, YAMAMOTO RIEKO, KODAKA TOSHIHIRO, IKARI HISASHI, KANUKA HIDEYUKI, SUGIMOTO NOBUHIDE

    研究報告ソフトウェア工学(SE)   2010 ( 17 ) 1 - 8  2010.05

     View Summary

    ソフトウェアの開発にあたり可用性や保守性,セキュリティに代表されるディペンダビリティを確保するために有効なアスペクト指向技術の研究ならびに実践の動向について,文献や会議を中心とした調査結果を報告する.本調査において技術の適用対象として,主として Web アプリケーション・エンタープライズアプリケーションを扱う.We report a result of a brief survey on progress in researches and practices in aspect-oriented software development (AOSD) technology for software dependability including availability, maintainability and security. Web/enterprise applications are the main target of the survey.

    CiNii

  • XAC project: Towards a middleware for open wireless sensor networks

    Kenji Tei, Shunichiro Suenaga, Yoshiyuki Nakamura, Yuichi Sei, Hikotoshi Nakazato, Yoichi Kaneki, Nobukazu Yoshioka, Yoshiaki Fukazawa, Shinichi Honiden

    Designing Solutions-Based Ubiquitous and Pervasive Computing: New Issues and Trends     214 - 231  2010  [Refereed]

     View Summary

    In pervasive computing environment (Satyanarayanan, 2001), common context management system, that make context of the real world be shared among the context-aware applications, is required to reduce development cost of each context-aware applications. A wireless sensor network (WSN) will be a key infrastructure for the context management system. Towards pervasive computing, a WSN integrated into context management system should be open infrastructure. In an open WSN should (1)handle various kinds of tasks, (2)manage tasks at runtime, (3)save resource consumption, and (4)adapt to changes of environments. To develop such an open WSN, middleware supports are needed, and our XAC project tries to develop a middleware for the open WSN. The XAC project is a research project to develop a middleware for open WSN. In this chapter, the auhors show research issues related to open WSN from the viewpoints of task description language, runtime task management, self-adaptability, and security. © 2010, IGI Global.

    DOI

  • Report on Software Engineering Symposium 2009

      2009 ( 21 ) 1 - 8  2009.10

    CiNii

  • Report on the 15th Conference on Pattern Languages of Programs (PLoP2008)

    KUBO Atsuto, WASHIZAKI Hironori, YOSHIOKA Nobukazu, IBA Takashi, OKUBO Takao

    IPSJ SIG Notes   2009 ( 31 ) 311 - 316  2009.03

     View Summary

    This paper reports the 15th Conference on Pattern Languages of Programs (PLoP2008), held in October 2008 in Nashville, USA. There were 27 pattern papers and one research paper in PLoP2008.

    CiNii

  • SQUAREではじめるセキュリティ要求工学

    Nancy R. Mead, 吉岡信和

    情報処理   50 ( 3 ) 193 - 197  2009.03

    Book review, literature introduction, etc.  

  • セキュリティ要求工学の概要と展望

    吉岡信和, Bashar Nuseibeh

    情報処理   50 ( 3 ) 187 - 192  2009.03

    Book review, literature introduction, etc.  

  • 特集 セキュリティ要求工学の実効性

    吉岡信和, 田口研治

    情報処理   50 ( 3 ) 185 - 186  2009.03

    Book review, literature introduction, etc.  

  • コモ ンクライテリアのためのモデリング手法の提案

    吉岡信和

    情報処理学会研究会    2009

    CiNii

  • Special Projects - Smart and Interactive e-Learning System Based on Smartive

    Nobukazu Yoshioka, Shinichi Honiden

    3rd Intentional Conference of Conputer AdedLanguage Leaning (WorldCALL 2008)     48 - 49  2008.08

    Article, review, commentary, editorial, etc. (scientific journal)  

  • Report on Winter Workshop 2008 in Dogo

    AMAN HIROHISA, AOKI TOSHIAKI, SAWADA ATSUSHI, YAMAMOTO SHINICHIRO, ATSUMI NORITOSHI, SHIROGANE JUNKO, URAMOTO NAOHIKO, MATSUTSUKA TAKAHIDE, HANYUDA EIICHI, WASHIZAKI HIRONORI, NONAKA MAKOTO, YOSHIOKA NOBUKAZU, TAHARA YASUYUKI

    IPSJ SIG Notes   2008 ( 55 ) 65 - 72  2008.06

    CiNii

  • ユビキタス環境で活躍するエージェント

    吉岡信和

    社団法人情処学会, Journal of Information Processing Society of Japan     266 - 270  2007

    CiNii

  • エージェントで実現する自由で安全なコンテンツ流通

    吉岡信和, 本位田真一

    開隆堂, CHANNEL   ( vol.6-4 ) 1  2006.03

    Book review, literature introduction, etc.  

  • 考えるコンテンツ?スマーティブで実現する自由で安全なコンテンツ流通

    吉岡信和, 本位田真一

    電気通信振興会   Vol.24 ( No.7 ) 32 - 33  2006.03

    Book review, literature introduction, etc.  

  • Context-awareサービスのための開発法の提案

    吉岡信和, 本位田真一

    ソフトウェア工学の基礎XIII, 日本ソフトウェア科学会     125 - 130  2006.03

    Book review, literature introduction, etc.  

  • Project Management of Crowdsoucing-based Software Development

    Shunichiro Suenaga, Yukino Baba, Takuo Doi, Nobukazu Yoshioka

    JSAI 2015  

▼display all

Awards

  • ソフトウェア論文賞

    2018.08   日本ソフトウエア科学会   シーケンス図を用いたモデル検査支援ツールcsp-seq

    Winner: 後藤隼弐, 吉岡信和

  • 解説論文賞

    2017.09   日本ソフトウェア科学会   モデル検査による設計検証

    Winner: 吉岡信和, 田辺良則, 田原康之, 長谷川哲夫, 磯部祥尚

  • Best Paper Award

    2015.11   The Tenth International Conference on Software Engineering Advances (ICSEA 2015)   Performance Exploring Using Model Checking A Case Study of Hard Disk Drive Cache Function

    Winner: Takehiko Nagano, Kazuyoshi Serizawa, Nobukazu Yoshioka, Yasuyuki Tahara, Akihiko Ohsuga

  • Best Paper Award

    2015.06   the First Workshop on Formal Methods in Software Engineering Education and Training (FMSEE&T '15)   Keys and Roles of Formal Methods Education for Industry: 10 Year Experience with Top SE Program

    Winner: Fuyuki Ishikawa, Nobukazu Yoshioka, Yoshinori Tanabe

  • The Commendation for Science and Technology by the Minister of Education, Culture, Sports, Science and Technology, Public Understanding Promotion Category

    2012.04   the Ministry of Education,Culture,Sports,Science & Technology in Japan  

    Winner: Shinichi Honiden, Nobukazu Yoshioka, Yoshinori Tanabe

Research Projects

  • ブロックチェーン・ビッグデータ・クラウド及びIoTを使用したハイパーコネクテッドスマートシティを実現するマルチレイヤセキュリティ技術

    情報通信研究機構  欧州との連携によるハイパーコネクテッド社会のためのセキュリティ技術の研究開発

    Project Year :

    2018.07
    -
    2021.06
     

    東日本電信電話株式会社, 高橋

  • 高信頼な機械学習応用システムによる価値創造

    国立研究開発法人 科学技術振興機構  未来社会創造事業 探索加速型 「超スマート社会の実現」領域 サイバー世界とフィジカル世界を結ぶモデリングとAI

    Project Year :

    2018.12
    -
    2020.03
     

    吉岡 信和

  • プライバシーとセキュリティを統合した要求分析フレームワーク

    文部科学省  国際共同研究加速基金(国際共同研究強化)

    Project Year :

    2016.01
    -
    2019.03
     

    吉岡 信和

  • プライバシーとセキュリティを統合した要求分析フレームワーク

    文部科学省  基盤研究(B)(一般)

    Project Year :

    2015.04
    -
    2019.03
     

    吉岡 信和

Presentations

  • Incidents Are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems (Journal First)

    Faeq Rimawi, Liliana Pasquale, Deepak Mehta, Nobukazu Yoshioka, Bashar Nuseibeh

    The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2021 

    Presentation date: 2021.08

  • 機械学習応用システムの安全性の研究動向と今後の展望

    吉岡信和  [Invited]

    電子情報通信学会 知能ソフトウェア工学研究会 

    Presentation date: 2021.01

  • AIシステムの観点からの次世代セキュリティ

    吉岡信和  [Invited]

    第7回ASF次世代セキュリティシンポジウム 

    Presentation date: 2020.12

  • 機械学習応用システムの開発技術(機械学習工学)の現状と今後の展望

    吉岡信和  [Invited]

    第29回OSSユーザの会 

    Presentation date: 2020.11

  • 機械学習応用システムにおけるセーフティとセキュリティの課題と取り組むべき研究 -自動運転を題材に-

    吉岡信和  [Invited]

    第3回機械学習工学研究会 

    Presentation date: 2020.07

  • 機械学習応用システムの要求工学はなぜ難しいのか?

    吉岡信和

    情報処理学会 ウィンターワークショップ2020 

    Presentation date: 2020.01

  • 機械学習応用システムの工学的アプローチ: その研究動向と今後の展望

    吉岡 信和  [Invited]

    IEEE Computer Society Kansai Chapter 2019年第1回技術講演会 

    Presentation date: 2019.07

  • 高信頼な機械学習応用システムによる価値創造について

    吉岡 信和  [Invited]

    Open QA4AI Conference 

    Presentation date: 2019.05

  • 攻撃に強いサービスを作る IoT時代のセキュリティ設計

    吉岡 信和  [Invited]

    ビジネスに効く科学,東京商工会議所 北支部 

    Presentation date: 2018.08

  • Current and Future challenge of Model and Modeling on Security and Privacy

    Nobukazu Yoshioka  [Invited]

    The 1st International Workshop for Models and Modelling on Security and Privacy 

    Presentation date: 2016.11

  • A Metamodel for Security and Privacy Knowledge in Cloud Services

    Hironori Washizaki, Sota Fukumoto, Misato Yamamoto, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Takehisa Kato, Takao Okubo, Hideyuki Kanuka, Yuki Kondo, Shinpei Ogata, Atsuo Hazeyama, Haruhiko Kaiya, Eduardo B. Fernandez

    The Third International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP) 

    Presentation date: 2016.03

  • Pattern varieties and their uses in building systems

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    The Third International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP) 

    Presentation date: 2016.03

  • プライバシーを考慮したソフトウェア開発技術の文献に基づく動向調査

    櫨山淳雄, 鷲崎弘宜, 吉岡信和, 海谷治彦, 大久保隆夫

    人工知能学会第18回知識流通ネットワーク研究会 

    Presentation date: 2016.03

  • 形式検証を用いた攻撃分析フレームワークの提案

    大久保 隆夫, 海谷 治彦, 鷲崎 弘宣, 吉岡 信和

    コンピュータセキュリティシンポジウム2015 

    Presentation date: 2015.10

  • クラウドサービスの開発と運用においてセキュリティとプライバシを扱うためのメタモデル

    鷲崎 弘宜, 福本 創太, 山本 美聡, 芳澤 正敏, 大久保 隆夫, 小形 真平, 海谷 治彦, 加藤 岳久, 櫨山 淳雄, 吉岡 信和

    コンピュータセキュリティシンポジウム2015 

    Presentation date: 2015.10

  • シーケンス図を用いたモデル検査支援ツール

    後藤隼弐, 吉岡信和

    日本ソフトウェア科学会第31回大会 

    Presentation date: 2014.09

  • FMEAとモデル検査を組合せた高信頼設計プロセスの提案

    若林昇, 吉岡信和

    日本ソフトウェア科学会第30回大会 

    Presentation date: 2013.09

  • クラウドコンピューティングで変わる大学のIT活用と将来展望

    吉岡 信和  [Invited]

    私立大学キャンパスシステム研究会(CS研)第1回第六分科会 

    Presentation date: 2013.06

  • An Academic Cloud for Education and Research in Japan

    Nobukazu Yoshioka  [Invited]

    Cloud Computing 2012 

    Presentation date: 2012.08

  • アカデミック クラウド フォーラム

    棟朝雅晴, 日下部茂, 吉岡信和, 滝澤真一朗, 福田安宏, 西村浩二  [Invited]

    Citrix Cloud Vision 2012 Spring 

    Presentation date: 2012.04

  • edubase cloudと学認

    吉岡 信和  [Invited]

    学認シンポジウム2012 

    Presentation date: 2012.03

  • 教育・研究用クラウド: edubase Cloud

    吉岡 信和  [Invited]

    平成23年度第3回学術情報基盤オープンフォーラム 

    Presentation date: 2012.03

  • edubase cloudについて

    吉岡 信和  [Invited]

    平成23年度第2回学術情報基盤オープンフォーラム 

    Presentation date: 2011.12

  • 分散クラウドシステムにおける遠隔連携技術

    棟朝雅晴, 柏崎礼生, 日下部茂, 天野浩文, 小林泰三, 横山重俊, 吉岡信和, 西村浩二, 滝澤真一朗, 實本英之

    学際大規模情報基盤共同利用・共同研究拠点 第3回シンポジウム 

    Presentation date: 2011.07

  • 大学等の商用クラウドサービス利用に関するセキュリティポリシーを考える

    曽根秀昭, 早貸淳子, 西本逸郎, 阿部俊二, 吉岡信和, 玉造潤史, 辻澤隆彦, 長谷川孝博, 岡部寿男, 松本淳一, 阿部伸一, 高橋正和, 高倉敏行  [Invited]

    学術情報基盤オープンフォーラム2011 

    Presentation date: 2011.06

  • 学んで試せる学術用クラウド: edubase Cloud

    吉岡 信和  [Invited]

    グリッド協議会第32回ワークショップ 

    Presentation date: 2011.03

  • オープンソースの学術向けクラウド「edubase Cloud」の取組み

    吉岡 信和  [Invited]

    グローバルクラウド基盤連携技術フォーラム 第2回合同部会 

    Presentation date: 2011.01

  • 世界一のセキュリティを目指す分野間連携

    大久保隆夫, 須賀祐治, 力武 健次, 吉岡信和, 竹森敬祐, 竹森敬祐

    コンピュータセキュリティシンポジウム 2010 

    Presentation date: 2010.10

  • セキュリティ工学の最前線

    吉岡 信和  [Invited]

    ソフトウェアセキュリティ最前線 

    Presentation date: 2010.10

  • セキュリティ事故事例から統合的な対策手法を考える

    椎木孝斉, 須賀祐治, 大久保隆夫, 鵜野幸一郎, 宮地充子, 吉岡信和

    第50回コンピュータセキュリティ研究発表会 

    Presentation date: 2010.05

  • IMPULSE: a Design Framework for Multi-agent Systems Based on Model Transformation

    Hiroyuki Nakagawa, Nobukazu Yoshioka, Akihiko Ohsuga, Shinichi Honiden

    SE Track of SAC 2011 

    Presentation date: 2010.03

  • A Worm misuse pattern

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    1st Asian Conference on Pattern Languages of Programs 

    Presentation date: 2010.03

  • セキュリティ開発手法の最新動向

    吉岡 信和  [Invited]

    第12回ISSスクエア水平ワークショップ 

    Presentation date: 2009.11

  • モデル検査ツールを使った設計モデルの検証

    吉岡 信和  [Invited]

    Modeling Forum 2009,Sep.2009 

    Presentation date: 2009.09

  • 日本の情報基盤を安全にする-セキュリティ標準化の同行と今後-

    宮地充子, 前田俊行, 柴山悦哉, 鵜飼裕司, 大久保隆夫, 金子浩之, 岡村久道, 吉岡信和

    第164回ソフトウェア工学・第45回コンピュータセキュリティ・第13回組み込みシステム・第4回情報セキュリティ心理学とトラスト研究グループ合同研究発表会 

    Presentation date: 2009.05

  • Improving the Classification of Security Patterns

    Hironori Washizaki, Eduardo B. Fernandez, Katsuhisa Maruyama, Atsuto Kubo, Nobukazu Yoshioka

    DEXA Workshop 2009 

    Presentation date: 2009

  • モデル検査ツールによる設計モデルの検証

    吉岡 信和

    UMLフォーラム2009 

    Presentation date: 2009

  • Misuse Patterns

    Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

    The 4th International Workshop on Software Engineering for Secure Systems (SESS'08)  (Leipzig, Germany) 

    Presentation date: 2008.05

  • Developing Consistent Contractual Policies in Service Composition

    Fuyuki Ishikawa, Nobukazu Yoshioka, Shinichi Honiden

    the 2007 IEEE Asia-Pacific Services Computing Conference (IEEE APSCC 2007)  (筑波、日本)  the 2007 IEEE Asia-Pacific Services Computing Conference (IEEE APSCC 2007)

    Presentation date: 2007.12

  • Agreements and Policies in Cooperative Mobile Agents: Formalization and Implementation

    石川冬樹, 吉岡信和, 本位田真一

    The 9th International Symposium on Distributed Objects, Middleware, and Applications (DOA 2007)  (Algarve, Portugal)  The 9th International Symposium on Distributed Objects, Middleware, and Applications (DOA 2007)

    Presentation date: 2007.11

  • Novel Applications in Ubiquitous Computing

    Christian Sommer, Shunichiro Suenaga, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • ユビキタスコンピューティングにおけるコンテンツの形成・流通・利用・管理に関する研究動向

    馬場雪乃, 福地大輔, 清雄一, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • ユビキタスコンピューティングにおけるコンテキストのモデル化,管理に関する研究動向

    中村善行, 清家良太, 鄭顕志, 吉岡信和, 深澤良彰, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • ユビキタスコンピューティングにおけるアプリケーション開発手法に関する研究動向

    鄭顕志, 中川博之, 川俣洋次郎, 吉岡信和, 深澤良彰, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • ユビキタスコンピューティングにおける分散協調・連携技術の研究動向

    石川冬樹, 阿部玲, 高橋竜一, 吉岡信和, 深澤良彰, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • サービス合成における契約ポリシーの決定・検証問題の形式化とその支援

    石川冬樹, 吉岡信和, 本位田真一

    合同エージェントワークショップ&シンポジウム2007(JAWS2007)  (沖縄県、日本)  合同エージェントワークショップ&シンポジウム2007(JAWS2007)

    Presentation date: 2007.10

  • Errors and Misconceptions in Learning i*

    Toshihiko Tsumaki, Yasuyuki Tahara, Nobukazu Yoshioka, Haruhiko Kaiya, Kenji Taguchi, 本位田真一

    2nd International Workshop on Requirements Engineering Education and Training (REET'07)  (Delhi, India)  2nd International Workshop on Requirements Engineering Education and Training (REET'07)

    Presentation date: 2007.10

  • Policy-based Runtime Partner Management in Process-Based Services

    石川冬樹, 吉岡信和, 本位田真一

    IEEE International Conference on Web Services (ICWS 2007)  (Utha, USA)  IEEE International Conference on Web Services (ICWS 2007)

    Presentation date: 2007.07

▼display all

 

Committee Memberships

  • 2018.06
    -
    Now

    日本ソフトウェア科学会  監事

  • 2018.04
    -
    Now

    日本ソフトウェア科学会 機械学習工学研究会  運営委員

  • 2015.01
    -
    Now

    IEEE Computer Society Japan Chapter  役員

  • 2014.04
    -
    Now

    日本ソフトウェア科学会 実践的IT教育研究会  運営委員

  • 2004.01
    -
    Now

    合同エージェントワークショップ&シンポジウム(JAWS)  プログラム委員

  • 2020.07
    -
    2020.12

    the 2nd International Workshop on Machine Learning Systems Engineering  Co-Organizer

  • 2018.04
    -
    2020.11

    日本科学技術連盟 SQuBoK第3版策定部会  委員

  • 2007.04
    -
    2020.03

    日本ソフトウェア科学会  企画委員

  • 2018.09
    -
    2019.09

    合同エージェントワークショップ&シンポジウム(JAWS) 2019  実行委員長

  • 2018.09
    -
    2018.12

    The International Workshop on Evidence-based Security and Privacy in the Wild 2018 (WESPr-18)  Co-organizer

  • 2018.09
    -
    2018.12

    The 1st International Workshop on Machine Learning Systems Engineering (iMLSE 2018)  Co-organizer

  • 2009.01
    -
    2017.12

    特定非営利活動法人 トップエスイー教育センター  理事

  • 2011.06
    -
    2015.06

    Japan Society for Software Science and Technology  a board member

  • 2011.06
    -
    2015.06

    日本ソフトウェア科学会  理事

  • 2013.04
    -
    2015.03

    Japan Society for Software Science and Technology  Chair of the Planning committee

  • 2013.04
    -
    2015.03

    日本ソフトウェア科学会  企画委員長

  • 2010.04
    -
    2015.03

    the Information Processing Society of Japan  Editorial commitee of IPSJ Magazine

  • 2010.04
    -
    2015.03

    情報処理学会  情報処理 編集委員

  • 2011.04
    -
    2013.03

    日本科学技術連盟  SQuBoK検討委員

  • 2008.04
    -
    2012.03

    日本ソフトウェア科学会  編集委員

  • 2011.07
    -
    2012.02

    経済産業省  平成23年度次世代高信頼・省エネ型IT基盤技術開発・実証事業(ソーシャルクラウド基盤技術に関する調査研究) 「ソーシャルクラウド検討委員会」 主査

  • 2009.12
    -
    2010.03

    内閣官房情報セキュリティセンター  情報セキュリティ技術の研究開発における政府関与のあり方に関する調査 アドバイザ

  • 2009.12
    -
    2010.03

    内閣官房情報セキュリティセンター  リスク要件リファレンスモデル作業部会 主査

  • 2009.12
    -
    2010.03

    経済産業省  平成21年度コンピュータセキュリティ早期警戒体制の整備事業 (ISO/IEC15408評価技術の利用促進に係る調査), 評価者向け・開発者向けマニュアル作成のための検討会

  • 2009.09
    -
    2010.03

    情報処理推進機構  リカレント教育部会 主査

▼display all