The present invention relates to technology for preventing the leakage of confidential information, and in particular relates to technology for preventing the leakage of confidential information using multi-level security.
Various technologies have been proposed in relation to preventing the leakage of confidential information. For example, Patent Document 1 (Patent Publication JP-A-2004-220120) describes a method of an authentication mechanism authenticating the user by comparing the user information accumulated in a database and information corresponding to the information resource to be accessed by the user.
Patent Document 2 (Patent Publication JP-A-2005-275669) describes a data monitoring method where, when a data send command is issued, the data send command is restricted if the application program that issued the data send command is registered as an application program to be monitored.
Patent Document 3 (Patent Publication JP-A-2009-169895) describes a client terminal which, upon detecting that a confidential file was sent to a network, gives additional information showing the inclusion of confidential information to a packet prior to sending the packet to the network.
Patent Document 4 (Patent Publication JP-A-2008-033584) describes a configuration where a VM (security virtual machine) installed in a client device interposes itself between a program such as a WWW browser and an operating system (OS), and delivers, to the operating system, the contents of the system call concerning the file access issued by the program after modifying such contents to secure contents.    [Patent Document 1] Patent Publication JP-A-2004-220120    [Patent Document 2] Patent Publication JP-A-2005-275669    [Patent Document 3] Patent Publication JP-A-2009-169895    [Patent Document 4] Patent Publication JP-A-2008-033584
Here, known is a multi-level security system (MLS) of assigning a label specifying the security level to data, applications, users and devices, and controlling the access to the access target based on the assigned label. This kind of multi-level security system assigns, for example, a label showing “public”, “confidential” or the like to the application in advance, and, when the application accesses the access target, controls such access based on the assigned label.
Nevertheless, in cases where the application accesses an access target on a network (hereinafter referred to as the “network access”), it is necessary to conduct a check and control the application before the application accesses the access target, but this entails the following problems.
For example, with respect to a network access by an application, considered may be the method of checking and controlling the access at a timing that is immediately before the access is sent from the terminal device to the network. The check can be performed, for example, by using a firewall or the like. However, there are certain applications that use, for example, a network service function provided by an operating system or the like to perform the network access. In the foregoing case, the network access is executed by the operating system, and not the application. Thus, since the firewall detects the network access by the operating system and not the application, the firewall is unable to determine from which application the network access originated, and, consequently, it is difficult to perform access control according to the label of the application.
Meanwhile, with respect to a network access of an application using a network service function, considered may be a method of checking and controlling the network service function at a timing that the network service function is called by the application. The check can be performed, for example, by using the hook of the system call as described in Patent Document 4. Nevertheless, with this method, since the monitoring target is limited to a specific application to which a hook is set, there is a problem where an omission of an application may occur during the monitoring process.
Accordingly, while is it necessary to control, without any omission, a network access by an application regardless of the method of network access by the application, foregoing Patent Documents 1 to 4 do not provide an effective scheme for resolving the foregoing problems.