In an information communication terminal apparatus such as mobile phone, a program of a basic process to embody basic functions of the terminal apparatus is typically installed together with an operating system in advance. The basic process is a process by a function such as call processing function, browser function for Internet access, electronic mail function and screen control function. In the meantime, a program to execute a further process different from the basic process is downloaded to the terminal apparatus from the outside through a network, a recording medium and the like and then installed into the terminal apparatus by a user's operation and the like. However, if a computer virus is introduced when the program for the further process is downloaded to the terminal apparatus, the operating system or basic process may be attacked by the computer virus when the terminal apparatus executes the further process.
A structure of the information communication terminal apparatus will be described. FIG. 1A is a block diagram showing an example of a structure of a related information communication terminal apparatus. In FIG. 1A, a structure of a well known typical apparatus is schematically shown. To the information communication terminal apparatus has been downloaded a program for a further process. In the followings, it is assumed that a further process is an application program or device driver (which is a software to execute an access request to a device and an interrupt process from the device and is also referred to as “I/O driver”) provided with native codes (which are binary codes compiled or assembled by a provider).
The information communication terminal apparatus shown in FIG. 1A is an information processing apparatus of a multi-CPU structure having a plurality of CPUs (Central Processing Units). The information communication terminal apparatus has a semiconductor integrated circuit, memory 31 and input/output apparatus (I/O) 51. The semiconductor integrated circuit has a plurality of CPUs 10010A and 10010B, a group including a program of a basic process and OS 10021A, a group including a program of a further process and OS 10021B and access control means 10030.
One or more CPUs 10010A are connected to memory 31 and I/O 51, respectively. One or more CPUs 10010B are connected to memory 31 and I/O 51 through access control means 10030.
In the information communication terminal apparatus shown in FIG. 1A, the CPUs are divided into a plurality of groups in accordance with reliability of a program or process to be executed. In the followings, the group is called as a domain. Here, the CPUs are divided into domain 10020A including the program of the basic process and OS 10021A and domain 10020B including the program of the further process and OS 10021B. In addition, security of domain 10020A is set to be higher than that of domain 10020B. The CPU of the low security/domain side, which has a separate hardware structure from the high security/domain, executes the program of the further process to secure the stability of the high security/domain.
The process having high reliability is to execute a process for data in which there is a low possibility that a computer virus will be included therein. The data having a low possibility that a computer virus will be included therein is data for a basic process that is installed in a computer main body in advance and also comprises data having security maintained by authentication as long as it is downloaded through the network.
As described above, one or more CPUs correspond to each domain. When accessing memory 31 and I/O 51 to execute the high security process of domain 10020A, CPU 10010B to execute the low security process of domain 10020B transmits an access request from CPU 10010B to access control means 10030. When access control means 10030 receives the access request from CPU 10010B, it determines permission/non-permission of the access. Then, only the access permitted by access control means 10030 is executed. By doing so, it is possible to establish a security system having very high reliability, based on the hardware control.
The international publication No. WO2006/022161 (Patent Document 1) discloses an information processing apparatus using a technology similar to the above. Patent Document 1 discloses a structure same as the access control means shown in FIG. 1A. In Patent Document 1, access permission data indicating whether or not to permit an access request from a CPU is stored in the access control means. When the access control means receives the access request from the CPU, it refers to the access permission data to perform filter control. The access permission data is a table in which an entry is provided for each CPU to execute the further process, the entry having a set of a range of a memory to be accessible and a type of a permissible access request.
Next, an example of a method of setting filter control for a router in a firewall of the network will be described. FIG. 1B is a view for illustrating an example of a method of setting filter control for a router in a system having a host and a router. As shown in FIG. 1B, host 10100 and router 10200 adjacent thereto are connected to each other.
In the structure shown in FIG. 1B, host 10100 instructs router 10200 to discard a packet unnecessary for its own apparatus. Thereby, router 10200 can discard the unnecessary packet even when a destination of the packet is host 10100, and thus host 10100 can prevent the unnecessary packet from being received.
A Japanese Patent Laid-open Publication No. 2005-354410 (Patent Document 2) discloses a method using a technology similar to the above. In Patent Document 2, a method of controlling the setting information of a host for a router is disclosed, as the method described in FIG. 1B.
Next, another setting method of the filter control in a firewall of the network will be described. FIG. 1C is a block diagram schematically showing an example of a structure of a firewall apparatus.
As shown in FIG. 1C, firewall apparatus 20000 comprises access request monitor unit 20100 that monitors an access from an external network, access source analysis unit 20200 that analyzes a transmission source of the access, access destination analysis unit 20300 that analyzes a transmission destination of the access and access filter unit 20400. Access filter unit 20400 calculates reliability of an access source and an apparatus density of an access destination from the access source information and the access destination information, and executes control whether or not to permit an access based on the calculation.
Firewall apparatus 20000 can perform packet filtering by using the access source information and the access destination information. As a result, it is not necessary to distribute most of the unnecessary packets to an internal network.
A Japanese Unexamined Patent Publication No. 2006-302295 (Patent Document 3) discloses an information processing apparatus using a technology similar to the above. Patent Document 3 discloses a method that is the same as the firewall control method shown in FIG. 1C.