Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SBOMを利用したソフトウェアサプライチェーンの保護

Masahiro331
August 05, 2022
Technology
2
1.3k

 SBOMを利用したソフトウェアサプライチェーンの保護

Masahiro331

August 05, 2022
Tweet

More Decks by Masahiro331

See All by Masahiro331
OSSに新機能を追加するまでの苦労話
masahiro331
0
43
Analyze Filesystem in Virtual Machine Image
masahiro331
0
41
Introduction Supply Chain Security
masahiro331
0
35
Container Security with Trivy
masahiro331
0
64
VirtualMachine Image scanning PoC with Molysis
masahiro331
0
47

Other Decks in Technology

See All in Technology
WebGLやCanvasを使ったデータ可視化コンテンツ開発/nikkei-tech-talk5-3
nikkei_engineer_recruiting
0
130
TryToUseCloudFlareTunnel_20230317.pdf
kenichirokimura
0
170
開幕LT
makamaka
0
360
ORM - Object-relational mapping
onk
PRO
0
440
AstroNvim を使おう!
ybrliiu
0
150
Jotaiで作ったフォームをApollo_Clientで投げたらいい感じだった件.pdf
asazutaiga
1
220
ZOZOTOWNの検索APIにキャッシュを導入、実装時の工夫や効果について
sattosan
0
210
IBM Cloud PLUS - #3 IBM PowerVS 入門と最新情報
6onoda
0
110
PHPの最高機能、配列を捨てよう!! / Throw away all PHP array now!!!
uzulla
6
4.3k
Spring Boot 3.0へのアップデートのハマり所 / Findings in Migrating our Application to Spring Boot 3.0
line_developers
PRO
4
450
replace of cart system on ZOZOTOWN
takahashikazutaro
0
220
Svelte/SvelteKitを採用した理由とその魅力
oekazuma
3
200

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Faster Mobile Websites
deanohume
296
29k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
Building Your Own Lightsaber
phodgson
96
4.9k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.4k
Clear Off the Table
cherdarchuk
79
290k
The Cult of Friendly URLs
andyhume
70
5.2k
Bash Introduction
62gerente
602
210k
Gamification - CAS2011
davidbonilla
75
4.2k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
Visualization
eitanlees
129
12k

Transcript

  1. Masahiro Fujimura (@masahiro331), 20 August 2022
    Supply Chain Security with SBOM
    CloudNative Security Conference 2022

    View Slide

  2. ຊ೔ͷྲྀΕ
    • ࡢࠓͷϓϩμΫτηΩϡϦςΟͷಈ޲


    • Supply Chain Security ͱ͸ʁ


    • SBOMͱ͸ʁ


    • SBOMͷੜ੒ͱ੬ऑੑݕ஌ʹ͍ͭͯ


    • SBOM๊͕͑Δ՝୊

    View Slide

  3. ࠓ೔࿩͞ͳ͍͜ͱ
    • SBOMͷৄࡉͳ࢓༷ͷղઆ


    • SBOMͷ੬ऑੑݕ஌ͷৄࡉ

    View Slide

  4. ࣗݾ঺հ
    • ໊લ: ౻ଜ ڡ߂ʢ@masahiro331ʣ


    • ॴଐ: OWASP CycloneDX project (Volunteer)


    • झຯ:


    • ϑΝΠϧγεςϜͷύʔα։ൃ


    • ԿΛ͍ͯ͠Δਓͳͷ͔


    • TrivyʹSBOMͷੜ੒ͱ੬ऑੑݕ஌Λ࣮૷

    View Slide

  5. ࡢࠓͷϓϩμΫτηΩϡϦςΟͷಈ޲
    ࡢࠓͷϓϩμΫτηΩϡϦςΟͷಈ޲

    View Slide

  6. ࡢࠓͷ߈ܸͷಈ޲
    • ͢ͰʹڴҖͱͯ͠αϓϥΠνΣʔϯͷऑ఺Λѱ༻ͨ͠߈ܸ͕໰୊ʹͳ͍ͬͯΔ


    • IPA ͕ग़͍ͯ͠Δ৘ใηΩϡϦςΟͷ10େڴҖʹ΋ϥϯΫΠϯ͍ͯ͠Δ

    View Slide

  7. ࡢࠓͷ߈ܸͷಈ޲
    • Sonatype͔Β΋Ϩϙʔτ͕ग़͍ͯΔ


    • 2020೥ࠒ͔Β Supply Chain ʹର͢Δ߈ܸ͕ٸܹʹ૿Ճ͍ͯ͠Δ

    View Slide

  8. Supply Chain Security ͱ͸ʁ

    View Slide

  9. Supply Chain ͱ͸
    • ιϑτ΢ΣΞͷڙڅϓϩηεͷ͜ͱ


    ϓϩμΫτΛ։ൃͯ͠Ϣʔβ΁ಧ͚Δ·Ͱͷϓϩηεͷશମ

    View Slide

  10. Supply Chain ͱ͸
    • ιϑτ΢ΣΞͷڙڅϓϩηεͷ͜ͱ


    ϓϩμΫτΛ։ൃͯ͠Ϣʔβ΁ಧ͚Δ·Ͱͷϓϩηεͷશମ
    Engineer Source Code
    Vendor OSS
    Artifact Production Server
    Server / Network Machine

    View Slide

  11. Supply Chain Security ͱ͸
    Supply Chain Security ͸ 2ͭͷจ຺Ͱ༻͍ΒΕ͍ͯΔ


    • औҾઌ΍ؔ࿈ձࣾɺάϧʔϓձࣾΛܦ༝ͨ͠߈ܸ΁ͷରࡦ

    λʔήοτاۀͱ΍ΓऔΓ͕͋ΔൺֱతηΩϡϦςΟϨϕϧ͕௿͍औҾઌ΍
    ؔ࿈ձࣾɺάϧʔϓձࣾΛܦ༝͠ɺ߈ܸΛߦ͏ํ๏ɻ


    • ιϑτ΢ΣΞ͕ґଘ͍ͯ͠ΔϞδϡʔϧͳͲΛඪతͱͨ͠߈ܸ΁ͷରࡦ

    ޿͘ར༻͞ΕΔιϑτ΢ΣΞ΍ɺλʔήοτاۀ͕ར༻͢ΔͰ͋Ζ͏ιϑτ΢
    ΣΞ΍ͦΕΒͷߋ৽ϓϩάϥϜʹ߈ܸΛߦ͏ํ๏ɻ

    View Slide

  12. Supply Chain Security ͱ͸
    Supply Chain Security ͸ 2ͭͷจ຺Ͱ༻͍ΒΕ͍ͯΔ


    • औҾઌ΍ؔ࿈ձࣾɺάϧʔϓձࣾΛܦ༝ͨ͠߈ܸ΁ͷରࡦ

    λʔήοτاۀͱ΍ΓऔΓ͕͋ΔൺֱతηΩϡϦςΟϨϕϧ͕௿͍औҾઌ΍
    ؔ࿈ձࣾɺάϧʔϓձࣾΛܦ༝͠ɺ߈ܸΛߦ͏ํ๏ɻ


    • ιϑτ΢ΣΞ͕ґଘ͍ͯ͠ΔϞδϡʔϧͳͲΛඪతͱͨ͠߈ܸ

    ޿͘ར༻͞ΕΔιϑτ΢ΣΞ΍ɺλʔήοτاۀ͕ར༻͢ΔͰ͋Ζ͏ιϑτ΢
    ΣΞ΍ιϑτ΢ΣΞͷߋ৽ϓϩάϥϜʹ߈ܸΛߦ͏ํ๏ɻ
    ࠓ೔ͷൣғ
    ͜Ε͸*TMBOE)PQQJOH"UUBDLͱ͔ݴΘΕΔΒ͍͠

    View Slide

  13. Supply Chain Security
    Engineer SCM (e.g. GitHub)
    Source Code
    Build Server Production Server
    Artifact
    OSS

    View Slide

  14. Supply Chain Security
    Engineer SCM (e.g. GitHub)
    Source Code
    Build Server Production Server
    OSS Artifact
    ѱҙ͋ΔΤϯδχΞͷՄೳੑ
    ϦϙδτϦ্ͷιʔείʔυ͕


    վ͟Μ͞ΕΔՄೳੑ
    Build Server ͕


    ৐ͬऔΒΕ͍ͯΔՄೳੑ
    ֎෦͔Β߈ܸՄೳͳ੬ऑੑ͕


    ଘࡏ͢ΔՄೳੑ
    ੬ऑͳ࣮૷Λ͍ͯ͠ΔՄೳੑ
    ґଘ͍ͯ͠Διʔείʔυ͕


    ੬ऑͳՄೳੑ
    ϦϦʔε͞ΕΔιϑτ΢ΣΞ͕


    վ͟Μ͞ΕΔՄೳੑ

    View Slide

  15. Supply Chain Security
    Engineer SCM (e.g. GitHub)
    Source Code
    Build Server Production Server
    ѱҙ͋ΔΤϯδχΞͷՄೳੑ
    ϦϙδτϦ্ͷιʔείʔυ͕
    վ͟Μ͞ΕΔՄೳੑ
    #VJME4FSWFS͕
    ৐ͬऔΒΕ͍ͯΔՄೳੑ
    ֎෦͔Β߈ܸՄೳͳ੬ऑੑ͕
    ଘࡏ͢ΔՄೳੑ
    ੬ऑͳ࣮૷Λ͍ͯ͠ΔՄೳੑ
    Artifact
    ࠓ೔ͷൣғ
    ґଘ͍ͯ͠Διʔείʔυ͕
    ੬ऑͳՄೳੑ
    ϦϦʔε͞ΕΔιϑτ΢ΣΞ͕
    վ͟Μ͞ΕΔՄೳੑ
    OSS

    View Slide

  16. OSS ʹର͢Δ߈ܸͷࣄྫ
    • JDK 9Ҏ্ͰɺSpring Framework Λར༻͍ͯ͠Δ΄΅શͯͷγεςϜʹӨڹ


    • Өڹ͢Δ৔߹͸ɺαʔόͰ೚ҙͷίʔυ͕࣮ߦͰ͖Δঢ়ଶʹ…
    Spring4Shell (Java)
    Event-Stream (Node.js)
    • 200ສμ΢ϯϩʔυΛ௒͑ΔϥΠϒϥϦʹѱҙ͋Δόʔδϣϯ͕ϦϦʔε͞Εͨ


    • ҉߸௨՟΢ΥϨοτΛ౪΋͏ͱ͢Δίʔυ͕஫ೖ͞Ε͍ͯͨ

    View Slide

  17. OSS ʹର͢Δ߈ܸ
    ࣗࣾͰར༻͍ͯ͠ΔOSSΛ೺Ѳ͢Δͷ͸೉͍͠
    Software A
    Spring
    Framework
    Software b
    Software c
    Software e
    Log4j
    ࣗࣾͰ։ൃ͍ͯ͠Διϑτ΢ΣΞ Կ࢖ͬͯΔ͔Θ͔͍ͬͯΔൣғ ਖ਼௚Կ࢖͍ͬͯΔ͔ɺ΄΅Θ͔Βͳ͍ൣғ
    Software B
    ௚઀ґଘ ਪҠతґଘ

    View Slide

  18. OSS ʹର͢Δ߈ܸ
    ࣗࣾͰར༻͍ͯ͠ΔOSSΛ೺Ѳ͢Δͷ͸೉͍͠
    Software A
    Spring
    Framework
    Software b
    Software c
    Software e
    Log4j
    ࣗࣾͰ։ൃ͍ͯ͠Διϑτ΢ΣΞ Կ࢖ͬͯΔ͔Θ͔͍ͬͯΔൣғ ਖ਼௚Կ࢖͍ͬͯΔ͔ɺ΄΅Θ͔Βͳ͍ൣғ
    Software B
    ͜ΕΒͷ߈ܸ͔ΒϓϩμΫτΛकΔͨΊʹ͸


    Ͳ͏͢Ε͹͍͍ͷ͔...
    ͜ΕΒͷ߈ܸ͔ΒϓϩμΫτΛकΔͨΊʹ͸


    Ͳ͏͢Ε͹͍͍ͷ͔...

    View Slide

  19. OSS ʹର͢Δ߈ܸ
    ࣗࣾͰར༻͍ͯ͠ΔOSSΛ೺Ѳ͢Δͷ͸೉͍͠
    Software A
    Spring
    Framework
    Software b
    Software c
    Software e
    Log4j
    ࣗࣾͰ։ൃ͍ͯ͠Διϑτ΢ΣΞ Կ࢖ͬͯΔ͔Θ͔͍ͬͯΔൣғ ਖ਼௚Կ࢖͍ͬͯΔ͔ɺ΄΅Θ͔Βͳ͍ൣғ
    Software B
    SBOMͰղܾ͠·͠ΐ͏
    SBOMͰղܾ͠·͠ΐ͏

    View Slide

  20. SBOMͱ͸ʁ

    View Slide

  21. SBOMͱ͸
    • ιϑτ΢ΣΞͷߏ੒ཁૉΛ෦඼දͱଊ͑ɺͲͷΑ͏ͳϞδϡʔϧͰߏ੒͞Εͯ
    ͍Δ͔Λࣔ֓͢೦
    • SBOMͷ࢓༷͸4ͭ΄Ͳଘࡏ͢Δ
    • CycloneDX


    • SPDX (Software Package Data Exchange)


    • GitHub SBOM


    • SWID (Software Identification tags)
    OWASP


    Linux Foundation


    GitHub


    ஌Βͳ͍…

    View Slide

  22. SBOMʹ͍ͭͯ
    • ιϑτ΢ΣΞͷߏ੒΍ґଘؔ܎Λڞ௨ͷϑΥʔϚοτͱͯ͠දݱ͢Δ͜ͱ͕Մೳ

    View Slide

  23. ԿͷͨΊʹSBOMΛ࢖͏ͷ͔
    • SBOMΛೖྗͱͯ͠੬ऑੑͷݕ஌ͳͲ͕Մೳ
    ෆಛఆଟ਺ͷιϑτ΢ΣΞϞδϡʔϧ
    CycloneDX
    SPDX
    SBOM ϑΥʔϚοτ SCAπʔϧͳͲ

    View Slide

  24. ͦͷଞͷ༻్
    • ։ൃϕϯμʔ΍੡඼ϕϯμʔ͕ར༻ϞδϡʔϧΛSBOMͱͯ͠ެ։


    • ιϑτ΢ΣΞɾϥΠηϯεͷ؅ཧ
    Vendor A
    Vendor B
    Vendor C
    Engineer
    ੡඼AͷSBOM ιϑτ΢ΣΞBͷSBOM
    ੡඼CͷSBOM

    View Slide

  25. ੈͷதͷಈ޲
    • ถࠃͰ͸ɺେ౷ྖྩͱͯ͠Ұ෦ͷاۀʹؔͯ͠͸SBOMͷ࡞੒Λཁ݅Խ͍ͯ͠Δ


    • ೔ຊͰ΋ɺαΠόʔηΩϡϦςΟઓུͱͯ͠SBOMʹݴٴ͍ͯ͠Δ
    αΠόʔηΩϡϦςΟ̎̌̎̎ͷ֓ཁ
    ࠃՈͷαΠόʔηΩϡϦςΟվળʹؔ͢Δେ౷ྖྩ

    View Slide

  26. σϞ

    View Slide

  27. SBOMͷੜ੒
    ࣮ࡍʹSBOMΛ࡞ͬͯΈΔ
    ΊͬͪΌ؆୯

    View Slide

  28. σϞͷղઆ
    ղੳ
    CycloneDX
    ग़ྗ
    • ίϯςφ಺ͷɺOSύοέʔδ΍ΞϓϦέʔγϣϯύοέʔδΛղੳ
    Container

    View Slide

  29. σϞͷղઆ
    ղੳ ग़ྗ
    • ίϯςφ಺ͷɺOSύοέʔδ΍ΞϓϦέʔγϣϯύοέʔδΛղੳ
    Container
    OS OS Package
    Application
    Application
    Library
    Application
    Application
    Library
    Container

    View Slide

  30. ิ଍
    • CycloneDXͷSBOMͰ͸ɺ෦඼ʢComponentʣͷछྨ͕͍͔ͭ͘ଘࡏ͢Δ


    • ਖ਼௚ந৅౓͕ߴͯ͘ɺ࣮૷ͨ͠΋ͷͷɺະͩʹΑ͘Θ͔͍ͬͯͳ͍

    View Slide

  31. SBOMΛ༻͍ͨ੬ऑੑݕ஌
    ࡞੒ͨ͠SBOMΛར׆༻ͯ͠ΈΔ
    ΊͬͪΌ؆୯

    View Slide

  32. σϞͷղઆ
    Container
    OS OS Package
    Application
    Application
    Library
    Application
    Application
    Library
    CycloneDX
    ੬ऑੑݕ஌ ग़ྗ $7&9999
    $7&9999
    $7&9999
    • SBOMʹهࡌ͞Ε͍ͯΔύοέʔδʹରͯ͠੬ऑੑΛݕ஌

    View Slide

  33. ͍··Ͱ
    ෆಛఆଟ਺ͷιϑτ΢ΣΞϞδϡʔϧ ੬ऑੑݕ஌

    View Slide

  34. ͜Ε͔Β
    ෆಛఆଟ਺ͷιϑτ΢ΣΞϞδϡʔϧ ར׆༻ʢྫ͑͹੬ऑੑݕ஌ʣ
    ଞͷ׆༻ํ๏΋ߟ͑ΒΕΔ
    CycloneDX
    SPDX
    SBOM ϑΥʔϚοτ

    View Slide

  35. SBOMͰશͯͷιϑτ΢ΣΞΛՄࢹԽɺར׆༻Ͱ͖Δ!

    View Slide

  36. ͱ͸ͳΒͳ͍…

    View Slide

  37. ࣮ࡍʹ SBOM Λੜ੒ɺݕ஌͢ΔπʔϧΛ
    ։ൃ͢Δͱɺଟ਺ͷ՝୊Λݟ͚ͭΔ


    (CycloneDXͷࣄྫΛ঺հ)

    View Slide

  38. 1. શͯͷґଘؔ܎ΛՄࢹԽͰ͖ΔΘ͚Ͱ͸ͳ͍
    • ίϯςφΛղੳ͢ΔTrivy΍GrypeͳͲͷπʔϧͰ͸ make ͳͲͰϏϧυ͞Εͨ
    ύοέʔδΛՄࢹԽ͢Δ͜ͱ͸Ͱ͖ͳ͍
    ΋ͪΖΜSBOMͱͯ͠ग़ྗ͢Δ͜ͱ΋Ͱ͖ͳ͍

    View Slide

  39. 2. ʮඪ४ϑΥʔϚοτʯޓ׵ੑ͕͋Δͱ͸ݴͬͯͳ͍
    • πʔϧʹΑͬͯग़ྗ͢ΔϑΥʔϚοτ͕ҟͳΔͨΊޓ׵ੑ͕ͳ͍
    Grype CycloneDX Trivy CycloneDX
    ΋ͪΖΜ͓ޓ͍ͷSBOMͰ͸ਖ਼͘͠ݕ஌Ͱ͖ͳ͍

    View Slide

  40. 3. ෦඼ͷґଘؔ܎ͷछྨ͕ଟ͗͢Δ
    • ͦ΋ͦ΋ґଘؔ܎ͱ͸ʁ


    • ελςΟοΫϦϯΫ


    • GoͷΑ͏ͳ୯ҰͷBinary


    • JavaͩͱJarͷதʹJar͕ೖΔґଘؔ܎΋ଘࡏ


    • μΠφϛοΫϦϯΫ


    • ϓϩηεؒ௨৴΍HTTPͳͲͷ௨৴ʹΑΔґଘ
    SBOMͱͯ͠දݱ͢Δʹ͸ෳࡶ͗͢Δ

    View Slide

  41. 3. ෦඼ͷґଘؔ܎ͷछྨ͕ଟ͗͢Δ
    SBOMͱͯ͠දݱ͢Δʹ͸ෳࡶ͗͢Δ
    Component͕ωετ͢Δґଘؔ܎ DependencyʹΑΔґଘؔ܎

    View Slide

  42. 4. ࢓༷͕े෼Ͱ͸ͳ͍͜ͱ΋͋Δ
    • SBOM͸੬ऑੑΛݕ஌͢Δจ຺Ͱ༻͍ΒΕΔ͜ͱ͕ଟ͍


    • ݱঢ়ͷ֤छSBOMͷ࢓༷Ͱ͸ਖ਼͘͠੬ऑੑݕ஌Ͱ͖ͳ͍
    SBOMʹπʔϧಠࣗͷ֦ுϓϩύςΟΛಋೖͯ͠ରԠ
    SBOMͰ༻͍ΒΕ͍ͯΔύοέʔδ
    දݱ͚ͩͰ͸଍Γͳ͍

    View Slide

  43. ·ͱΊ
    • ύοέʔδߏ੒ϑΝΠϧ΍Docker Image͔Β؆୯ʹSBOM͕ੜ੒Ͱ͖Δ


    • ੜ੒ͨ͠SBOM͔Β੬ऑੑݕ஌͕Մೳ


    • SBOM͸ࠓ͸·࣮ͩݧஈ֊Ͱ՝୊΋ଟ͘ݟΒΕΔ


    • ੜ੒͢Δπʔϧͷ࢓༷Λཧղͯ͠ӡ༻͢Δඞཁ͕ٻΊΒΕΔ


    • ੜ੒πʔϧ͕ॆ࣮͢ΔʹͭΕͯɺར׆༻͢Δπʔϧ͕ग़ͯ͘Δ


    • ֤੡඼ϕϯμʔ͕SBOMΛެ։͢ΔͳͲͷੈք͕͘Δͱخ͍͠


    • SBOMΛར׆༻͢Δπʔϧ͸·ͩ·ͩগͳ͍ͨΊɺOSSΛ։ൃ͢Δνϟϯεʂ

    View Slide

  44. ༨ஊ
    • SBOMͷະདྷͷ࿩

    View Slide

  45. SBOMͷະདྷͷ࿩
    Digital Identity Attestation


    • OSS։ൃऀ/ߩݙऀ/ར༻ऀ͕ɺอक/։ൃ/ར༻͢Δίʔυ͕ Ͳ͔͜Β ͲͷΑ͏
    ʹ ڙڅ͞Ε͍ͯΔ͔Λཧղ͠ɺར༻൑அͰ͖ΔΑ͏ʹ͢Δ͜ͱ


    Software Attestation


    • ʮԿ͕(Subject)ɺͲͷΑ͏ʹ࡞੒(Predicate)ɺ୭͕ॺ໊(Signature)ʯͳͲͷϝλ
    σʔλΛϞσϧԽͨ͠΋ͷɻ


    Software Attestation ͸ Digital Identity Attestation ͷҰछ

    View Slide

  46. Software Attestationͱ͸
    • ʮԿ͕(Subject)ɺͲͷΑ͏ʹ࡞੒(Predicate)ɺ୭͕ॺ໊(Signature)ʯͳͲͷ
    ϝλσʔλΛϞσϧԽͨ͠΋ͷɻ

    View Slide

  47. ιϑτ΢ΣΞʹର͢Δॺ໊
    • SBOMΛϝλσʔλͱͯ͠ιϑτ΢ΣΞ΍ίϯςφΠϝʔδʹॺ໊͢Δ͜ͱ
    ͰɺSBOMΛҰݩ؅ཧ͢Δ࢓૊Έ͕։ൃ͞Εͭͭ͋Δ
    %PDLFS3FHJTUPSZʢ0$*3FHJTUSZʣ
    SBOM
    Docker Image
    Maintainer

    View Slide

  48. ιϑτ΢ΣΞʹର͢Δॺ໊
    • SBOMΛϝλσʔλͱͯ͠ιϑτ΢ΣΞ΍ίϯςφΠϝʔδʹॺ໊͢Δ͜ͱ
    ͰɺSBOMΛҰݩ؅ཧ͢Δ࢓૊Έ͕։ൃ͞Εͭͭ͋Δ
    %PDLFS3FHJTUPSZʢ0$*3FHJTUSZʣ
    SBOM
    Docker Image
    Maintainer

    View Slide

  49. Thank you for attention

    View Slide

  50. ͪͳΈʹ SBOMͷ࢓༷ʹߩݙͨ͠Γͨ͠
    8PSLJOH(SPVQʹ໊લ͕ࡌͬͯͨ
    • SBOMͱͯ͠੬ऑੑΛදݱ͢Δ࢓༷ʹߩݙ

    View Slide