Research Staff Member

Research lab: Tokyo Research Lab

Hi, I am Sachiko Yoshihama, a researcher at Security and Privacy Group in IBM Tokyo Research Laboratory.

My Projects

Web 2.0 Security

Asynchronous JavaScript + XML (Ajax), a key technology in Web 2.0, allows user interaction with Web pages to be decoupled from the Web browser's communication with the server. In particular, Ajax drives mashups, which integrate multiple contents or services into a single user experience. However, Ajax and mashup technology introduce new types of threats because of their dynamic and multidomain nature.

In particular, the current browser security model is designed under an assumption that the content within a server is mutually trustworthy. However, Web 2.0 emphasizes collaboration and interaction of users, which implies that any webpage could include content from multiple participants, including potentially malicious ones. In addition, the use of mashup introduces more chances to integrate potentially malicious content into a single webpage.

Our team addresses the Web 2.0 seucurity issues from different aspects, such as the server-side protection, attack detection and filtering at proxy servers, and retrofit of the browser security model. Our article on the developerWorks identifies some Ajax threats and proposes best practices.

Trusted Computing and Trusted Virtual Domains

I have been interested in the Trusted Computing technology since I joined TRL in 2003. Because of heterogeneity and complexity of IT systems, and because of plethora of various kinds of threats and attacks, it becomes increasingly difficult to have confidence in what and how computing systems behave. The Trusted Computing technology allows us to verify and validate integrity and assurance of not only your computer but also that of somebody you are talking to. It is an essential technology that raises the bar of security and trust in next-gen IT environment.

Please also visit IBM Research Security Page and the Trusted Virtual Domains web page at IBM Research as well the project page at TRL. We have successfully organized the 2nd Workshop on Advances in Trusted Computing (WATC'06 Fall), Nov.30-Dec.1, 2006, in Tokyo, Japan. Trusted Mobile Platform proposes a next-gen security architecture for mobile devices.

BlueSpace

Before joining TRL, I was working with the pervasive computing solution team in IBM Watson Research Center, where we tried to bring the office of the future into reality in collaboration with Steelcase, one of the largest office furniture manufacturer in USA. BlueSpace was introduced by many mass media (that is something really exciting -- to see the prototype GUI you wrote on the front page of the New York Times :-)

BlueSpace was demonstrated in shows including CeBIT, Gartner Symposium, etc. If you are interested in seeing the live demo, visit one of Industrial Solutions Labs in Hawthorne, NY or Zurich, Switzerland. A version with non-Steelcase furniture is also available in IBM Japan HQ in Roppongi, Tokyo.

BlueSpace integrates various technologies, such as sensor and actuator devices, peripheral displays, futuristic office facility, and exciting Everywhere Displays. I was most interested in the Context-Aware computing and my research focus was to build a framework for context-aware applications.

Last updated 23 Jun 2008