1) Field of the Invention
This invention relates to an access right contradiction detection apparatus which detects a contradiction which occurs between a run-time access right list which is a collection of access rights which are used when a predetermined program to be executed based on the restriction of access rights is executed and a design-time access right list which is a collection of access rights which are granted when the program is designed, for the predetermined program, and an analysis rule creation apparatus which creates a predetermined analysis rule which is employed by the access right contradiction detection apparatus.
2) Description of the Related Art
In recent years, as network technology develops, programs that run on a software referred to as “a virtual machine” and which does not depend on a platform according to OS or type of the machine (computer) have become popular. Such programs include, for example, a Java program which is created in Java (a trademark) which is an object-oriented program language.
The Java program is characterized by being capable of exercising access control over file operation and network connection. Namely, the Java program controls access by defining access rights necessary to execute the programs which involve a risk of security such as the reading of a file and the connection to the network.
Specifically, as shown in FIG. 18, different classes of access rights are defined for types in accordance with expression formats which conform to the Java2 standard policy file and the access rights are strictly expressed according to targets and actions. For example, with access control “permit reading/tmp/hoge files”, an access right “java.io.FilePermission“/tmp/hoge”, “read”” is defined.
In addition, a program which involves a risk of security is executed to correspond to the calling of a specific method. Therefore, as shown in FIG. 19, predetermined access rights are given to correspond to methods which require access rights, respectively. For example, for a method “java.io.FileInputStream.FileInputStream (String name)”, an access right “java.io.FilePermission“[name]”, “read”” is given to correspond to the method.
If a method is called to execute a program, an access right which is authorized to a person who calls the method is referred to. As long as the person has an access right necessary to call the method, the person is permitted to execute the method. In this way, access control is exercised to each Java program based on the restriction of access rights when the program is executed.
Conventionally, a program execution test is conducted for a program to be executed based on the restriction of access rights so as not to cause a security exception between access rights which are used when the program is executed and access rights which are given when the program is designed.
Specifically, when the Java program is designed, access rights which the Java program requires are granted in advance and the program is created in view of the access rights thus granted in advance. However, for a Java program which is actually created, access rights to be used are not necessarily limited to those that are granted at the time of design because of packaging error or the like.
For example, if a user exercises an access right wider than the access right which is given at the time of designing a packaged Java program, a security exception occurs when executing the program. Namely, this includes an instance in that although an access right “permit reading/tmp/hoge files” is granted at the time of designing a program, an access right “permit reading all files” is exercised for a packaged Java program.
Under these circumstances, it is examined whether or not a contradiction (difference in the width of restriction) occurs between an access right to be used when a Java program is executed and that granted when the program is designed by conducting a program execution test. If this execution test detects any contradiction between the both access rights, the program is corrected to conform to the access right which is granted at the time of design to thereby eliminate a security exception.
Nevertheless, the conventional art has a disadvantage in that a contradiction which occurs between an access right used when a program is executed and that granted when the program is designed cannot be detected with high accuracy. In other words, according to the conventional art, an execution test is simply conducted to a program which is created in light of access rights which are granted when the program is designed and the result of the execution test does not always reflect on all contradictions. Therefore, even if an execution test is repeatedly conducted, there is a limit to the detection of all contradictions as a matter of course.
Accordingly, how to detect the contradiction which occurs between an access right used when a program is executed and that granted when the program is designed is quite an important problem to be solved. Not a method of repeatedly conducting an execution test but a method which enables easily, surely detecting a contradiction is desired.