1. Field of the Invention
The present invention relates to a client apparatus, a server apparatus and an authority control method.
2. Description of the Related Art
An instrument (hereinafter, referred to as a “server apparatus”) for providing resources of contents, a function and the like to another instrument has means for controlling an access authority of the other instrument (hereinafter, referred to as a “client apparatus”) in order to protect the resources from an unauthorized access. Here, “the other instrument” includes, for example, instruments such as cellular phones, an information appliance, a PC, a PDA, and a workstation.
For example, based on an access control list (ACL), the server apparatus determines whether to accept or refuse a request for downloading the contents and a request for writing a file from a process on the client apparatus, and a request for reading and writing a local file of a mobile code sent from the client apparatus, thereby protecting the resources.
However, when the client apparatus allows attacker's and computer virus's intrusions, an authority of software is stolen and the software is manipulated, there are possibilities of an unauthorized use of the server apparatus and an outflow of the contents to the outside by the manipulated software.
As a countermeasure against the above, the following is possible. An unauthorized intrusion/manipulation detection system is introduced into the client apparatus to detect the unauthorized intrusion and the manipulation, thereby issuing abnormality information to preset administrator or server apparatus, cutting off a communication by using a firewall, recovering the client apparatus, and so on. The intrusion detection system monitors a command history, a log, and packets flowing through a network, and when discovering a command execution or a packet, which is regarded as an intrusion (unauthorized access), performs an action such as presenting an alarm, collecting a communication log, shielding the packet concerned by notifying the firewall of the intrusion, and recovering normal contents and a normal setting file. There is disclosed a technology for detecting an attack such as stealing an authority of a program under execution by monitoring an operation sequence of the program and monitoring whether the operation sequence conforms to a normal operation model of the program, which is constructed in advance (for example, refer to Wagner, Dean, “Intrusion Detection via Static Analysis,” IEEE Symposium on Security and Privacy, 2001). Moreover, as an example of an unauthorized manipulation detection system, there is disclosed a technology for detecting the unauthorized manipulation by calculating a hash value of a system file, a log file or the like and comparing the hash value with a value at the time of a normal operation (for example, refer to Tripwire: http://www.tripwiresecurity.com; AIDE (Advanced Intrusion Detection Environment): http://www.cs.tut.fi/˜rammer/aide.html; Osiris: http://www.shmoo.com/osiris/).
As described above, when detecting the abnormality information, the unauthorized intrusion/manipulation detection system on the conventional client apparatus has the means for making requests for limiting the authority, such as issuing the abnormality information to the designated destination and cutting off the communication, in accordance with a rule decided in advance by the setting file and the like.
However, while the client apparatus has a possibility to access an arbitrary server apparatus, the client apparatus does not have means for setting the server apparatus that is being accessed thereby as the destination of the notice and the request. Accordingly, there is a problem that protectable server apparatuses are limited. Moreover, since the server apparatus does not have means for interpreting the issued abnormality information and reflecting the abnormality information on the limitation of the authority, it is difficult to flexibly limit the authority in consideration of significance of the abnormality information of the client and property of the resources provided by the server apparatus, and there is a possibility to damage convenience of the client apparatus for a user.
For example, even in the case of a low-risk intrusion and a manipulation to a component having a low association with a critical part of system, the rule of the intrusion detection system may be set with putting priority on safety, and the server apparatus may make a request for limiting the authority so as to refuse every request from the client apparatus. Although being suitable for a critical server apparatus, this authority request becomes an excessive limitation for a tolerant server apparatus.
In consideration of the above-described problem, it is an object of the present invention to provide a client apparatus, a server apparatus and an authority control method, which make prevention of the unauthorized use of the server apparatus and the outflow of the contents and securement of the convenience for the user compatible with each other.