1. Field of the Invention
The present invention relates to an access controller and an access control method for controlling access to control target resources by a program.
2. Description of the Related Art
A use form in which a program is obtained through a network and executed by a personal computer, a PDA, or a portable telephone has been popular. Such a use form is advantageous in that a necessary application is quickly obtained to improve convenience for a user. Regarding program codes distributed through the network, however, there are ill-intentioned codes designed to destroy a system or perform an illegal operation, and defective codes which cause abuse or operation damages of system resources. An increase in use of downloaded applications has brought about an urgent need to secure user convenience and safety of program execution. Hence, a mechanism of preventing damages by ill-intentioned or defective codes (illegal codes) has become more important.
As the mechanism of preventing damages by illegal codes, there is available an execution environment of a program code called a sandbox which limits access to resources. The sandbox includes an access control function of controlling access to a file from a program code (sandboxed code) executed in the sandbox, the network, or the like according to an access rule called a security policy. In this case, to secure safety by the sandbox, it is necessary to prevent the sandboxed code from bypassing access control processing to directly access the resources.
As an effective method of preventing bypassing of access control, a sandbox that uses a system call hook is available. The system call is a request issued to an operating system (OS) when the program code accesses resources such as a file or a network. It is difficult to operate computer resources without a system call. Thus, by adding access control processing by way of a system call (referred to as “hook” hereinafter), bypassing is made difficult (e.g., see Using Kernel Hypervisors to Secure Applications, in Proceedings of the Annual Computer Security Application Conference, 1997).
However, the system call is a low-level interface of the OS, and it is difficult to obtain program meaning information from information of the system call hooked by the OS. Accordingly, in the access control based on the system call hook, there is a difficulty of controlling/processing which takes the program meaning information into consideration. When the program meaning information cannot be obtained, profound knowledge, and time and labor regarding the system are necessary. Besides, description of flexible access rules based on the program meaning information such as conditional permission, “program installation is permitted under condition of obtaining a backup or history”, at a system call level is difficult.
The problem caused by the impossibility of obtaining the meaning information can be solved by a sandbox which uses a library function loading hook. There is available a realization method of replacing a library containing a control target function by a library containing hook processing in the sandbox (e.g., DITools: Application-Level Support for Dynamic Extension and Flexible Composition, in Proceedings of 2000 USENIX Annual Technical Conference, 2000). Thus, access control processing can be added according to an interface of high abstraction, and various access rules based on meaning information can be efficiently set.
However, in the case of the sandbox dependent on the library function loading hook alone, it is impossible to prevent a bypass attack of directly issuing a system call, ant thus there is a serious problem in safety.
The present invention has been made with the foregoing problems in mind, and objects of the invention are to provide an access controller and an access control method for achieving both of high-level resource access control based on program meaning information and strong safety to prevent bypassing.