Malicious programs have been recently developed to perform unauthorized and harmful operations to a computer, and such malicious programs greatly degrade the security of a computer by replacing a file of the computer or changing the configuration of the system, for example. Such malicious programs behave as follows. They firstly intrude into a memory of the computer from the outside, and piggyback on an access to a resource in the kernel space from a user mode when an application program (AP) is executed. Then they acquire the privilege level (ring 0), and govern the resource control. In this way, unauthorized actions by such programs become executable as the programs intend. Currently various types of software to monitor the execution of malicious programs and control their unauthorized activities are proposed.
Patent Literature 1 describes a method for monitoring applications to prevent the leakage of resource information. The method is to limit the access by an API, and includes: detecting the starting of an application; suspending a processing request for the resource issued from the started application; authenticating whether the started application is a legitimate application or not; and only when the started application succeeds in the authentication, permitting the processing based on the suspended processing request.
Patent Literature 2 describes an information-leakage prevention system for computer. The system is configured to, when an application to be executed on the computer accesses information stored in a memory such as a hard disk HDD, hook the application using the hook function of the operating system (OS). A determination unit of the system determines whether the access meets a preset access admission condition, and when it is determined as an unauthorized access by virus or the like, the system disables the passing of information stored in the memory to the application.
Patent Literature 3 describes an external boot technique of attaching an external device that stores an exclusive loader and an administrative file beforehand to a computer, and then turning the power of the computer on. This technique is to allow the administrative file to control the regions in which the OS is loaded from the HDD using the exclusive loader that is loaded into a main memory (RAM) from the external device, and give a difference in privilege level among the regions. Thereby, a secure region can be kept by the administrative file at a predetermined region of the RAM.