Computer systems must be reliable. IBM Research - Tokyo actively advances security and privacy functionality to make computer systems more reliable for users. We also are promoting technological development that takes into account all aspects of systems, development, and operation to ensure computer systems are compliant with all necessary standards.
Competency fields
Web 2.0/SaaS Security
Web 2.0 technologies, such as Ajax (Asynchronous JavaScript + XML) and Mashups, represent a significant shift in the technology of the Internet infrastructure. Web 2.0 is being widely used, not only in consumer services, but also in enterprise-level business applications. In addition, Web 2.0 is a key technology that enables Software as a Service (SaaS), which changed the way people use software, and frees users from the burden of installation and maintenance while allowing the optimization of IT management costs. As Web 2.0 and SaaS are being used in more business environments, security is becoming more important than ever. We seek to address some of the gaps with research into and development of security technologies for Web 2.0 and SaaS.
Data Leakage Prevention Technologies
Knowledge workers are facing threats of data leakage due to their collaborative projects. For example, document properties, such as the sensitivity and the originator information, can be lost when people copy and paste the content of documents into a new document, and this can result in problematic information exposures. The Data Leakage Prevention (DLP) project focuses on developing technologies for protecting document security, while facilitating collaboration between multiple users and systems across on-premises and cloud-computing infrastructures.
Program Analysis and Its Applications
We are working in the area of static program analysis and verification. Static string analysis, a static program analysis technique that infers possible strings arising at runtime, was the main focus of our research, and our string analysis technology is now being used in the Rational AppScan product family that detects the security vulnerabilities of Web applications. We are exploring the applications of static program analysis not only for security vulnerability detection, but also for program comprehension and software testing.