Tampering monitoring system, management apparatus, and management method
First Claim
1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
- a non-transitory memory device that stores a program; and
a processing device that executes the program and causes the management apparatus to operate as;
a reception circuit configured to receive, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules;
a detection circuit configured to detect an abnormality relating to tampering of one of the monitoring modules, by referring to fewer than all of the monitoring results received by the reception unit; and
an identification circuit configured to identify, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module.
1 Assignment
0 Petitions
Accused Products
Abstract
An information security apparatus includes a plurality of monitoring modules that monitor for tampering. A management apparatus includes a reception unit that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.
19 Citations
9 Claims
-
1. A management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management apparatus comprising:
-
a non-transitory memory device that stores a program; and a processing device that executes the program and causes the management apparatus to operate as; a reception circuit configured to receive, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules; a detection circuit configured to detect an abnormality relating to tampering of one of the monitoring modules, by referring to fewer than all of the monitoring results received by the reception unit; and an identification circuit configured to identify, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A management method used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the management method comprising the steps of:
-
a) receiving, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules; b) detecting an abnormality relating to tampering of one of the monitoring modules by referring to fewer than all of the monitoring results received in the receiving step; and c) identifying, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module.
-
-
7. A non-transitory computer-readable recording medium having recorded thereon a computer program for management used in a management apparatus for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the computer program causing the management apparatus, which is a computer, to execute the steps of:
-
a) receiving, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules; b) detecting an abnormality relating to tampering of one of the monitoring modules, by referring to fewer than all of the monitoring results received in step a); and c) identifying, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module.
-
-
8. An integrated circuit for managing an information security apparatus that includes a plurality of monitoring modules that monitor for tampering, the integrated circuit comprising:
-
a non-transitory memory device that stores a program; and a processing device that executes the program and causes the integrated circuit to operate as; a reception circuit configured to receive, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules; a detection circuit configured to detect an abnormality relating to tampering of one of the monitoring modules by referring to fewer than all of the monitoring results received by the reception circuit; and an identification circuit configured to identify, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module.
-
-
9. A monitoring system formed by an information security apparatus that includes a plurality of monitoring modules that monitor for tampering and a management apparatus for managing the information security apparatus, the management apparatus comprising:
-
a non-transitory memory device that stores a program; and a processing device that executes the program and causes the management apparatus to operate as; a reception circuit configured to receive, from the information security apparatus, a plurality of monitoring results generated by the monitoring modules, the monitoring modules each being a source monitoring module that monitors and generates a monitoring result for at least one other of the monitoring modules, and each being a target monitoring module that is monitored by at least one other of the monitoring modules; a detection circuit configured to detect an abnormality relating to tampering of one of the monitoring modules by referring to fewer than all of the monitoring results received by the reception circuit; and an identification circuit configured to identify, when the abnormality related to the tampering is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from a target monitoring module to a source monitoring module that is a monitoring module that generates a monitoring result for the target monitoring module, starting from the monitoring module that generates the monitoring result related to the abnormality, the chain including one or more links each associating a source monitoring module that generates a monitoring result for a target monitoring module with the target monitoring module monitored by the source monitoring module.
-
Specification