九州大学 研究者情報
キーワードで探す 検索機能の使い方
キーワード
検索対象
※ 研究者情報全体を検索する場合は右端の「すべて」を選択して下さい。
詳細検索へ

発表一覧
笠原 義晃(かさはら よしあき) データ更新日:2024.04.10

助教 /  情報基盤研究開発センター 先端サイバーネットワーク研究部門


学会発表等
1. 笠原 義晃, 小田 知央, 嶋吉 隆夫, インターネットにおける電子メール送信SMTP通信への応答の調査方法の検討, 情報処理学会 第63回 インターネットと運用技術(IOT)研究会, 2023.09.
2. Yoshiaki Kasahara, End of Basic Authentication and Migration to Modern Authentication for Exchange Online, Proceedings of the 2023 ACM SIGUCCS Annual Conference, 2023.03, At Kyushu University, Information Infrastructure Initiative provides an email se
rvice named "Primary Mail Service" for students and staff members with Microsoft
Office 365 Exchange Online. On September 20th, 2019, Microsoft announced the en
d of support for Basic Authentication for Exchange Online, which is considered v
ulnerable to identity leakages such as phishing and malware attacks. Microsoft w
ould require users to use Modern Authentication such as Exchange protocol or OAu
th 2.0 authorization with IMAP, POP, and SMTP. Historically we had instructed ou
r users to use IMAP or POP and SMTP protocols for their email applications, incl
uding Microsoft Outlook and Mozilla Thunderbird, so disabling Basic Authenticati
on would significantly impact our user population. In September 2021, Microsoft
announced the end of September 2022 as the hard deadline for disabling Basic Aut
hentication. Based on available information, we prepared migration documents fro
m Basic Authentication to Modern Authentication and started to notify users to a
bandon Basic Authentication. Sending messages to users did not seem to be effect
ive after a couple of notifications, so we tried to temporarily disable Basic Au
thentication to realize the remaining users through authentication failures. In
this paper, we would like to share our experiences about the effect of retiring
Basic Authentication for Exchange Online on our service and users..
3. 嶋吉 隆夫, 笠原 義晃, 小田 知央, 電子メールにおける送信者側スパム判定値のヘッダ付加に関する一検討, インターネットと運用技術シンポジウム論文集, 2022.12.
4. Yoshiaki Kasahara, Takao Shimayoshi, Our Design and Implementation of Multi-Factor Authentication Deployment for Microsoft 365 in Kyushu University, 2022 ACM SIGUCCS Annual Conference (SIGUCCS '22), 2022.04, [URL], In Kyushu University, Information Infrastructure Initiative manages a Microsoft 365 tenant for our university members. We started offering Office 365 in 2016 and migrated our university-wide email service to Microsoft 365 Exchange Online in 2018. Due to the recent outbreak of COVID-19, off-campus uses of Microsoft 365 have increased, and concerns about account security arose. We discussed how to deploy Multi-Factor Authentication (MFA) to protect our users. Microsoft 365 comes with Azure Active Directory (Azure AD), and it includes built-in MFA functionality. With the basic Azure AD MFA, individual users can register MFA information anytime but have no control to enable or disable MFA. Tenant administrators need to enable MFA for each account. For a gradual deployment, we want to allow users to enroll in MFA and register information at their convenience. In addition to that, we want to prevent malicious attackers from registering their MFA information if an account should be already compromised. Such control was difficult with the basic Azure AD MFA. Since 2020 our tenant subscribes to Azure AD Premium P2 licenses, which provides Azure AD Conditional Access. Conditional Access enables fine controls of MFA and other user access behavior with security groups. We designed an MFA self-enrolling and configuration system, and implemented it with Microsoft Forms, Power Automate, Conditional Access, and in-house web applications. By design, this system prohibits MFA information registration until user’s self-enrollment in MFA, and requests the user to register MFA information upon the next sign-in after the self-enrollment. This is supposed to reduce the possible unauthorized registration of MFA information. We extensively discussed implementation of various measures and preparation of documents to counter users’ troubles and complaints. We started deploying MFA in April 2021, but we have not yet fully mandated MFA due to a push back from some executives expressing concern about the adverse effects of enforcing MFA too quickly..
5. 小田 知央, 廣川 優, 近藤 宇智朗, 嶋吉 隆夫, 笠原 義晃, 透過型SMTPプロキシによるメール送信集約とキュー輻輳回避の検討, マルチメディア,分散,協調とモバイル(DICOMO2021)シンポジウム, 2021.07, [URL], 電子メールは古くから用いられているメッセージ交換手段で,依然として世界的に広く利用されている.メールサービスを提供するメールホスティングでは,多数の利用者を同一システムに収容するマルチテナント型によりリソース効率を高め,運用コストを低減している.メールホスティングでは利用可能なグローバルIPアドレス数やメール送信の集中管理のため送信サーバは集約されていることが多いが,大量メール送信や送信先の迷惑メール対策により送信キューの輻輳が発生することで,問題を起こしたテナント以外にも影響が波及し,サービス品質の低下や管理コストの増大をまねいている.本研究では,テナントごとの送信キューの分離と,メール送信の集中管理や送信用グローバルIPアドレスの管理を両立する,メール送信集約用の透過型SMTPプロキシを提案する.また,送信キューの分離によってキュー輻輳時の影響範囲が限定される効果を確認するための予備実験と,透過型SMTPプロキシのプロトタイプ実装について述べる..
6. Takao Shimayoshi, Yoshiaki Kasahara, Naomi Fujimura, Challenge for Consolidation of Individual Email Services into a Cloud Service, ACM SIGUCCS Annual Conference (SIGUCCS '21), 2021.03, [URL], Email is a traditional but still important global communication tool. An email address is a kind of personal identifier, and email addresses printed on publications require persistent reachability. Kyushu University provides a university-wide email service, Primary Mail Service, and assigns a Primary Mail Address for each member. Divisions of the university additionally operate individual email services for their internet subdomains and administer member email addresses. Since email is a major means of cyberattacks nowadays, the secure operation of an email server demands considerable effort and high skill. This article describes a challenge at Kyushu University for consolidating individual email services. Since 2018, the Primary Mail Service has been operated using Microsoft’s cloud service, Exchange Online, which supports multiple internet domains on a tenant. The approach employed is registering divisional subdomains to the tenant and configuring forwarding addresses from addresses of the subdomains to the Primary Mail Addresses or external addresses. A desirable scheme is for each domain administrator to manage forwarding addresses of the domain, but Exchange Online is unable to delegate administration to the domains. To overcome this, a system was designed and developed for domain administrators to create, read, update, and delete forwarding addresses. Beginning in July 2020, a new service to import divisional domains was offered. We are now planning measures for promoting the consolidation of individual email services..
7. 嶋吉 隆夫, 笠原 義晃, 平川 新, 亀岡 謙一, 平野 広幸, 藤村 直美, 九州大学における組織別運用メールサービスのクラウド集約への取り組み, 大学ICT推進協議会2020年度年次大会, 2020.12, 九州大学では、全構成員に全学基本メールアドレスを割り当て、クラウドメールサービスであるMicrosoftExchange Onlineを利用して全学基本メールサービスを提供している。一方、過去の経緯から、学内の部局や学科、研究室などで、割り当てられたインターネットドメインを用いて、内部組織別のメールサービスが独自に運用されている。しかし、近年はメールサービスの運用には、セキュリティ対策についての最新知識やコストが必要とされる。そこで、九州大学情報統括本部では、学内組織による独自運用メールサービスを集約し、全学的なシステム運用コストを削減するとともにセキュリティを向上することを目的として、メールサーバ集約タスクフォースを発足させ、活動を行っている。本稿では、本タスクフォースがこれまでに進めてきた、集約方法の検討、必要システムの設計と構築、および、サービス提供について報告する。.
8. 笠原 義晃, 嶋吉 隆夫, 宮口 忠幸, 藤村 直美, 九州大学における電子メールサービスの Exchange Online 移行, 大学ICT推進協議会2019年度年次大会, 2019.12, 九州大学情報統括本部は、全構成員向けに「全学基本メール」という名称のメールサービスを提供している。直近 のシステムはオンプレミスのサーバで運用していたが、2018 年度末で 5 年の運用期間が終了することになっていた ため、リプレースが課題となっていた。本学は大規模なキャンパス移転を終えたばかりで予算が限られていたため、 次期システムについては調達コストを削減する必要があった。一方本学は Microsoft EES の包括契約により 2016 年度から Microsoft Office 365 を学内提供しており、Office 365 には Exchange Online が含まれていたことから、 これを活用することでコスト削減を目指した。ただし、全学基本メールには Exchange Online 単体では提供され ないいくつかの付加サービスがあったため、これらは別途調達する必要があった。2018 年度中に移行準備を進め、 2018 年 12 月 18 日にサービスの切り換えを実施、2019 年 3 月末までに移行を完了した。また、同時期にオンプレ ミスの Exchange Server から Exchange Online への移行を検討していた事務用メールについても、同時期に全学 基本メールと同じ Office 365 テナントへ移行することとなり、無事移行に成功した。本学には他にも部局サブドメ インによるメールサービスが 100 以上存在しているが、近年メールサービスを安全に運用することが難しくなって いることから、事務用メールと同様に全学基本メールの Exchange Online に統合していく事を検討している。本論 文では、全学向けメールの Exchange Online 移行の計画と実際について述べるとともに、その他の学内向けメール サービスの統合について検討状況を述べる。.
9. Yoshiaki Kasahara, Takao Shimayoshi, Tadayuki Miyaguchi, Naomi Fujimura, Migrate Legacy Email Services in Kyushu University to Exchange Online, 2019 ACM SIGUCCS Annual Conference, SIGUCCS 2019, 2019.11, [URL], In Kyushu University, Information Infrastructure Initiative provides an email service for students and staff members, called ``Primary Mail Service''. We had operated an on-premises system for this service, and the lifetime of this system would end in early 2019. We needed to reduce costs for replacing this system because our university had just finished a major campus migration. We compared some options such as building a yet another on-premise system and migrating to a cloud-based email service and finally gave up the on-premise option because we couldn't afford replacement and operational costs of another on-premises system anymore. We selected Microsoft Exchange Online as the new service mainly because we already had a contract with Microsoft and been operating an Office 365 tenant. We had additional requirements for user provisioning and services which were not available in Exchange Online, so we had to implement and maintain additional systems on top of it. On December 18th, 2018, we successfully migrated the email service to Exchange Online. By coincidence, Kyushu University Administration Bureau decided to migrate their in-house Exchange server to Exchange Online. After some discussions, they concluded to migrate their domain to the same tenant with Primary Mail Service. Other than that, there are more than a hundred legacy email servers inside our campus network operated by various departments as subdomains of kyushu-u.ac.jp. We are designing a plan to consolidate them into our tenant of Exchange Online to reduce a budget and human resource costs, and to improve security. In this presentation, we share our experiences about migrating our campus-wide email services to Exchange Online. We also discuss why we want to consolidate other legacy email servers and how to implement the plan..
10. 嶋吉隆夫, 久志 昇, 笠原義晃, 藤村直美, 九州大学における要機密情報の保護方法に関する一考察, 情報処理学会インターネットと運用技術研究会, 2019.03, 九州大学では情報の格付け及び取扱制限に関する規定が制定され、機密性を要する要機密情報を電子的に保存、送信する場合は適切に保護することと定められているが、具体的な保護方法については指定されていない。そこで、職員が実施可能な機密性を確保するための技術的方法について取り決める必要がある。一方、機密性を高めることだけを考えると利便性が低下し、業務効率が低下するだけでなく、規則が有名無実と化す恐れもある。それゆえ、実現可能かつ利用可能な技術的保護方法を選定する必要があった。本稿では、九州大学における要機密情報の保護方法を選定する上で技術的・運用的側面から検討した内容について述べる。.
11. 嶋吉 隆夫, 笠原 義晃, 尾花 昌浩, 藤村 直美, 九州大学におけるOffice 365 サービス環境の再構築, 大学ICT推進協議会2018年度年次大会, 2018.12, 九州大学では2016 年からOffice 365 を全学サービスとして正式に提供してきたが、その基盤システムやテナント運用などについて様々な課題が生じていた。そこで、基盤システムとテナントを含めて環境を新たに再構築し、2018 年4 月から新しいサービス環境の提供を開始した。本稿では、従来の環境における課題とその解決策、さらに、新しい環境の構築過程で生じた問題とその解決方法などについて紹介する。.
12. Yoshiaki Kasahara, Takao Shimayoshi, Eisuke Ito, Naomi Fujimura, The past, current, and future of our email services in Kyushu University, 2018 ACM SIGUCCS Annual Conference, SIGUCCS 2018, 2018.09, [URL], In Kyushu University, Information Infrastructure Initiative provides email service for students and staff members. Email services for students and staff members were started separately. For students, an email service was started as Unix accounts of "Computer System for Education" in 1995. On the other hand, an email service for staff members was started in 2009, and eventually the two mail services were merged into the current "Kyushu University Primary Mail Service" in 2014. The designs of these mail systems were affected by various operational issues and political decisions at their times. We think that running an in-house mail system is becoming less feasible due to the initial/operational cost, security issues, and our dwindling budget. For the current system, the planned 5-year lifetime ends in this fiscal year. Therefore, we are forced to migrate to a cloud-based mail service. In this presentation, we want to share our past experiences and future plans about our university email services..
13. 松本 亮介, 小田 知央, 笠原 義晃, 嶋吉 隆夫, 金子 晃介, 栗林 健太郎, 岡村 耕二, 精緻に制御可能な恒常性のある高集積マルチアカウント型のメール基盤, マルチメディア,分散,協調とモバイル(DICOMO2018)シンポジウム, 2018.07, 様々なコミュニケーションサービスが普及する中,今もなおメールは広く利用されている. メールサービスを提供する事業者では,大量のメールアカウントを管理するために, サーバに高集積にメールアカウントを収容することでリソース効率を高めている. 一方で,特定のアカウントによるリソース占有により他のアカウントが影響を受け, サービスのサポート・運用コストの増大やメール遅延などの問題が後を絶たない. 本論文では,高集積マルチアカウント型メールシステムを安定化するための, 精緻に解析可能な恒常性のあるメール基盤の設計について述べる..
14. 笠原 義晃, 松本 亮介, 近藤 宇智朗, 小田 知央, 嶋吉 隆夫, 金子 晃介, 岡村 耕二, 軽量コンテナに基づく柔軟なホスティング・クラウド基盤の研究開発と大規模・高負荷テスト環境の構築, 情報処理学会 第40回 インターネットと運用技術研究会, 2018.03, インターネットを介して多種多様なサービスが提供されるようになり,そのサービス基盤となるホスティングやクラウドサービスには高効率化,耐障害性,負荷変動への耐性,柔軟性,セキュリティなどさまざまな要件が求められている.本研究では,これらの問題を解決するためFastContainerと呼ぶ軽量コンテナに基づくシステムアーキテクチャの改良を進めており,特にオートスケーリングのために必要な状況検知やリソーススケジューリング機能の研究開発のため,パブリッククラウド上にテスト環境を構築している.本論文ではFastContainerの概要とテスト環境の詳細,現状と今後の課題について述べる..
15. Yoshiaki Kasahara, Takao Shimayoshi, Masahiro Obana, Naomi Fujimura, Our experience with introducing microsoft office 365 in Kyushu University, 45th ACM Annual SIGUCCS Conference, SIGUCCS 2017, 2017.10, [URL], Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment..
16. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, An Analysis of Relationship between Storage Usage Distribution and Per-User Quota Value, 2016 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '16), 2016.11, [URL], To prevent resource (especially storage) shortage, information systems such as storage services and email services usually impose an upper bound of resource consumption (quota) per user. In a conservative way, an administrator tends to set a quota value such as the storage capacity divided by the expected maximum number of users for safety and fairness, but it tends to leave large unused storage space, because the users’ storage usage pattern shows a long-tailed distribution. In this paper, we analyzed storage usage distribution of some email services to approximate the distribution using a power-law distribution, and proposed a method to calculate an optimal quota value from a target size of storage consumption to increase storage utilization. We applied an optimal quota value we calculated to a real email service and analyzed the effect of quota change. Then, we analyzed actual distributions further to find a better model to approximate the distribution, and found that a log-normal distribution explained the distribution better than power-law. We also analyzed two other universities’ email service to find similar distribution in these systems..
17. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Migrating of the student user ID scheme for intra-institutional information service in Kyushu University, Network Security Workshop in APAN 41st Meeting, 2016.01, [URL], In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This presentation reports the design of new user ID scheme, ID management system we are using, and the effect of introduction of new user ID scheme..
18. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Introduction of Unchanging Student User ID for Intra-Institutional Information Service, 2015 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '15), 2015.11, [URL], In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This paper reports the design of new user ID, ID management system we are using, and the effect of introduction of new user ID..
19. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, Naomi Fujimura, Optimization of Storage Quota Based on User's Usage Distribution, the 2015 IEEE 39th Annual Computer Software and Applications Conference Workshops (COMPSACW 2015),ADMNET 2015, 2015.07, To prevent shortage of storage space in a service system, an administrator usually set per-user quota as an upper limit of usable space for each user. To avoid service failure caused by resource exhaustion, the administrator tends to set a conservative quota value such as the storage capacity divided by the expected maximum number of users. In this research, we analyzed long-term storage usage history of our email system and file sharing system in Kyushu University. Mostly through the analyzed period, the usage pattern showed a long-tailed distribution similar to log-normal distribution. Also the overall storage consumption slowly increased during the analyzed period. Based on these analysis, we defined “storage utilization ratio” to evaluate how the storage was effectively used. By approximating a storage utilization pattern as a power-law distribution, we proposed a method to calculate the optimal quota value to maximize the utilization ratio..
20. Yoshiaki Kasahara, POODLE and related SSL vulnerabilities, Network Security Workshop in APAN 39th Meeting, 2015.03, [URL], In October 2014, Google Security Team discovered and published yet-another SSL vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption), which allows a man-in-the-middle attacker to decipher an encrypted text without knowing the encryption key (one byte per 256 requests). It induced urged action to exterminate SSLv3 support from various services in the Internet, but it also caused troubles with some users. In this talk, Ill try to summarize what is POODLE attack, how it works, its workaround, and influence on ordinary users..
21. 川谷 卓哉, 伊東 栄典, 笠原 義晃, 藤村 直美, 適切なクォータ値設定のためのディスク使用量分析, 情報処理学会 第28回インターネットと運用技術研究会(IPSJ IOT), 2015.03, ストレージの容量不足を防ぐため,システム管理者は各利用者の使用上限値 (クォータ値) を設定する.システム管理者はサービスの安定提供のために,少なめのクォータ値を設定しがちである.また,クォータ値に単純に容量を利用者数で均等割りした値を設定することも多い.本研究では,筆者らが所属する九州大学の電子メールとファイル共有 (蓄積) システムを対象に,長期間のディスク使用量を分析した.ほとんどの時点で,利用者のディスク使用量はロングテール型の分布をしており,その分布は対数正規分布に近いことが分かった.長期間のディスク使用量の推移を調べた所,全体の使用量が微増していたことも分かった.ストレージの活用度を定義し,それに基づく評価方法を考案した.さらに,ディスク使用量分布の冪分布近似により,活用度が高くなるクォータ値の算定方法を考案した.実際のデータに基づき,ストレージの活用度を最高にするクォータ値も算出した..
22. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Introduction of New Kyushu University Primary Mail Service for Staff Members and Students, 2014 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '14), 2014.11, [URL], In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service..
23. Yoshiaki Kasahara, OpenSSL Heartbleed and aftermath, Network Security Workshop in APAN 38th Meeting, 2014.08, [URL], Recently revealed OpenSSL's "Heartbleed" vulnerability had shaken various parts of the Internet community abruptly. In this talk, I'll (re-)introduce some recent vulnerabilities including "Heartbleed," and some interesting events around them..
24. 藤村 直美, 笠原 義晃, 伊東 栄典, 尾花 昌浩, 井上 仁, 学生番号と異なる学内情報サービス専用ID付与, 情報処理学会 第26回インターネットと運用技術研究会(IPSJ IOT), 2014.06, 多くの組織で,組織内情報サービスのための利用者認証基盤構築されている.九州大学でも統合認証基盤を構築しており,そのアカウントとして学生には学生番号に基づく利用者IDを発行してきた.学生番号に基づく利用者IDにはセキュリティの問題がある.学生用の基本メールアドレスに用いてきたため外部に漏れやすく,また学生番号は学部または大学院で連続した数値等を用いるため利用者IDが推定されやすい.実際に学生アカウントを不正利用されるインシデントも発生した.学生番号に基づくIDは,入学前に情報サービスを利用出来ない,大学院進学時にアカウントが不連続になるなどの問題があった.これらの問題を解決するため,学内情報サービス専用のIDを付与する事にした.本稿では,利用者ID体系,利用者IDデータベース,認証用LDAPの構成などについて報告する..
25. Yoshiaki Kasahara, DNS Amp and its mitigation, Network Security Workshop in APAN 37th Meeting, 2014.01, [URL], DNS is one of the fundamental and indispensable services in the Internet. Almost all the services rely on it. Because DNS is (basically) UDP based protocol, there are some security issues such as poisoning and amplification attack. In this talk, I'll explain DNS Amp attack and its mitigation with some experience in Kyushu University campus network..
26. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Gulliver's Toss: Google's Chronic Big Load to University Mail Server and Its Sudden Resolution, 2013 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '13), 2013.11, [URL], Traditionally, Kyushu University has been providing email service internally using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Gmail's Mail Fetcher, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the situation and reasons of the big load induced by Google, its possible countermeasures, and its sudden resolution by Google's silent change..
27. Eisuke Ito, Yoshiaki Kasahara, Naomi Fujimura, Implementation and operation of the Kyushu university authentication system, 2013 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '13), 2013.11, [URL], Nowadays, a university needs to build and maintain a central ID database and authentication system for better ICT (information and communication technology) services. In 2008, the headquarters of Kyushu University had defined medium-range policy of ICT infrastructure preparation, and the policy had indicated construction of a central authentication system. According to the policy, the authors elaborated an installation plan of the Kyu(Q)shu University authentication system (QUAS, for short). Since 2009, Information Infrastructure Initiative of Kyushu University, to which the authors belong, has been issuing ID cards to all employees, and also operating LDAP servers. This paper introduces the action plan and outline of QUAS. This paper also describes two recent topics of QUAS. One is high load of LDAP servers because of rapid increase of mobile devices, and the other one is development of a multifactor authentication Shibboleth Identity Provider (IdP)..
28. Yoshiaki Kasahara, Eisuke Ito, A Study of Network Issues for Implementing Large-scale Academic Cloud Service, IEICE Workshop on Internet Architecture 2013 (IA2013), 2013.10, The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on..
29. 笠原 義晃, 伊東 栄典, IaaSクラウド型教育情報システムの実現可能性調査, 情報処理学会 第22回インターネットと運用技術研究会(IPSJ IOT), 2013.08, 仮想化技術の普及により,IaaS型のクラウドサービスが普及している。IaaSクラウド基盤を使うことにより,大学での教育情報システムを外部へアウトソースすることが可能である。アウトソースできれば,維持コストの削減が可能である。我々は,現在のPC教室型教育情報システムの,IaaSクラウド基盤上での実現について調査している。本稿では,仮想マシンを遠隔利用する場合の問題点と,実用する場合の通信帯域およびRDP性能について調査した結果を報告する。.
30. Yoshiaki Kasahara, Yasuichi Kitamura, APAN CIF Server Update, Network Security Workshop in APAN 36th Meeting, 2013.08, From 2012, APAN Security WG is working with REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) for a test pilot of federated sharing of security intelligence information over Collective Intelligence Framework (CIF) developed by REN-ISAC. Until recently we were running CIFv0, but due to underlying OS upgrade/reinstall, now we need to migrate to CIFv1, which is still in testing stage. In this talk, we will introduce the current status of APAN CIF server and its software upgrade experience..
31. 伊東 栄典, 堀 良彰, 笠原 義晃, 井上 弘士, 情報系大学院でのVCL活用, 情報処理学会 第9回教育学習支援情報システム研究会(IPSJ CLE), 2013.02, [URL], 近年,大学における情報機器を援用する教育活動や,情報科学技術の教育で,仮想化システムやクラウドシステムの利用が進んでいる.筆者らが所属する九州大学では, 2010年度末に九州大学システム情報科学研究院が同院内の教育用にVCLをベースとするシステムを導入した.また,2011年度末,九州大学情報基盤研究開発センターでは,主に大学院での教育に用いるための情報システムとしてVCLシステムを導入した.本稿では,導入したVCLシステムの構成と講義での利用事例を述べる.またVCLシステムの運用で得た様々な問題点について考察する..
32. Kevin Benton, Gabriel Iovino, Yoshiaki Kasahara, Yasuichi Kitamura, International Collaboration for Security Event Information Sharing, Tech in Paradise 2013, 2013.01, [URL], At the Summer 2009 JointTechs, the REN-ISAC Security Event System (SES) was introduced. SES provides for collection of security event data from participating institutions, data correlation, and output of threat indicators. Participants use the indicators in local protections, such as IDS and sinkholes, and in incident analysis. SES is a production tool serving the REN-ISAC community.

SES continues to evolve, as the Collective Intelligence Framework (CIF), receiving National Science Foundation support. CIF provides additional capabilities, including a broader base of data from public, private, and participant sources, additional data types, scaling, improved API, and inter-federated sharing. Core indicator sharing occurs within a multi-institutional trust community, such as within the community of REN-ISAC members. In CIF inter-federated, data collected in one trust community can be exchanged, through policy, with other communities. Among TransPAC3 project deliverables, linking APAN and US networks, is to engage the respective communities to address security threats and incidents. In that context, US and APAN researchers established pilot inter-federation sharing of security event information among CIF systems, one operated by REN-ISAC at Indiana University, and another by researchers at Kyushu University and APAN-JP. This presentation provides background on CIF, and details the APAN-US international security information sharing pilot..
33. 笠原 義晃, 伊東 栄典, 大学向けクラウド基盤におけるVMテンプレートの多様化, 第1回地域間インタークラウドワークショップ, 2012.11, 学内の情報系学部向けIaaS型プライベートクラウドサービスにおいて,サービス充実のため,多様なOSおよび多様なPaaS型のテンプレート充実を検討している。組織内だけでテンプレートを充実させるのは困難であるため,全国的な協力体制について議論したい。.
34. Naomi Fujimura, Tadatsugu Togawa, Yoshiaki Kasahara, Eisuke Ito, Introduction and experience with the Primary Mail Service based on their names for students, 2012 ACM SIGUCCS Annual Conference on User Services Conference (SIGUCCS '12), 2012.10, [URL], Kyushu University provided mail service based on student IDs such as "1AB10123X" to the university students for many years. Using this model, we had problems communicating with the students who graduated from the University and enrolled in the graduate school. The students received new mail addresses based on their new student IDs such as "2AB12789Y". Faculty members were forced to change the student mail addresses in the mailing lists and in their mail client address book. Furthermore, students were forced to notify the e-mail address change to all of their existing contacts. We introduced a new mail system to provide addresses based on the student name, as well as student ID in April 2011. The new naming convention uses the following format: lastname.firstname.999 where 999 is a random number of 3 digits. Students can select some combination patterns of their first and last names for Japanese. We also consider the middle names for foreign students. In the system implementation, we did not have the formal information of alphabetical names for students. We generated alphabetical names from Japanese Katakana names. It is not easy for us to get the appropriate name in this manner. We implemented a confirmation stage of the alphabetical name at first use, and then students can select their mail addresses for their convenience. We paid much attention to the user interface in the system. Since April 2011, the number of users who use the mail address based on their own name has been increasing gradually. This paper will detail the usage status of the new system..
35. 笠原 義晃, 伊東 栄典, 堀 良彰, 藤村 直美, Gmailが大学メールサーバへ与える負荷状況の分析, 第19回IOT・第39回EVA合同研究会, 2012.09, [URL], 九州大学では,従来から大学ドメインのメールサーバを学内に構築し,構成員へメールサービスを提供してきた.2012年1月頃より,学内の情報サービスに対し利用者認証機能等を提供する全学認証サーバの負荷の高さが問題となり,その原因の一つが学生向けメールサーバであることが明らかになった.詳細な分析の結果,Google社のGmailから本学のメールサーバへ持続的なアクセスがあり,中でも既に卒業などで消滅したアカウントへのアクセスが多数あることが分かった.本稿では,本学の学生メールサーバのアクセスログ解析に基づいて,Gmailがメールサーバへ与える負荷状況の分析とその理由について述べ,対応策について検討する..
36. Yoshiaki Kasahara, Yasuichi Kitamura, Toward federated sharing of security intelligence information over Collective Intelligence Framework (CIF), Network Security Workshop in APAN 34th Meeting, 2012.08, [URL], REN-ISAC (Research and Education Networking Information Sharing nd Analysis Center - http://www.ren-isac.net/) has been working for SES (Security Event System) Project. CIF (Collective Intelligence Framework) is a framework developed through the project as an open source tool/framework to collect intelligence concerning malicious actors and reputation of Internet elements. As SESv3, they started to explore inter-federation information sharing, and APAN Security WG is involved as one of counterparts. In this talk, I'll (re)introduce CIF, explain the current status of the cooperation, and call for more participants from APAN community..
37. 伊東 栄典, 笠原 義晃, 藤村 直美, 全学認証サーバの負荷状況と負荷分散, 第57回CSEC・第17回IOT合同研究発表会, 2012.05, [URL], 近年,大学では全学的な認証基盤構築が進んでいる。筆者らが所属する九州大学でも全学共通IDの発行および認証基盤を構築し,学内向け情報サービスの利用者認証を一元化している。近年,LDAP認証サーバの負荷が上昇している。電子メール利用時の認証と,無線LAN接続時の認証が負荷の増大となっている。本論文では,九州大学認証基盤における負荷状況の解析結果を述べる。また,負荷分散についての方法を示す。最後に,実際に負荷分散を行った効果について,短い期間であるものの,その結果を示す。.
38. Satoru Akimoto, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, A Study of Collaborative Behavior Detection and Investigating Change of Attack using 3D-visualization with Observing the Darknet Traffic, Fifth Workshop among Asian Information Security Labs (WAIS'2012), 2012.01.
39. 秋本 智, 笠原 善晃, 堀 良彰, 櫻井 幸一, ダークネットトラヒック観測における協調型攻撃検知と3次元可視化を用いた攻撃変遷調査, 暗号と情報セキュリティシンポジウム(SCIS'2012), 2012.01.
40. 戸川忠嗣, 藤村直美, 笠原義晃, 伊東栄典, 英字氏名ベースのメールアドレスによる学生メールサービス, 第33回 全国共同利用情報基盤センター 研究開発連合発表講演会, 2011.11.
41. 藤村直美, 戸川忠嗣, 笠原義晃, 伊東 栄典, 姓名をベースにしたアドレスによる学生基本メールの運用について, 第14回 情報処理学会インターネットと運用技術(IOT)研究会, 2011.07.
42. Seiichiro Mizoguchi, Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Bot Detection Scheme By Analyzing Traffic Behavior, Fourth Workshop among Asian Information Security Labs (WAIS’2011), 2011.01.
43. 伊東 栄典, 笠原 義晃, 藤村 直美, 九州大学全学基本メールの機能改善と有料サービスクラスの開始, 平成22年度情報教育研究集会, 2010.12.
44. Seiichiro Mizoguchi, Yoshiro Fukushima, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Darknet Monitoring on Real-Operated Networks, The 5th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), 2010.11, Dark net monitoring is an effective method to analyze malicious activities on networks including the Internet. Since there is no legitimate host on darknets, traffic sent to such a space is considered to be malicious. There are two major issues for dark net monitoring: how to prepare unused address space and how to configure network sensors deployed on the network. Preparation of monitoring addresses is difficult, and it have not been obvious yet what an appropriate configuration is. To solve the first issue, we proposed a method for network monitoring by exploiting unused IP addresses on segments managed by DHCP server, where is a real-operated network. By assigning these addresses, we can easily obtain IP addresses for monitoring and enable network monitoring on production network. Furthermore, we conducted real dark net monitoring experiments and clarified what kind of information could be obtained. We deployed several types of sensors on real-operated network and captured dark net traffic. After analyzing the traffic, we compared the data between each sensor. We found that there were dramatic differences between the data collected by each sensor and our proposed method was useful for real network monitoring..
45. Seiichiro Mizoguchi, Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Implementation and Evaluation of Bot Detection Scheme based on Data Transmission Intervals, The 6th workshop on Secure Network Protocols, 2010.10, Botnet is one of the most considerable issues in the world. A host infected with a bot is used for collecting personal information, launching DoS attacks, sending spam e-mail and so on. If such a machine exists in an organizational network, that organization will lose its reputation. We have to detect these bots existing in organizational networks immediately. Several network-based bot detection methods have been proposed; however, some traditional methods using payload analysis or signature-based detection scheme are undesirable in large amount of traffic. Also there is a privacy issue with looking into payloads, so we have to develop another scheme that is independent of payload analysis. In this paper, we propose a bot detection method which focuses on data transmission intervals. We distinguish human-operated clients and bots by their network behaviors. We assumed that a bot communicates with C&C server periodically and each interval of data transmission will be the same. We found that we can detect such behaviors by using clustering analysis to these intervals. We implemented our proposed algorithm and evaluated by testing normal IRC traffic and bot traffic captured in our campus network. We found that our method could detect IRC-based bots with low false positives..
46. 溝口 誠一郎, 釘崎 裕司, 笠原 義晃, 堀 良彰, 櫻井 幸一, データ送信間隔に基づくボット検知手法の提案ならびに実装と評価, マルチメディア、分散、協調とモバイル (DICOMO2010) シンポジウム, 2010.07.
47. 阿部英司, 伊東栄典, 笠原義晃, 認証フェデレーションにおけるIdPの属性制御, 電子情報通信学会2010年総合大会, 2010.03, [URL].
48. Eisuke Ito, Eiji Abe, Yoshiaki Kasahara, SP / IdP cases, 29th APAN meeting, 2010.02, [URL].
49. Masanori NAKAKUNI, Hiroshi DOZONO, Eisuke ITO, Yoshiaki KASAHARA, Hideaki NAKAKUNI, A Method of Personal Authentication by Shape Recognition of the Lips and Front Teeth, 11th WSEAS International Conference on MATHEMATICAL and COMPUTATIONAL METHODS in SCIENCE and ENGINEERING (MACMESE'09), 2009.11, [URL].
50. 伊東 栄典, 笠原 義晃, 藤村 直美, 九州大学における職員向け電子メールサービスの現状, 平成21年度情報教育研究集会, 2009.11, [URL].
51. 阿部 英司, 伊東 栄典, 笠原 義晃, 要認証サイトのマッシュアップについての考察, 第62回電気関係学会九州支部連合大会, 2009.09, [URL].
52. Yoshiaki Kasahara, Yoshiaki Hori, and Kouichi Sakurai, Detecting Abusive Email Senders by SMTP Traffic Monitoring, Joint Workshop on Information Security, 2009.08.
53. 小野 昂, 阿部 英司, 中國 真教, 笠原 義晃, 伊東 栄典, 分散SSO機構を用いたコミュニティ認可に関する考察, 情報処理学会火の国情報シンポジウム2009, 2009.03, [URL].
54. 釘崎裕司, 笠原義晃, 堀良彰, 櫻井幸一, データ送信間隔に着目した挙動の観測に基づくボット検知手法, SCIS2009, 2009.01, [URL].
55. 笠原義晃, 堀良彰, 櫻井幸一, SMTPトラヒック観測を利用したSPAM送信者の検出, SCIS2009, 2009.01, [URL].
56. Masanori Nakakuni, Eisuke Ito, Yoshiaki Kasahara and Horoshi Dozono, Private Electronic Notary Service in Universities and Its Utilization in Education, 4th WSEAS/IASME Int. Conf. on EDUCATIONAL TECHNOLOGIES (EDUTE'08), 2008.10.
57. 釘崎裕司, 笠原義晃, 堀良彰, 櫻井幸一, データ送信時間間隔に基づくボット検知手法, 情報通信システムセキュリティ研究会, 2008.09.
58. 阿部 英司, 伊東 栄典, 笠原義晃, 中國真教, 認証つきサービスにおける組織間連携のためのPKIとOpenIDの融合, 情報処理学会第二回インターネットと運用技術研究会, 2008.09.
59. Masanori Nakakuni, Hiroshi Dozono, Ito Eisuke and Yoshiaki Kasahara, A Method of Automatic User Authentication by Fulltime Monitoringof Keystroke Timings, 2008 International Conference on Security and Management (SAM'08), 2008.07.
60. Yoshiaki Kasahara, Confidentiality and Anonymity over the network, APII Workshop 2008, 2008.03, [URL].
61. Eisuke Ito, Yoshiaki Kasahara, Megumi Nogita and Takahiko Suzuki, Institutional authentication platform for trustful inter/intra-institutional ubiquitous services, the 2nd International Conference of Ubiquitous Information Technology (2nd ICUT), 2007.12.
62. Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Bot Detection based on Traffic Analysis, 2007 International Conference on Intelligent Pervasive Computing (IPC-07), 2007.10.
63. 伊東 栄典, のぎ田 めぐみ, 笠原 義晃, 鈴木 孝彦, 認証連携による無線LANローミング環境 −九州大学におけるUPKI・eduroamの連携−, 情報処理学会 研究会報告 2007-DPS-132/2007-GN-65/2007-EIP-37, 2007.09.
64. 釘崎裕司, 笠原義晃, 堀良彰, 櫻井幸一, トラフィック解析に基づくボット検知手法, コンピュータセキュリティ研究会, 2007.05.
65. 園田亮, 伊東栄典, 池田大輔, 竇ギョクホウ, 笠原義晃, 大量の音楽プレイリストに基づく楽曲推薦システムの試作, 情報処理学会第69回全国大会, 2007.03.
66. のぎ田めぐみ, 笠原義晃, 伊東栄典, 鈴木孝彦, 利用者認証に用いる識別子の決定方法に関する考察, 電子情報通信学会 情報セキュリティ研究会(ISEC), 2006.12.
67. Y. Kasahara, Passive Server Detection and Banner Collection, Core University Program on Next Generation Internet, 2006.01.
68. Y. Kasahara, Malicious Activities Observed by IDS in Kyushu University, Asia Pacific Advanced Network, 2006.01, [URL].
69. Y. Kasahara, Y. Hori, T.G. Kwon, H.S. Kim, Network Security Research in SEC Group, Core University Program Seminar on Next Generation Internet, 2005.09.
70. S.M. Kang, Y. Kasahara, T.G. Kwon, Packet Classification using Dual TCAM Tables, ITC-CSCC 2005, 2005.07.
71. Y. Kasahara, Passive Server Detection in Campus Network by Packet Monitoring, Joint Seminar of Core University/JSPS 163rd Committee on Next Generation Internet, 2004.11.
72. C.S. Hong, Y. Kasahara, D.H. Lee, DDoS Attack Defense Architecture Using Active Network Technology, Computational Science and Its Applications - ICCSA 2004, 2004.05.
73. Y. Kasahara, State and Issues of Anomalous Activities Observed by Intrusion Detection System in Kyushu University, 2nd Core University Program Seminar on Next Generation Internet, 2004.02.
74. 伊東栄典, 笠原義晃, 吉武保, 西和則, 対話型インターフェイスを持つ情報提示エージェントの試作, 情報処理学会第63回全国大会, 2001.09.
75. 笠原 義晃, 石田 慶樹, 古川 善吾, 九州大学におけるWWWキャッシュサーバの運用と評価, 情報処理学会研究報告インターネットと運用技術(IOT), 1997.10, 近年、インターネットが世界的に注目されており、ユーザの爆発的増加に伴なうトラフィックの増加が問題となっている。現在インターネットの幹線を流れるトラフィックの大部分はWWWに関するデータである。WWWのトラフィックには重複するデータが多いため、キャッシュサーバを利用することによって幹線にかかる負担を軽減することができる。本稿では、九州大学で約1年間運用してきた学内向けキャッシュサーバのログや応答時間をいくつかの側面から解析し、評価と問題点の考察を行った。結果として、ヒット率は60%程度と満足できるものの、アクセス集中時に通常の50?100倍程度の応答時間の劣化が観測された。Recently, an explosive increase of population id traffic of the Internet became a severe problem. The WWW (World Wide Web) is the major source of the explosion, and now the traffic on the backbone of the Internet is mostly dominated by the WWW traffic. There are a lot of duplication in the WWW traffic, and WWW cache servers may decrease traffic on the backbone. This paper analyzes the log files of a WWW cache server which has been running for WWW users in Kyushu University since August 1996. It is acceptable that the hit rate on the WWW server is about 60% but the severe increase of a response time is observed during busy time..
76. 石田 慶樹, 笠原 義晃, 田原 俊一, 分散協調に基づいたキャンパス・ネットワーク管理, 計算機科学研究報告, 1997.03.


本データベースの内容を無断転載することを禁止します。

九大関連コンテンツ

pure2017年10月2日から、「九州大学研究者情報」を補完するデータベースとして、Elsevier社の「Pure」による研究業績の公開を開始しました。
 
QIR 九州大学学術情報リポジトリ システム情報科学研究院
情報基盤研究開発センター
Copyright © 2006, Kyushu University. All rights reserved.