The present invention relates to technology for preventing leakage of secret information and, more particularly, to technology for preventing leakage of secret information using multilevel security.
A multilevel security system (MLS) that assigns a label for specifying a security level to a subject who performs access or an access target and limits access to the access target based on the assigned label is known. For example, Patent Document 1 (Patent Publication JP-A-2003-173284) discloses a network system in which, when a client terminal assigns a label indicating a level of secrecy to a file in the client terminal and transmits the file with the label to the outside, a transmission management program of a gateway server checks the label of the file and transmits the file to a network outside an organization when the level of secrecy is not “secret”. Patent Document 2 (Patent Publication JP-A-2000-174807) discloses a configuration in which a computer system has an operating system kernel that supports a multilevel access control security mechanism to produce an object access packet.
Further, technology for preventing leakage of secret information in a network is known. For example, Patent Document 3 (Patent Publication JPA-2006-251932) discloses a configuration in which a host device executes user authentication by referencing an authentication history in the host device when the host device cannot access a security management server in a configuration in which the security management server in a network performs authentication. Patent Document 4 (Patent Publication JP-A-2007-287097) discloses a configuration in which, when there is an access request from a client terminal to a server, a blocking device recognizes successful authentication when an IP address of the client terminal is contained in access management information, and authorizes the access request, and the blocking device recognizes failed authentication when the IP address of the client terminal is not contained in the access management information and blocks the access request.    [Patent Document 1] Patent Publication JP-A-2003-173284    [Patent Document 2] Patent Publication JP-A-2000-174807    [Patent Document 3] Patent Publication JP-A-2006-251932    [Patent Document 4] Patent Publication JP-A-2007-287097
When the configuration disclosed in Patent Documents 1 and 2 is applied to build a network-attached multilevel security system, a gateway or a server collectively performs access control. Accordingly, there are problems in that a load of the gateway or the server increases and communication speed is reduced when there are a number of client terminals.
Further, in the configuration described in Patent Document 3, when a host device cannot access a security management server, the host device executes user authentication by referencing an authentication history in the host device. Accordingly, for example, when the authentication history is not stored in the host device, a user successfully authenticated when authenticated in a security management server fails in the authentication, thus lacking convenience of a user task. Further, in the configuration disclosed in Patent Document 4, when the authentication of the client terminal has failed, an access request is blocked. Accordingly, for example, when the client terminal has failed in authentication due to being brought from the outside of a company, the client terminal does not access a server of a company and convenience of a user task is insufficient.