A sandbox is a known technique for secure execution of a program by an information processing device, in particular a portable information processing device. A sandbox is a technique in which, after resources to be used by a program are confined in a protected environment, the program is executed in the protected environment, thereby avoiding harmful influences outside the protected environment. For example, FIG. 1 illustrates a state in which an application A to which a user ID=“0123” has been assigned and an application B to which a user ID=“4567” has been assigned are executed in different sandboxes from each other, thereby preventing access to resources of each other.
However, when a file name is modified by a malicious program, the program that has to be executed in a sandbox does not match a file name found in a list that is stored in a user or a system, and thus the program turns out not to be executed in the sandbox. Therefore, a first technique for more certain execution in a sandbox, of a program set to be executed in the sandbox is proposed. The first technique secures a special storage region to store a program intended to be executed securely and determines whether the program to be executed is stored in the special storage region, and when the program to be executed is stored in the special storage region, executes the program in an environment where available resources are limited.
In addition, regarding control over execution of an application program, a second technique for protecting system resources, particularly from an application program that contains unreliable code, for secure execution is proposed. The second technique creates an execution environment in which access to outside the execution environment is limited and arranges at least a part of each of the device driver, the library, and user data provided in the computer to allow read access from a program that runs in the execution environment. Then, the second technique executes an application program that is introduced or obtained from an application distribution server or the like in the execution environment.
Examples of related art are Japanese Laid-open Patent Publication No. 2006-65493 and International Publication Pamphlet No. WO 2007/074565.