Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1145/3235715.3235737

Repository Public URL： http://hdl.handle.net/2324/2557138

Language：Japanese  

A Preliminary Study on Gathering SMTP Responses for Email Delivery on the Internet

Language：Japanese  

A Consideration on a Sender-Side Spam Scoring Header of E-mail Messages

Language：Japanese  

電子メールは古くから用いられているメッセージ交換手段で，依然として世界的に広く利用されている．メールサービスを提供するメールホスティングでは，多数の利用者を同一システムに収容するマルチテナント型によりリソース効率を高め，運用コストを低減している．メールホスティングでは利用可能なグローバル IP アドレス数やメール送信の集中管理のため送信サーバは集約されていることが多いが，大量メール送信や送信先の迷惑メール対策により送信キューの輻輳が発生することで，問題を起こしたテナント以外にも影響が波及し，サービス品質の低下や管理コストの増大をまねいている．本研究では，テナントごとの送信キューの分離と，メール送信の集中管理や送信用グローバル IP アドレスの管理を両立する，メール送信集約用の透過型 SMTP プロキシを提案する．また，送信キューの分離によってキュー輻輳時の影響範囲が限定される効果を確認するための予備実験と，透過型 SMTP プロキシのプロトタイプ実装について述べる．

Language：English   Publishing type：Research paper (international conference proceedings)  

Email is a traditional but still important global communication tool. An email address is a kind of personal identifier, and email addresses printed on publications require persistent reachability. Kyushu University provides a university-wide email service, Primary Mail Service, and assigns a Primary Mail Address for each member. Divisions of the university additionally operate individual email services for their internet subdomains and administer member email addresses. Since email is a major means of cyberattacks nowadays, the secure operation of an email server demands considerable effort and high skill. This article describes a challenge at Kyushu University for consolidating individual email services. Since 2018, the Primary Mail Service has been operated using Microsoft's cloud service, Exchange Online, which supports multiple internet domains on a tenant. The approach employed is registering divisional subdomains to the tenant and configuring forwarding addresses from addresses of the subdomains to the Primary Mail Addresses or external addresses. A desirable scheme is for each domain administrator to manage forwarding addresses of the domain, but Exchange Online is unable to delegate administration to the domains. To overcome this, a system was designed and developed for domain administrators to create, read, update, and delete forwarding addresses. Beginning in July 2020, a new service to import divisional domains was offered. We are now planning measures for promoting the consolidation of individual email services.

DOI： 10.1145/3419944.3441170

Other Link： https://doi.org/10.1145/3419944.3441170

Language：English   Publishing type：Research paper (international conference proceedings)  

Renovation of the Office 365 environment in Kyushu University: Integration of Account Management and Authentication.
Office 365 Education is a suite of cloud services for students and educators. Kyushu University has provided Office 365 accounts for all students and staff. The first generation of an environment for Office 365 provisioning in the university had several issues about associating between Office 365 accounts and member identifications of the university. All university members are randomly assigned unique identifiers by the central ID management system for using commonly in university-wide information services. Since the IDs are for internal use only, the first environment authenticated a user with another ID and password specific for Office 365. In addition, processes for assigning licenses and giving privilege to users of Office 365 depending on modifications to member information in the ID management system were not fully automated. This paper shows how we resolved problems integrating Office 365 into the ID management of the university by rebuilding the infrastructure. We configured a federated authentication system and developed a system for processing in events of the account life cycle.

DOI： 10.1145/3347709.3347819

Language：Japanese   Publishing type：Research paper (conference, symposium, etc.)  

個人情報保護と情報セキュリティを考慮したOffice365Educationの環境構築方法

Language：Japanese  

A Study on Confidential Information Protection in Kyushu University

Language：Japanese  

Restructuring of Service Infrastructure for Office 365 in Kyushu University
九州大学では2016 年からOffice 365 を全学サービスとして正式に提供してきたが、その基盤システムやテナント運用などについて様々な課題が生じていた。そこで、基盤システムとテナントを含めて環境を新たに再構築し、2018 年4 月から新しいサービス環境の提供を開始した。本稿では、従来の環境における課題とその解決策、さらに、新しい環境の構築過程で生じた問題とその解決方法などについて紹介する。

Language：Japanese  

精緻に制御可能な恒常性のある高集積マルチアカウント型のメール基盤

Language：Japanese  

Language：Japanese  

Flexible Hosting/Cloud Platform Based on Light-Weight Containers and its Evaluation and Stress Test Environment

Language：Japanese  

A Design of Elaborately Analyzable Homeostatic E-mail System

Language：Japanese  

様々なコミュニケーションサービスが普及する中，今もなおメールは広く利用されている．メールサービスを提供する事業者では，大量のメールアカウントを管理するために，サーバに高集積にメールアカウントを収容することでリソース効率を高めている．一方で，特定のアカウントによるリソース占有により他のアカウントが影響を受け，サービスのサポート・運用コストの増大やメール遅延などの問題が後を絶たない．本論文では，高集積マルチアカウント型メールシステムを安定化するための，精緻に解析可能な恒常性のあるメール基盤の設計について述べる．

Language：Japanese  

Flexible Hosting/Cloud Platform Based on Light-Weight Containers and its Evaluation and Stress Test Environment
As basic components of ever-expanding internet services, hosting services and cloud computing platforms are expected to satisfy various requirements, such as efficiency, fault-tolerance, resiliency against high load, flexibility, and security. We are trying to solve these problems with a light-weight container based architecture (called FastContainer). To improve FastContainer (especially its auto-scaling function), we are creating an environment for performance and stress tests on a public cloud platform. In this paper, we describe the overview of FastContainer and details of the test environment, its current status, and future plans.

Repository Public URL： http://hdl.handle.net/2324/1910461

Language：English   Publishing type：Research paper (other academic)  

Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment.

DOI： 10.1145/3123458.3123491

Repository Public URL： http://hdl.handle.net/2324/4753051

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1145/2974927.2974936

Repository Public URL： http://hdl.handle.net/2324/1789446

Language：Japanese  

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1145/2815546.2815578

Repository Public URL： http://hdl.handle.net/2324/1563581

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1109/compsac.2015.221

Language：Japanese  

A study of disk usage distribution analysis to set optimal quota value
To prevent shortage of storage space in a service system, an administrator usually set per-user quota as an upper limit of usable space for each user. To prevent service failure caused by resource exhaustion, an administrator tends to set a conservative quota value such as the storage capacity divided by the expected maximum number of users. In this research, authors analyzed long-term storage usage history of our email system and file sharing (archiving) system in Kyushu University. Mostly through the analyzed period, the usage pattern showed a long-tailed distribution similar to lognormal distribution. Also the overall storage consumption slowly increased during the analyzed period. Based on these analysis, the authors defined "storage utilization ratio" to evaluate how the storage is effectively used. By approximating a disk utilization pattern as a power-law distribution, we proposed a method to calculate an optimal quota value to maximize the utilization ratio. We applied the method to the actual data to calculate the best quota value to maximize the utilization ratio.

Language：Japanese  

A study of disk usage distribution analysis to set optimal quota value
ストレージの容量不足を防ぐため，システム管理者は各利用者の使用上限値 （クォータ値） を設定する．システム管理者はサービスの安定提供のために，少なめのクォータ値を設定しがちである．また，クォータ値に単純に容量を利用者数で均等割りした値を設定することも多い．本研究では，筆者らが所属する九州大学の電子メールとファイル共有 （蓄積） システムを対象に，長期間のディスク使用量を分析した．ほとんどの時点で，利用者のディスク使用量はロングテール型の分布をしており，その分布は対数正規分布に近いことが分かった．長期間のディスク使用量の推移を調べた所，全体の使用量が微増していたことも分かった．ストレージの活用度を定義し，それに基づく評価方法を考案した．さらに，ディスク使用量分布の冪分布近似により，活用度が高くなるクォータ値の算定方法を考案した．実際のデータに基づき，ストレージの活用度を最高にするクォータ値も算出した．To prevent shortage of storage space in a service system, an administrator usually set per-user quota as an upper limit of usable space for each user. To prevent service failure caused by resource exhaustion, an administrator tends to set a conservative quota value such as the storage capacity divided by the expected maximum number of users. In this research, authors analyzed long-term storage usage history of our email system and file sharing (archiving) system in Kyushu University. Mostly through the analyzed period, the usage pattern showed a long-tailed distribution similar to lognormal distribution. Also the overall storage consumption slowly increased during the analyzed period. Based on these analysis, the authors defined "storage utilization ratio" to evaluate how the storage is effectively used. By approximating a disk utilization pattern as a power-law distribution, we proposed a method to calculate an optimal quota value to maximize the utilization ratio. We applied the method to the actual data to calculate the best quota value to maximize the utilization ratio.

Language：English   Publishing type：Research paper (other academic)  

In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service.

DOI： 10.1145/2661172.2662965

Repository Public URL： http://hdl.handle.net/2324/2557140

Language：Japanese  

Introduction of new student-long user ID for intra-institutional information services
Integrated user authentication platform realizes secure and easy use intra-institutional services. Most universities and academic institutions have an integrated user account database, and construct an authentication platform. In Kyushu University, the user ID of a student was the same with his/her student ID. However, there were some problems around security and availability in user ID based on student ID. Since student ID was used for the mail address of student, it is easy to leak outside. Additionally, student ID includes a serial number, and then it is easy to guess other IDs from one ID. Student ID is issued to a student at the day of entrance ceremony, and then it is impossible to use university information services before entrance. ID continuity is also the problem. Student IDs for a person are deferent in between graduate school and in graduate school. Then, personal data for an account cannot continue during the student life. To solve these problems, Kyushu University decided to introduce another student-long user ID service. This paper reports the new user ID, ID management system, and the effect of introduction of new user ID.

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1145/2504776.2504815

Repository Public URL： http://hdl.handle.net/2324/4796096

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1145/2504776.2504788

Language：English  

The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on.

Language：Japanese  

A feasibility study of educational system on IaaS cloud
With advancement of virtualization technology, various kinds of cloud services are widely available such as Infrastructure-as-a-Service (IaaS) type services. By using IaaS cloud infrastructure, it is possible to outsource educational information system in a university to an external service provider and reduce operational and maintenance costs. We are investigating feasibility of implementing PC-equipped classroom in educational information system over IaaS cloud infrastructure. In this paper, we discuss problems when using virtual machines remotely, and report the results of experiments measuring RDP performance and bandwidth usage.

Language：Japanese   Publishing type：Research paper (scientific journal)  

A Bot Detection Method Using Hierarchical Clustering Based on Mechanical Communication Behavior Model
ネットワーク上に存在するボットに感染した端末を特定するために，ネットワークアプリケーションが送信するアプリケーションプロトコルメッセージの送信間隔に着目したボット検知手法を提案する．人間がアプリケーションを操作した場合，そのアプリケーションプロトコルメッセージの送信間隔はばらつくのに対し，ボットの場合はその挙動がコードによって規定されているため，アプリケーションプロトコルメッセージの送信間隔の分布に偏りが起きる．この分布の違いを利用して，人間とそうでないものを区別することで，ボットを発見する．はじめにネットワークアプリケーションに対する入力と出力の関係をモデル化し，IRCクライアントのIRCメッセージ送信間隔のモデル化を行う．続いて，提案モデルに従ったボット検知アルゴリズムを設計する．アルゴリズムでは，IRCメッセージの送信間隔の列に対して階層型クラスタリングを適用することで人間と機械のモデルの区別を行う．評価では，モデルに基づく擬似データを用いてアルゴリズムのパラメータを設定した後，実際の人間が操作するIRCクライアントで観測されたIRCトラフィックならびにIRCボットのトラフィックに対して提案手法を適用した．その結果，IRCボットのトラフィックは機械が生成したトラフィックとして正しく判定された．In this paper, we propose a bot detection method which focuses on application protocol message transmission intervals of applications in order to find bot infected machine on a network. Our method predicts who is controlling the application by monitoring its network behavior, especially application protocol message transmission intervals. An application which is operated by a human has random behaviors due to the human operation, while a bot has a mechanical behavior since its behavior is written in its own code. First, we build a model of network behavior of human and non-human operated application and we find that several samples follow the model. Then we design a bot detection algorithm using a hierarchical clustering. In evaluation phase, we set parameters in the algorithm with artificial data based on our proposed model and then we evaluate our method with real human IRC traffic and IRC bot traffic. Our method correctly judges bot traffic as machine-generated one.

Language：Japanese  

A Study of VCL in Graduate School of ICT

Language：Others   Publishing type：Research paper (other academic)  

DOI： 10.1145/2382456.2382460

Language：Others  

DNS traffic analysis to detect the botnet based on the query of the same domain
近年、ネットワークを利用した脅威の中で、多数のホストが連携したボットネットによる攻撃が問題視されている。ボットネットは金銭目的で使われる組織化された攻撃プラットフォームであるため、この検知は重要課題となっている。 我々はボットネットの早期検知を目標とし、本研究ではDNSトラヒックを用いて、複数の始点が同一のドメインに関する情報の問い合わせを行うパケットのうち、その応答パケットを抽出する。そして、その問い合わせ対象のドメイン名を用いて提供しているサービスの悪性について調査する。悪性については、既存の、動的アクセスに基づく悪性サイト判定システムと連携し、評価を行う。

Language：Japanese  

Google makes a chronic big load to university mail server
九州大学では，従来から大学ドメインのメールサーバを学内に構築し，構成員へメールサービスを提供してきた． 2012 年 1 月頃より，学内の情報サービスに対し利用者認証機能等を提供する全学認証サーバの負荷の高さが問題となり，その原因の一つが学生向けメールサーバであることが明らかになった．詳細な分析の結果， Google 社の Gmail から本学のメールサーバへ持続的なアクセスがあり，中でも既に卒業などで消滅したアカウントへのアクセスが多数あることが分かった．本稿では，本学の学生メールサーバのアクセスログ解析に基づいて， Gmail がメールサーバへ与える負荷状況の分析とその理由について述べ，対応策について検討する．Traditionally, Kyushu University has been providing email service using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Google's Gmail, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the current situation and reasons of the big load induced by Gmail and its possible countermeasures based on the analysis of access logs for Student Primary Mail Service.

Language：Japanese  

A study of LDAP load balancing for University ICT services
Integrated user authentication platform may realize secure and easy use intra-institutional services. So, most institutions have integrated user account, and constructed internal authentication platform. The more clients depend on the central authentication server. The loads of the authentication server will become much higher. In Kyushu University, which authors belong, the load of the authentication server becomes very high because of authentication of e-mail and wireless network service. In this paper, we analyze the load condition of the authentication server, and study some load balancing.

Language：Japanese  

A study of LDAP load balancing for University ICT services
近年，大学では全学的な認証基盤構築が進んでいる．筆者らが所属する九州大学でも全学共通 ID の発行および認証基盤を構築し，学内向け情報サービスの利用者認証を一元化している．認証基盤を利用するサービスの増加に伴い， LDAP 認証サーバの負荷が上昇している．中でも電子メール利用時の認証と，無線LAN接続時の認証が認証サーバの負荷を増大させている．本論文では，九州大学認証基盤における負荷状況の解析結果を述べる．また，負荷分散の方法を提案し，実際に負荷分散を適用した効果について，短期間ではあるものの，その結果を示す．Integrated user authentication platform may realize secure and easy use intra-institutional services. So, most institutions have integrated user account, and constructed internal authentication platform. The more clients depend on the central authentication server. The loads of the authentication server will become much higher. In Kyushu University, which authors belong, the load of the authentication server becomes very high because of authentication of e-mail and wireless network service. In this paper, we analyze the load condition of the authentication server, and study some load balancing.

Language：Others  

Language：Japanese  

Primary Mail Service for Students Based on their Names
九州大学情報統括本部では学生に提供しているメールサービスとして、従来は学生番号をベースとしたアドレスで提供していた。しかしながら大学院に進学時にアドレスが変わるなどの問題があると考え、姓名をベースにしたアドレスも使えるようにメールシステムを再構築して 2011 年 4 月からサービスを開始した。ここではシステムの基本的な考え方、実装、運用に至るまでの問題点、運用の実際について報告する。Information Infrastructure Initiative provided the e-mail service based on Student ID to all the students in Kyushu University. However, the e-mail address based on the student ID changes when a student graduates from the department and enters the graduate school because a student gets a new student ID at that time. We implemented the new e-mail service system to improve the problem, and started the service in April 2011. Students can use the same e-mail address while they are the students in Kyushu University. We describe the purpose, operation, and experience with the new e-mail service.

Language：English   Publishing type：Research paper (other academic)  

DOI： 10.1109/bwcca.2010.82

Language：English   Publishing type：Research paper (other academic)  

DOI： 10.1109/npsec.2010.5634446

Language：Japanese  

Language：Japanese  

BS-7-7 Attribute control in IdP for federated web services

Language：Japanese  

Language：English   Publishing type：Research paper (international conference proceedings)  

In this paper we propose a method for carrying out personal authentication by recording a photo of a computer user's face, recognizing the shape of their lips and front teeth, and performing image matching. Using this method, personal authentication is carried out by comparing the previous and current shape of a user's lips and front teeth when they log on to a computer. This method has a number of merits. As teeth are normally hidden behind the user's lips, user authentication is not carried out automatically as is the case with facial recognition. This means that it is possible for the user to decide for themselves whether or not to carry out user authentication. As it is not possible for a user to be recognized simply by their face being recorded on camera, their privacy is protected. Additionally, as the shape of lips and front teeth vary between individuals, there is a high probability that a user can be correctly identified. Furthermore, there is a low probability of significant changes to the shape of adult teeth over a period of months or years unless major dental work is carried out, so this method is potentially suited to personal authentication. Another merit of this method is the fact that it is possible to perform user authentication using an inexpensive webcam. In this paper, we will detail experiments using this method to perform personal authentication as well as the subsequent results.

Language：Others   Publishing type：Research paper (other academic)  

A method of automatic user authentication by fulltime monitoring of keystroke timings
This paper will propose a method of user authentication that constantly monitors the keystroke timings of a computer user, identifies a user based on the characteristics of keystrokes and discovers spoofing. This method authenticates users by comparing past and current keystroke timings when a user is working on a computer. This method has the following two main advantages. One is that it discovers spoofing even when users change while logged in. When a user pushes keys to operate a computer, the computer automatically performs personal authentication. Users do not have to take any special action for personal authentication. This paper will also propose how to enhance security using these characteristics in combination with existing user authentication methods.

Language：English  

Construction and Use Examples of Private Electronic Notary Service in Educational Institutions

Other Link： http://www.worldses.org/journals/education/education-2008.htm

Language：English   Publishing type：Research paper (other academic)  

A variety of documents are prepared and used in universities and colleges. As the internet becomes widely available in recent years, paper documents are being replaced with electronic data, which are often distributed widely through websites and other electronic resources. Such data are distributed through various routes and means, and prone to the risk of alteration in the process. Data may be protected against alteration, but it is difficult to completely prevent data alteration in the distribution process. Data can be generated with electronic signature that allows for the identification of data creator and possible alterations by third parties. This method is, however, not valid if the data becomes separated from the electronic signature, making the validation of data creator or data alterations difficult or impossible. In this paper, we describe the invention of a system that, even in cases where data is separated form the electronic signature, enables easy identification of possible data alterations by the electronic signature management. Construction of a prototype system is also described. We also add a review on the utilization method of private electronic notary service in universities.

Language：Japanese  

A Fusion of PKI and OpenID for inter-domain membership services
Recently, demand for inter-domain service is arising, such as web mash-up services. For inter-domain services, it needs inter-domain user authentication mechanism, because most services are membership oriented, and those services must implement user authentication mechanism. The UPKI project, which is started by NII since 2005, tries to realize PKI-like trust chain in universities. PKI based user authentication is strong and reliable, but it is not flexible. The OpenID mechanism is developed for distributed ID management and web user authentication. Although OpenID is a flexible user management and authentication, OpenID doesn't guarantee trustiness of user identity. We consider a fusion of PKI and OpenID user authentication and ID federation mechanism for inter-domain membership services.

Language：English   Publishing type：Research paper (other academic)  

Bot detection based on traffic analysis
Recently, botnet becomes a social problem due to the expansion of bot infection. Ideally, all the vulnerable computers should be fortified to counteract laying malware. Accordingly, it is important to implement an information system which detects bot-infected computers and alerts them. In this paper, we focused on bots using IRC to communicate, and examined the behavior of such bots when they connected to an IRC server We observed the actual traffic of some ports which were often used by IRC protocol. As a result, we confirmed that bots tried to reconnect to an IRC server at certain intervals when the server refused the connection from the bot. Moreover we examined the distribution of the intervals and confirmed that the communication from other IP addresses showed similar behavior.

DOI： 10.1109/IPC.2007.91

Language：Japanese  

Wireless LAN roaming on ID-Federation environment -A case study for UPKI and eduroam in Kyushu University-
ID federation is one of important topic for information services. User authentication mechanism must be implemented for secure and personalized services. For inter-institutional services or nationwide services,it need inter-institutional user authentication,but it is very difficult to manage inter-institutional identity data base. ID federation is a solution for this problem. Federated institutions exchange user ID data each other. UPKI project were started by NII and some universities for Japan area ID federation. UPKI team joined eduroam for an application of ID federation. Eduroam is a RADIUS-based infrastructure that uses 802.1X security technology to allow for inter-institutional roaming. In this paper,the authors describe a case study for UPKI and eduroam in Kyushu University.

Language：Japanese  

A Study of Identifier Naming Conventions Suitable for User Authentication
User authentication plays an important role in information services such as e-mail, PC login, and web databases. They need an identity database to realize user authentication, and identifiers to refer the database. Identifier is a special name to uniquely identify an entity (a user, in this case). We considered six possible identifier strings: serial number, random string, concatenated string, localization of global ID, derivation from real name, and self selection. We evaluated those types of identifiers with three aspects: manageability, usability, and robustness.

Language：Others  

DOI： 10.1007/978-3-540-24707-4_104

Language：Japanese  

Exchange and Distribution of 3D Multimedia Data via Distributed 3D Shared Spaces
The authors regard text data, figures, audio, video data and 3D shape modeling data as 3D multimedia data. If such data are represented as visible and manually operable software components, it would be possible to exchange and distribute them among users through direct manipulations on a computer screen. The authors have been studying collaborative virtual environments and already proposed the mechanism to easily and rapidly build distributed 3D shared spaces by sharing software components that manage user-operation events through network. In this paper, the authors propose an exchange and distribution environment of 3D multimedia data via distributed 3D shared spaces using that software component. This paper also explains its realization mechanism and performance.

Language：Japanese  

Management and Evaluation of a WWW Cache Server in Kyushu University
Recently, an explosive increase of population and traffic of the Internet became a severe problem. The WWW (World Wide Web) is the major source of the explosion, and now the traffic on the backbone of the Internet is mostly dominated by the WWW traffic. There are a lot of duplication in the WWW traffic, and WWW cache servers may decrease traffic on the backbone. This paper analyzes the log files of a WWW cache server which has been running for WWW users in Kyushu University since August 1996. It is acceptable that the hit rate on the WWW server is about 60%, but the severe increase of a response time is observed during busy time.

Language：Japanese  

Task Dependence Net of Concurrent Ada Programs and Its Automatic Generation
プログラム中のある文の実行結果がその後実行される文の実行に影響を与えるように，文の間には従属関係が存在する．このような，プログラムの各文間に暗黙的に存在する従属関係のことをプログラム従属性と呼ぶ．プログラムの最適化，並列化，テスト，デバッグ，保守など，多くのソフトウェア開発活動の際にプログラム従属性を把握する必要がある．並行プログラムにおけるプログラム従属性は逐次プログラムのものより複雑なものとなるため，並行プログラムにおけるプログラム従属性の明示化は並行処理ソフトウェア開発の場面で重要な意味をもつ．本論文では，並行プログラミングが可能な実用言語Adaを具体例として，Ada並行プログラムのプログラム従属性を明示的に表現するモデルであるタスク従属ネットと，対象 Ada並行プログラムからそのタスク従属ネットを自動的に生成する方法について述べる．copyright(c)1996 IEICE許諾番号：08RB0010

Language：Others   Publishing type：Research paper (other academic)  

Almost all, if not all, software development and maintenance activities require some abstract representations for target programs in order to grasp necessary information about the programs and ignore unnecessary information. This paper presents the role of unified program representations in distributed software development, basic considerations on constructing an integrated environment for supporting distributed software development based on unified program representation, and the design and implementation of an integrated environment we are developing.

DOI： 10.1109/APSEC.1995.496974

Language：Others  

Language：Japanese  

Constructing an Integrated Development Supporting Environment for Concurrent Software based on Program Dependence Theory
Explicit representations of program dependences have many applications in software development activities including program understanding, testing, debugging, maintenance, and complexity measurement. We proposed the Process Dependence Net to explicitly represent basic program dependences in concurrent programs. It can be used as a unified representation of program dependences in programs written in various sequential/concurrent programming languages. Based on this representation we can implement various tools to support software development, and construct an integrated development supporting environment for concurrent software as well as sequential software.

Language：Japanese  

Constructing an integrated development supporting environment for concurrent software based on program dependence theory
Explicit representations of program dependences have many applications in software development activities including program understanding,testing,debugging,maintenance,and complexity measurement.We proposed the Process Dependence Net to explicitly represent basic program dependences in concurrent programs .It can be used as a unified representation of program dependences in programs written in various sequential, concurrent programming languages.Based on this representation we can implement various tools to support software development,and construct an integrated development supporting environment for concurrent software as well as sequential software.

Language：English   Publishing type：Research paper (other academic)  

Language：English   Publishing type：Research paper (other academic)  

A dependence-based program representation has many applications in various software development activities, and therefore, it can be used as a unified internal representation of various target programs in an integrated software development environment. This paper presents an overview of a general-purpose system to compile target programs written in various programming languages including C, Pascal, Ada, and Occam 2 into their dependence-based representations.

Language：Japanese  

Some Considerations on Dependences in SR Concurrent Programs
SRはアリゾナ大学で開発された新しい並行処理プログラミング言語である。特徴としては次のようなものが挙げられる。・ハードウェアやOSにおける並列処理・並行処理の実現方法の違いを意識することなく並行プログラムを記述することができる。・プロセス間の同期・通信のための機構の種類が豊富である。本論文ではSRで記述されたプログラムにおける依存関係を考えるときに問題となる点について述べ、それに対する考察を行う。

Language：Japanese  

An integrated software development environment based on program dependences
プログラム中には本質的に必ず何らかの依存関係が存在する。プログラムの各文の間に存在する依存関係を把握することは、多くのソフトウェア開発活動に要求される。我々の研究室では、プログラム依存表現に基づいて、ソフトウェアの解析、テスト、デバッグ、保守、複雑さ計測を支援する統合的ソフトウェア開発支援環境の構築を目指して研究を進めている。本論文では、我々が構築している統合的開発環境の概要と特徴について述べる。

Language：Japanese  

Process Dependence Net Generator for Concurrent Programs
If the execution of a statement in a program affects the execution of another statement, there is a dependence relationship between the two statements. There are five types of basic program dependences in concurrent programs. Process Dependence Net(PDN) is an arc-classified digraph to explicitly represent the five types of basic program dependences in the concurrent programs. This paper describes algorithms to compute PDNs for a class of concurrent Ada programs, and shows the structure and implementation of PDN generator for concurrent Ada programs based on these algorithms. The paper also discusses some applications of the PDN generator to development of concurrent Ada programs.

Language：Japanese  

A Task Dependence Net Generator for Concurrent Ada Programs
近年、マルチプロセッサシステムやLANの普及によって、並行処理プログラムが多方面で使用されるようになってきた。これに伴ない、並行処理プログラムのデバッギングの因難さを克服することが緊急の課題となっている。しかし、これまでの所並行処理プログラムに対する系統的なデバッギング手法は確立されていない。プログラムをテストしたり、実際に使用している時に、エラーが発生したり、仕様と異なるプログラムの振舞いが発見されることがある。プログラムのデバッギングとは、そのようにして発見された異常な振舞いの原因となるプログラム中の誤りの位置を特定し、修正する作業である。一般に誤りの位置を特定するために要する期間は実際のデバッギング期間の90%以上を占めると言われており、誤りの位置特定を支援することはデバッギング作業の負担を大きく軽減する。プログラムの誤りをみつける際に、異常な振舞いが検出された実行文に関係のある部分のみを調査することができれば、関係のない部分を調べないですむためデバッギング作業の期間を短縮できる。このためには、プログラム中の各実行文間にある依存関係を把握する必要がある。逐次処理プログラムについては、すでに依存関係を表現するモデルが提案されており、依存関係抽出を行なうツールについての研究が行なわれている。本研究では、我々が提案したプロセス依存ネットをAdaに適用したタスク依存ネットに基づいて、Ada並行処理プログラムにおける実行文間の依存関係を抽出し明示的に表現するツールを開発するとともに、このツールを用いたデバッギング作業の支援について考察する。以下、第2章でタスク依存ネットについて述べる。第3章ではタスク依存ネットの生成について述べる。第4章では生成したタスク依存ネットの応用について考察する。第5章で現在の状況と今後の課題について述べる。

Language：English   Publishing type：Research paper (other academic)  

DOI： 10.1109/cmpsac.1991.170152

Event date： 2021.3 - 2021.4

Language：English   Presentation type：Oral presentation (general)  

Venue：Virtual Event   Country：United States  

Email is a traditional but still important global communication tool. An email address is a kind of personal identifier, and email addresses printed on publications require persistent reachability. Kyushu University provides a university-wide email service, Primary Mail Service, and assigns a Primary Mail Address for each member. Divisions of the university additionally operate individual email services for their internet subdomains and administer member email addresses. Since email is a major means of cyberattacks nowadays, the secure operation of an email server demands considerable effort and high skill. This article describes a challenge at Kyushu University for consolidating individual email services. Since 2018, the Primary Mail Service has been operated using Microsoft’s cloud service, Exchange Online, which supports multiple internet domains on a tenant. The approach employed is registering divisional subdomains to the tenant and configuring forwarding addresses from addresses of the subdomains to the Primary Mail Addresses or external addresses. A desirable scheme is for each domain administrator to manage forwarding addresses of the domain, but Exchange Online is unable to delegate administration to the domains. To overcome this, a system was designed and developed for domain administrators to create, read, update, and delete forwarding addresses. Beginning in July 2020, a new service to import divisional domains was offered. We are now planning measures for promoting the consolidation of individual email services.

Other Link： https://siguccs.org/Conference/2021/

Event date： 2019.11

Language：English  

Venue：New Orleans   Country：United States  

In Kyushu University, Information Infrastructure Initiative provides an email service for students and staff members, called ``Primary Mail Service''. We had operated an on-premises system for this service, and the lifetime of this system would end in early 2019. We needed to reduce costs for replacing this system because our university had just finished a major campus migration. We compared some options such as building a yet another on-premise system and migrating to a cloud-based email service and finally gave up the on-premise option because we couldn't afford replacement and operational costs of another on-premises system anymore. We selected Microsoft Exchange Online as the new service mainly because we already had a contract with Microsoft and been operating an Office 365 tenant. We had additional requirements for user provisioning and services which were not available in Exchange Online, so we had to implement and maintain additional systems on top of it. On December 18th, 2018, we successfully migrated the email service to Exchange Online. By coincidence, Kyushu University Administration Bureau decided to migrate their in-house Exchange server to Exchange Online. After some discussions, they concluded to migrate their domain to the same tenant with Primary Mail Service. Other than that, there are more than a hundred legacy email servers inside our campus network operated by various departments as subdomains of kyushu-u.ac.jp. We are designing a plan to consolidate them into our tenant of Exchange Online to reduce a budget and human resource costs, and to improve security. In this presentation, we share our experiences about migrating our campus-wide email services to Exchange Online. We also discuss why we want to consolidate other legacy email servers and how to implement the plan.

Event date： 2018.10

Language：English  

Venue：Orlando   Country：United States  

In Kyushu University, Information Infrastructure Initiative provides email service for students and staff members. Email services for students and staff members were started separately. For students, an email service was started as Unix accounts of "Computer System for Education" in 1995. On the other hand, an email service for staff members was started in 2009, and eventually the two mail services were merged into the current "Kyushu University Primary Mail Service" in 2014. The designs of these mail systems were affected by various operational issues and political decisions at their times. We think that running an in-house mail system is becoming less feasible due to the initial/operational cost, security issues, and our dwindling budget. For the current system, the planned 5-year lifetime ends in this fiscal year. Therefore, we are forced to migrate to a cloud-based mail service. In this presentation, we want to share our past experiences and future plans about our university email services.

Event date： 2017.10

Language：English  

Venue：Seattle   Country：United States  

Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment.

Event date： 2016.11

Language：English  

Venue：Embassy Suites by Hilton Denver Downtown   Country：United States  

To prevent resource (especially storage) shortage, information systems such as storage services and email services usually impose an upper bound of resource consumption (quota) per user. In a conservative way, an administrator tends to set a quota value such as the storage capacity divided by the expected maximum number of users for safety and fairness, but it tends to leave large unused storage space, because the users’ storage usage pattern shows a long-tailed distribution. In this paper, we analyzed storage usage distribution of some email services to approximate the distribution using a power-law distribution, and proposed a method to calculate an optimal quota value from a target size of storage consumption to increase storage utilization. We applied an optimal quota value we calculated to a real email service and analyzed the effect of quota change. Then, we analyzed actual distributions further to find a better model to approximate the distribution, and found that a log-normal distribution explained the distribution better than power-law. We also analyzed two other universities’ email service to find similar distribution in these systems.

Other Link： http://dx.doi.org/10.1145/2974927.2974936

Event date： 2015.11

Language：English  

Venue：Hilton St. Petersburg Bayfront, Florida   Country：United States  

In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This paper reports the design of new user ID, ID management system we are using, and the effect of introduction of new user ID.

Other Link： http://dx.doi.org/10.1145/2815546.2815578

Event date： 2015.3

Language：English   Presentation type：Oral presentation (general)  

Venue：Fukuoka International Congress Center, Fukuoka, Japan   Country：Japan  

In October 2014, Google Security Team discovered and published yet-another SSL vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption), which allows a man-in-the-middle attacker to decipher an encrypted text without knowing the encryption key (one byte per 256 requests). It induced urged action to exterminate SSLv3 support from various services in the Internet, but it also caused troubles with some users. In this talk, Ill try to summarize what is POODLE attack, how it works, its workaround, and influence on ordinary users.

Other Link： https://www-lk.apan.net/meetings/Fukuoka2015/Sessions/session.php?id=3

Event date： 2014.11

Language：English  

Venue：Sheraton Salt Lake City, Utah   Country：United States  

In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service.

Other Link： http://doi.acm.org/10.1145/2661172.2662965

Event date： 2014.8

Language：English   Presentation type：Oral presentation (general)  

Venue：Nantou   Country：Taiwan, Province of China  

Recently revealed OpenSSL's "Heartbleed" vulnerability had shaken various parts of the Internet community abruptly. In this talk, I'll (re-)introduce some recent vulnerabilities including "Heartbleed," and some interesting events around them.

Other Link： https://www.apan.net/meetings/Nantou2014/Sessions/Security.php

Event date： 2014.1

Language：English   Presentation type：Oral presentation (general)  

Venue：Bandung   Country：Indonesia  

DNS is one of the fundamental and indispensable services in the Internet. Almost all the services rely on it. Because DNS is (basically) UDP based protocol, there are some security issues such as poisoning and amplification attack. In this talk, I'll explain DNS Amp attack and its mitigation with some experience in Kyushu University campus network.

Other Link： http://www.apan.net/meetings/Bandung2014/Sessions/NetSecurity.php

Event date： 2013.11

Language：English   Presentation type：Oral presentation (general)  

Venue：Chicago, IL   Country：United States  

Traditionally, Kyushu University has been providing email service internally using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Gmail's Mail Fetcher, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the situation and reasons of the big load induced by Google, its possible countermeasures, and its sudden resolution by Google's silent change.

Other Link： http://dl.acm.org/citation.cfm?id=2504815

Event date： 2013.10

Language：English   Presentation type：Oral presentation (general)  

Venue：Konkuk University, Seoul   Country：Korea, Republic of  

The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on.

Event date： 2013.8

Language：English   Presentation type：Oral presentation (general)  

Venue：KAIST, Daejeon   Country：Korea, Republic of  

From 2012, APAN Security WG is working with REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) for a test pilot of federated sharing of security intelligence information over Collective Intelligence Framework (CIF) developed by REN-ISAC. Until recently we were running CIFv0, but due to underlying OS upgrade/reinstall, now we need to migrate to CIFv1, which is still in testing stage. In this talk, we will introduce the current status of APAN CIF server and its software upgrade experience.

Event date： 2013.8

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：武蔵大学   Country：Japan  

仮想化技術の普及により，IaaS型のクラウドサービスが普及している。IaaSクラウド基盤を使うことにより，大学での教育情報システムを外部へアウトソースすることが可能である。アウトソースできれば，維持コストの削減が可能である。我々は，現在のPC教室型教育情報システムの，IaaSクラウド基盤上での実現について調査している。本稿では，仮想マシンを遠隔利用する場合の問題点と，実用する場合の通信帯域およびRDP性能について調査した結果を報告する。

Event date： 2013.2

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：国立情報学研究所   Country：Japan  

近年，大学における情報機器を援用する教育活動や，情報科学技術の教育で，仮想化システムやクラウドシステムの利用が進んでいる．筆者らが所属する九州大学では， 2010年度末に九州大学システム情報科学研究院が同院内の教育用にVCLをベースとするシステムを導入した．また，2011年度末，九州大学情報基盤研究開発センターでは，主に大学院での教育に用いるための情報システムとしてVCLシステムを導入した．本稿では，導入したVCLシステムの構成と講義での利用事例を述べる．またVCLシステムの運用で得た様々な問題点について考察する．

Event date： 2013.1

Language：English   Presentation type：Oral presentation (general)  

Venue：Hawaii University   Country：United States  

At the Summer 2009 JointTechs, the REN-ISAC Security Event System (SES) was introduced. SES provides for collection of security event data from participating institutions, data correlation, and output of threat indicators. Participants use the indicators in local protections, such as IDS and sinkholes, and in incident analysis. SES is a production tool serving the REN-ISAC community.

SES continues to evolve, as the Collective Intelligence Framework (CIF), receiving National Science Foundation support. CIF provides additional capabilities, including a broader base of data from public, private, and participant sources, additional data types, scaling, improved API, and inter-federated sharing. Core indicator sharing occurs within a multi-institutional trust community, such as within the community of REN-ISAC members. In CIF inter-federated, data collected in one trust community can be exchanged, through policy, with other communities. Among TransPAC3 project deliverables, linking APAN and US networks, is to engage the respective communities to address security threats and incidents. In that context, US and APAN researchers established pilot inter-federation sharing of security event information among CIF systems, one operated by REN-ISAC at Indiana University, and another by researchers at Kyushu University and APAN-JP. This presentation provides background on CIF, and details the APAN-US international security information sharing pilot.

Other Link： http://events.internet2.edu/2013/tip/agenda.cfm?go=session&id=10002762&event=1261

Event date： 2012.11

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：佐賀大学   Country：Japan  

学内の情報系学部向けIaaS型プライベートクラウドサービスにおいて，サービス充実のため，多様なOSおよび多様なPaaS型のテンプレート充実を検討している。組織内だけでテンプレートを充実させるのは困難であるため，全国的な協力体制について議論したい。

Event date： 2012.9

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：テクノアークしまね（島根県）   Country：Japan  

九州大学では，従来から大学ドメインのメールサーバを学内に構築し，構成員へメールサービスを提供してきた．2012年1月頃より，学内の情報サービスに対し利用者認証機能等を提供する全学認証サーバの負荷の高さが問題となり，その原因の一つが学生向けメールサーバであることが明らかになった．詳細な分析の結果，Google社のGmailから本学のメールサーバへ持続的なアクセスがあり，中でも既に卒業などで消滅したアカウントへのアクセスが多数あることが分かった．本稿では，本学の学生メールサーバのアクセスログ解析に基づいて，Gmailがメールサーバへ与える負荷状況の分析とその理由について述べ，対応策について検討する．

Event date： 2012.8

Language：English   Presentation type：Oral presentation (general)  

Venue：Cinnamon Grand, Colombo   Country：Sri Lanka  

REN-ISAC (Research and Education Networking Information Sharing nd Analysis Center - http://www.ren-isac.net/) has been working for SES (Security Event System) Project. CIF (Collective Intelligence Framework) is a framework developed through the project as an open source tool/framework to collect intelligence concerning malicious actors and reputation of Internet elements. As SESv3, they started to explore inter-federation information sharing, and APAN Security WG is involved as one of counterparts. In this talk, I'll (re)introduce CIF, explain the current status of the cooperation, and call for more participants from APAN community.

Other Link： http://www.apan.net/meetings/Colombo2012/Session/NetworkSecurity.php

Event date： 2009.11

Language：Others  

Venue：東北大学   Country：Japan  

Event date： 2009.9

Language：Others  

Venue：九州工業大学 情報工学部（飯塚キャンパス）   Country：Japan  

Event date： 2009.8

Language：Others   Presentation type：Oral presentation (general)  

Venue：National Sun Yat-sen University, Kaohsiung   Country：Taiwan, Province of China  

Other Link： http://jwis2009.nsysu.edu.tw/index.php/jwis/jwis2009

Event date： 2009.3

Language：Others  

Venue：九州産業大学   Country：Japan  

Event date： 2009.1

Language：Others   Presentation type：Oral presentation (general)  

Venue：大津プリンスホテル   Country：Japan  

Event date： 2009.1

Language：Others   Presentation type：Oral presentation (general)  

Venue：大津プリンスホテル   Country：Japan  

Event date： 2008.10

Language：Others   Presentation type：Oral presentation (general)  

Venue：Corfu   Country：Greece  

Event date： 2008.9

Language：Others   Presentation type：Oral presentation (general)  

Venue：秋田県田沢湖芸術村「ホテルゆぽぽ」   Country：Japan  

Event date： 2008.9

Language：Others   Presentation type：Oral presentation (general)  

Venue：情報セキュリティ大学院大学   Country：Japan  

Language：Others   Presentation type：Oral presentation (general)  

Venue：機械振興会館   Country：Japan  

Repository Public URL： http://hdl.handle.net/2324/15951

Language：Others   Presentation type：Oral presentation (general)  

Venue：山口県   Country：Japan  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Jeju   Country：Korea, Republic of  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Bali   Country：Indonesia  

Language：Others   Presentation type：Symposium, workshop panel (public)  

Venue：東京都新宿区   Country：Japan  

Other Link： http://mat.tky.apii.net/apiiws2008/

Event date： 2020.12

Language：Japanese  

Venue：オンライン開催   Country：Japan  

九州大学では、全構成員に全学基本メールアドレスを割り当て、クラウドメールサービスであるMicrosoftExchange Onlineを利用して全学基本メールサービスを提供している。一方、過去の経緯から、学内の部局や学科、研究室などで、割り当てられたインターネットドメインを用いて、内部組織別のメールサービスが独自に運用されている。しかし、近年はメールサービスの運用には、セキュリティ対策についての最新知識やコストが必要とされる。そこで、九州大学情報統括本部では、学内組織による独自運用メールサービスを集約し、全学的なシステム運用コストを削減するとともにセキュリティを向上することを目的として、メールサーバ集約タスクフォースを発足させ、活動を行っている。本稿では、本タスクフォースがこれまでに進めてきた、集約方法の検討、必要システムの設計と構築、および、サービス提供について報告する。

Event date： 2019.12

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：福岡国際会議場   Country：Japan  

九州大学情報統括本部は、全構成員向けに「全学基本メール」という名称のメールサービスを提供している。直近 のシステムはオンプレミスのサーバで運用していたが、2018 年度末で 5 年の運用期間が終了することになっていた ため、リプレースが課題となっていた。本学は大規模なキャンパス移転を終えたばかりで予算が限られていたため、 次期システムについては調達コストを削減する必要があった。一方本学は Microsoft EES の包括契約により 2016 年度から Microsoft Office 365 を学内提供しており、Office 365 には Exchange Online が含まれていたことから、 これを活用することでコスト削減を目指した。ただし、全学基本メールには Exchange Online 単体では提供され ないいくつかの付加サービスがあったため、これらは別途調達する必要があった。2018 年度中に移行準備を進め、 2018 年 12 月 18 日にサービスの切り換えを実施、2019 年 3 月末までに移行を完了した。また、同時期にオンプレ ミスの Exchange Server から Exchange Online への移行を検討していた事務用メールについても、同時期に全学 基本メールと同じ Office 365 テナントへ移行することとなり、無事移行に成功した。本学には他にも部局サブドメ インによるメールサービスが 100 以上存在しているが、近年メールサービスを安全に運用することが難しくなって いることから、事務用メールと同様に全学基本メールの Exchange Online に統合していく事を検討している。本論 文では、全学向けメールの Exchange Online 移行の計画と実際について述べるとともに、その他の学内向けメール サービスの統合について検討状況を述べる。

Event date： 2019.3

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：ホテルグランドエクシブ鳴門（徳島県鳴門市）   Country：Japan  

九州大学では情報の格付け及び取扱制限に関する規定が制定され、機密性を要する要機密情報を電子的に保存、送信する場合は適切に保護することと定められているが、具体的な保護方法については指定されていない。そこで、職員が実施可能な機密性を確保するための技術的方法について取り決める必要がある。一方、機密性を高めることだけを考えると利便性が低下し、業務効率が低下するだけでなく、規則が有名無実と化す恐れもある。それゆえ、実現可能かつ利用可能な技術的保護方法を選定する必要があった。本稿では、九州大学における要機密情報の保護方法を選定する上で技術的・運用的側面から検討した内容について述べる。

Event date： 2018.12

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：札幌コンベンションセンター   Country：Japan  

九州大学では2016 年からOffice 365 を全学サービスとして正式に提供してきたが、その基盤システムやテナント運用などについて様々な課題が生じていた。そこで、基盤システムとテナントを含めて環境を新たに再構築し、2018 年4 月から新しいサービス環境の提供を開始した。本稿では、従来の環境における課題とその解決策、さらに、新しい環境の構築過程で生じた問題とその解決方法などについて紹介する。

Event date： 2018.7

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：福井県芦原温泉清風荘   Country：Japan  

様々なコミュニケーションサービスが普及する中，今もなおメールは広く利用されている． メールサービスを提供する事業者では，大量のメールアカウントを管理するために， サーバに高集積にメールアカウントを収容することでリソース効率を高めている． 一方で，特定のアカウントによるリソース占有により他のアカウントが影響を受け， サービスのサポート・運用コストの増大やメール遅延などの問題が後を絶たない． 本論文では，高集積マルチアカウント型メールシステムを安定化するための， 精緻に解析可能な恒常性のあるメール基盤の設計について述べる．

Event date： 2018.3

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：栃木県日光市   Country：Japan  

インターネットを介して多種多様なサービスが提供されるようになり，そのサービス基盤となるホスティングやクラウドサービスには高効率化，耐障害性，負荷変動への耐性，柔軟性，セキュリティなどさまざまな要件が求められている．本研究では，これらの問題を解決するためFastContainerと呼ぶ軽量コンテナに基づくシステムアーキテクチャの改良を進めており，特にオートスケーリングのために必要な状況検知やリソーススケジューリング機能の研究開発のため，パブリッククラウド上にテスト環境を構築している．本論文ではFastContainerの概要とテスト環境の詳細，現状と今後の課題について述べる．

Event date： 2016.1

Language：English   Presentation type：Oral presentation (general)  

Venue：Marriott Grand Ballroom, Manila   Country：Philippines  

In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This presentation reports the design of new user ID scheme, ID management system we are using, and the effect of introduction of new user ID scheme.

Other Link： https://master.apan.net/meetings/Manila2016/Sessions/session.php?id=41

Event date： 2015.7

Language：English   Presentation type：Oral presentation (general)  

Venue：Tunghai University, Taichung   Country：Taiwan, Province of China  

To prevent shortage of storage space in a service system, an administrator usually set per-user quota as an upper limit of usable space for each user. To avoid service failure caused by resource exhaustion, the administrator tends to set a conservative quota value such as the storage capacity divided by the expected maximum number of users. In this research, we analyzed long-term storage usage history of our email system and file sharing system in Kyushu University. Mostly through the analyzed period, the usage pattern showed a long-tailed distribution similar to log-normal distribution. Also the overall storage consumption slowly increased during the analyzed period. Based on these analysis, we defined “storage utilization ratio” to evaluate how the storage was effectively used. By approximating a storage utilization pattern as a power-law distribution, we proposed a method to calculate the optimal quota value to maximize the utilization ratio.

Event date： 2015.3

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：小名浜オーシャンホテル (福島県いわき市)   Country：Japan  

ストレージの容量不足を防ぐため，システム管理者は各利用者の使用上限値 （クォータ値） を設定する．システム管理者はサービスの安定提供のために，少なめのクォータ値を設定しがちである．また，クォータ値に単純に容量を利用者数で均等割りした値を設定することも多い．本研究では，筆者らが所属する九州大学の電子メールとファイル共有 （蓄積） システムを対象に，長期間のディスク使用量を分析した．ほとんどの時点で，利用者のディスク使用量はロングテール型の分布をしており，その分布は対数正規分布に近いことが分かった．長期間のディスク使用量の推移を調べた所，全体の使用量が微増していたことも分かった．ストレージの活用度を定義し，それに基づく評価方法を考案した．さらに，ディスク使用量分布の冪分布近似により，活用度が高くなるクォータ値の算定方法を考案した．実際のデータに基づき，ストレージの活用度を最高にするクォータ値も算出した．

Event date： 2014.6

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：新潟大学   Country：Japan  

多くの組織で，組織内情報サービスのための利用者認証基盤構築されている．九州大学でも統合認証基盤を構築しており，そのアカウントとして学生には学生番号に基づく利用者IDを発行してきた．学生番号に基づく利用者IDにはセキュリティの問題がある．学生用の基本メールアドレスに用いてきたため外部に漏れやすく，また学生番号は学部または大学院で連続した数値等を用いるため利用者IDが推定されやすい．実際に学生アカウントを不正利用されるインシデントも発生した．学生番号に基づくIDは，入学前に情報サービスを利用出来ない，大学院進学時にアカウントが不連続になるなどの問題があった．これらの問題を解決するため，学内情報サービス専用のIDを付与する事にした．本稿では，利用者ID体系，利用者IDデータベース，認証用LDAPの構成などについて報告する．

Event date： 2013.11

Language：English   Presentation type：Oral presentation (general)  

Venue：Chicago, IL   Country：United States  

Nowadays, a university needs to build and maintain a central ID database and authentication system for better ICT (information and communication technology) services. In 2008, the headquarters of Kyushu University had defined medium-range policy of ICT infrastructure preparation, and the policy had indicated construction of a central authentication system. According to the policy, the authors elaborated an installation plan of the Kyu(Q)shu University authentication system (QUAS, for short). Since 2009, Information Infrastructure Initiative of Kyushu University, to which the authors belong, has been issuing ID cards to all employees, and also operating LDAP servers. This paper introduces the action plan and outline of QUAS. This paper also describes two recent topics of QUAS. One is high load of LDAP servers because of rapid increase of mobile devices, and the other one is development of a multifactor authentication Shibboleth Identity Provider (IdP).

Other Link： http://dl.acm.org/citation.cfm?id=2504788

Event date： 2012.10

Language：English   Presentation type：Oral presentation (general)  

Venue：Memphis, Tennessee   Country：United States  

Kyushu University provided mail service based on student IDs such as "1AB10123X" to the university students for many years. Using this model, we had problems communicating with the students who graduated from the University and enrolled in the graduate school. The students received new mail addresses based on their new student IDs such as "2AB12789Y". Faculty members were forced to change the student mail addresses in the mailing lists and in their mail client address book. Furthermore, students were forced to notify the e-mail address change to all of their existing contacts. We introduced a new mail system to provide addresses based on the student name, as well as student ID in April 2011. The new naming convention uses the following format: lastname.firstname.999 where 999 is a random number of 3 digits. Students can select some combination patterns of their first and last names for Japanese. We also consider the middle names for foreign students. In the system implementation, we did not have the formal information of alphabetical names for students. We generated alphabetical names from Japanese Katakana names. It is not easy for us to get the appropriate name in this manner. We implemented a confirmation stage of the alphabetical name at first use, and then students can select their mail addresses for their convenience. We paid much attention to the user interface in the system. Since April 2011, the number of users who use the mail address based on their own name has been increasing gradually. This paper will detail the usage status of the new system.

Other Link： http://dx.doi.org/10.1145/2382456.2382460

Event date： 2012.5

Language：Japanese   Presentation type：Oral presentation (general)  

Venue：秋田大学   Country：Japan  

近年，大学では全学的な認証基盤構築が進んでいる。筆者らが所属する九州大学でも全学共通IDの発行および認証基盤を構築し，学内向け情報サービスの利用者認証を一元化している。近年，LDAP認証サーバの負荷が上昇している。電子メール利用時の認証と，無線LAN接続時の認証が負荷の増大となっている。本論文では，九州大学認証基盤における負荷状況の解析結果を述べる。また，負荷分散についての方法を示す。最後に，実際に負荷分散を行った効果について，短い期間であるものの，その結果を示す。

Event date： 2012.1 - 2012.2

Language：Others   Presentation type：Oral presentation (general)  

Venue：金沢エクセルホテル東急   Country：Japan  

Event date： 2012.1

Language：Others   Presentation type：Oral presentation (general)  

Venue：Pohang University of Science and Technology   Country：Korea, Republic of  

Event date： 2011.11

Language：Others   Presentation type：Oral presentation (general)  

Venue：東京大学   Country：Japan  

Event date： 2011.7

Language：Others   Presentation type：Oral presentation (general)  

Venue：岡山大学   Country：Japan  

Event date： 2011.1

Language：Others   Presentation type：Oral presentation (general)  

Venue：Dalian University of Technology   Country：China  

Event date： 2010.12

Language：Others   Presentation type：Oral presentation (general)  

Venue：京都   Country：Japan  

Event date： 2010.11

Language：English   Presentation type：Oral presentation (general)  

Venue：Fukuoka   Country：Japan  

Dark net monitoring is an effective method to analyze malicious activities on networks including the Internet. Since there is no legitimate host on darknets, traffic sent to such a space is considered to be malicious. There are two major issues for dark net monitoring: how to prepare unused address space and how to configure network sensors deployed on the network. Preparation of monitoring addresses is difficult, and it have not been obvious yet what an appropriate configuration is. To solve the first issue, we proposed a method for network monitoring by exploiting unused IP addresses on segments managed by DHCP server, where is a real-operated network. By assigning these addresses, we can easily obtain IP addresses for monitoring and enable network monitoring on production network. Furthermore, we conducted real dark net monitoring experiments and clarified what kind of information could be obtained. We deployed several types of sensors on real-operated network and captured dark net traffic. After analyzing the traffic, we compared the data between each sensor. We found that there were dramatic differences between the data collected by each sensor and our proposed method was useful for real network monitoring.

Event date： 2010.10

Language：English   Presentation type：Oral presentation (general)  

Venue：Kyoto   Country：Japan  

Botnet is one of the most considerable issues in the world. A host infected with a bot is used for collecting personal information, launching DoS attacks, sending spam e-mail and so on. If such a machine exists in an organizational network, that organization will lose its reputation. We have to detect these bots existing in organizational networks immediately. Several network-based bot detection methods have been proposed; however, some traditional methods using payload analysis or signature-based detection scheme are undesirable in large amount of traffic. Also there is a privacy issue with looking into payloads, so we have to develop another scheme that is independent of payload analysis. In this paper, we propose a bot detection method which focuses on data transmission intervals. We distinguish human-operated clients and bots by their network behaviors. We assumed that a bot communicates with C&C server periodically and each interval of data transmission will be the same. We found that we can detect such behaviors by using clustering analysis to these intervals. We implemented our proposed algorithm and evaluated by testing normal IRC traffic and bot traffic captured in our campus network. We found that our method could detect IRC-based bots with low false positives.

Event date： 2010.7

Language：Others   Presentation type：Oral presentation (general)  

Venue：岐阜   Country：Japan  

Event date： 2010.3

Language：Others   Presentation type：Oral presentation (general)  

Venue：東北大学   Country：Japan  

Event date： 2010.2

Language：Others   Presentation type：Symposium, workshop panel (public)  

Venue：Sydney   Country：Australia  

Other Link： http://www.apan.net/meetings/Sydney2010/

Event date： 2009.11

Language：Others   Presentation type：Oral presentation (general)  

Venue：Baltimore   Country：United States  

Event date： 2008.10

Language：Others   Presentation type：Oral presentation (general)  

Venue：Monte Carlo Resort, Las Vegas, Nevada   Country：United States  

Event date： 1997.10

Language：Japanese  

Country：Other  

Management and Evaluation of a WWW Cache Server in Kyushu University
Recently, an explosive increase of population and traffic of the Internet became a severe problem. The WWW (World Wide Web) is the major source of the explosion, and now the traffic on the backbone of the Internet is mostly dominated by the WWW traffic. There are a lot of duplication in the WWW traffic, and WWW cache servers may decrease traffic on the backbone. This paper analyzes the log files of a WWW cache server which has been running for WWW users in Kyushu University since August 1996. It is acceptable that the hit rate on the WWW server is about 60%, but the severe increase of a response time is observed during busy time.

Event date： 1997.3

Language：Japanese  

Country：Other  

Distributed and Cooperative Management over Campus Networks

Language：Others   Presentation type：Oral presentation (general)  

Venue：山口大学   Country：Japan  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Fukuoka   Country：Japan  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Assisi   Country：Italy  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Chungnam University, Daejeon   Country：Korea, Republic of  

Language：Others  

Venue：Jeju   Country：Korea, Republic of  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Chungnam National University, Daejeon   Country：Korea, Republic of  

Language：Others   Presentation type：Oral presentation (general)  

Venue：Akihabara, Tokyo   Country：Japan  

Other Link： http://www.apan.net/meetings/tokyo2006/

Language：Others   Presentation type：Oral presentation (general)  

Venue：Akihabara, Tokyo   Country：Japan  

Language：Others   Presentation type：Oral presentation (general)  

Venue：早稲田大学（東京都）   Country：Japan  

Repository Public URL： http://hdl.handle.net/2324/17789

Language：Others   Presentation type：Oral presentation (general)  

Venue：東京都大田区   Country：Japan  

Language：Japanese  

DOI： 10.15017/1470334

Language：Japanese  

Management and Evaluation of a WWW Cache Server in Kyushu University
Recently, an explosive increase of population and traffic of the Internet became a severe problem. The WWW (World Wide Web) is the major source of the explosion, and now the traffic on the backbone of the Internet is mostly dominated by the WWW traffic. There are a lot of duplication in the WWW traffic, and WWW cache servers may decrease traffic on the backbone. This paper analyzes the log files of a WWW cache server which has been running for WWW users in Kyushu University since August 1996. It is acceptable that the hit rate on the WWW server is about 60%, but the severe increase of a response time is observed during busy time.

Language：Japanese  

Distributed and Cooperative Management over Campus Networks

Type：Peer review 

Proceedings of International Conference Number of peer-reviewed papers：5

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Peer review 

Proceedings of International Conference Number of peer-reviewed papers：3

Type：Competition, symposium, etc. 

Type：Peer review 

Proceedings of International Conference Number of peer-reviewed papers：2

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Academic society, research group, etc. 

Type：Competition, symposium, etc. 

Type：Peer review 

Proceedings of International Conference Number of peer-reviewed papers：7

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Academic society, research group, etc. 

Type：Peer review 

Number of peer-reviewed articles in foreign language journals：1

Number of peer-reviewed articles in Japanese journals：0

Proceedings of International Conference Number of peer-reviewed papers：6

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Academic society, research group, etc. 

Type：Competition, symposium, etc. 

Type：Peer review 

Number of peer-reviewed articles in foreign language journals：0

Number of peer-reviewed articles in Japanese journals：0

Proceedings of International Conference Number of peer-reviewed papers：7

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：40

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Academic society, research group, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：50

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Academic society, research group, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：161

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：171

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：110

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Type：Competition, symposium, etc. 

Number of participants：350

顧問

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Seminar, workshop

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Seminar, workshop

This is a technical workshop, made of up lecture and hands-on lab work to teach DNS and DNS Security Extentions targeted at operators who are responsible for the DNS services in their organization.
Workshop Topics:
DNS concepts,
BIND (DNS server) and Resolver (DNS client) configurations,
Setting up domains,
DNS debugging tools, troubleshooting, and techniques,
Reverse DNS,
RNDC,
Access control lists,
Split DNS,
TSIG,
Secured dynamic updates,
DNS security extensions (DNSSEC),
DNS and IPv6

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Seminar, workshop

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Lecture

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Seminar, workshop

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Lecture

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Lecture

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Seminar, workshop

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Lecture

Audience：General,　Scientific,　Company,　Civic organization,　Governmental agency

Type：Lecture