Some information-processing devices are provided with applications for handling private information, information on services involving money, copyrighted material, and the like. Such applications must be protected from accesses by other applications with malicious intent and from attacks by a computer virus or the like.
One means of protecting an application is to apply virtual computer technology. In an environment using virtual computers, a plurality of virtual computers run on one physical computer. In this case, a specific application to be quarantined is processed by a virtual computer that differs from a virtual computer that handles general processing. Accordingly, a malicious application that is desirably quarantined can be prevented from affecting other applications on a virtual computer level.
Known examples of conventional art related to the present invention include Patent Documents 1 and 2 described below. Patent Document 1 discloses a technique in which a hypervisor that controls virtual computers is provided with key management information of a shared memory to realize communication between virtual computers.
Patent Document 2 discloses a technique for controlling communication between virtual computers in order to solve the issue of security in communication between virtual computers, in which a communication permission table for setting whether to permit or deny communication between virtual computers is provided in a hypervisor, a receiving application sets a transmitting application from which transmission is to be permitted in the communication permission table, and a transmitting application references the communication permission table.
However, with the technique disclosed in Patent Document 1, once the key is known, a shared memory for interprocess communication within a virtual computer can now be accessed by another virtual computer as a shared memory for interprocess communication between virtual computers. Therefore, there is an issue regarding security.
In addition, with the technique disclosed in Patent Document 2, there is a problem in that if the receiving application that sets the communication permission table is infected by a virus, the transmitting application from which transmission is to be permitted also becomes infected by the virus.
Patent Document 1: Japanese Patent Application Laid-open No. H11-85546
Patent Document 2: Japanese Patent Application Laid-open No. 2010-211339