Sachiko Yoshihama  Sachiko Yoshihama photo         

contact information

Academy of Technology LogoSenior Manager, FSS & Blockchain Solutions
Tokyo Research Laboratory, Yamato, Japan


Professional Associations

Professional Associations:  ACM  |  Information Processing Society of Japan (IPSJ)

more information

More information:  Publications



  • 1993 to 2001 : SEC Co. Ltd.
  • 2001 to 2003 : IBM T.J. Watson Research Center
  • 2003 to present : IBM Japan, Tokyo Research Laboratory
  • April 2008 to present : Committee member of IPSJ CSEC WG
  • April 2009 to 2013 : Editorial committee member of IPSJ Magazine

My Projects

  • Digital Innovation Discovery
  • Frugal ITS
  • Mega Traffic Simulator
  • Web 2.0/SaaS Security
  • Data Leakage Prevention
  • Trusted Computing and Trusted Virtual Domains
  • BlueSpace

My Favorite Pursuit

  • Jogging / Marathon
  • Hiking / Mountain Climbing

Web 2.0/SaaS Security

Asynchronous JavaScript + XML (Ajax), a key technology in Web 2.0, allows user interaction with Web pages to be decoupled from the Web browser's communication with the server. In particular, Ajax drives mashups, which integrate multiple contents or services into a single user experience. However, Ajax and mashup technology introduce new types of threats because of their dynamic and multidomain nature.

In particular, the current browser security model is designed under an assumption that the content within a server is mutually trustworthy. However, Web 2.0 emphasizes collaboration and interaction of users, which implies that any webpage could include content from multiple participants, including potentially malicious ones. In addition, the use of mashup introduces more chances to integrate potentially malicious content into a single webpage.

Our team addresses the Web 2.0 seucurity issues from different aspects, such as the server-side protection, attack detection and filtering at proxy servers, and retrofit of the browser security model. Our article on the developerWorks identifies some Ajax threats and proposes best practices.

Trusted Computing and Trusted Virtual Domains

I have been interested in the Trusted Computing technology since I joined TRL in 2003. Because of heterogeneity and complexity of IT systems, and because of plethora of various kinds of threats and attacks, it becomes increasingly difficult to have confidence in what and how computing systems behave. The Trusted Computing technology allows us to verify and validate integrity and assurance of not only your computer but also that of somebody you are talking to. It is an essential technology that raises the bar of security and trust in next-gen IT environment.

Please also visit:


Before joining TRL, I was working with the pervasive computing solution team in IBM Watson Research Center, where we tried to bring the office of the future into reality in collaboration with Steelcase, one of the largest office furniture manufacturer in USA. BlueSpace was introduced by many mass media (that is something really exciting -- to see the prototype GUI you wrote on the front page of the New York Times :-)

BlueSpace was demonstrated in shows including CeBIT, Gartner Symposium, etc. If you are interested in seeing the live demo, visit one of Industrial Solutions Labs in Hawthorne, NY or Zurich, Switzerland.

BlueSpace integrates various technologies, such as sensor and actuator devices, peripheral displays, futuristic office facility, and exciting Everywhere Displays. I was most interested in the Context-Aware computing and my research focus was to build a framework for context-aware applications.