1. Field of the Invention
The present invention relates to a computer apparatus and a process controlling method, and more particularly to a computer apparatus in which an operating system such as Linux, etc. manages execution of a program by a process and executes the program and a process controlling method.
This application claims priority of Japanese Patent Application No. 2004-006130, filed on Jan. 13, 2004, the entirety of which is incorporated by reference herein.
2. Description of the Related Art
For example, a basic software (operating system: OS), such as Unix for a personal computer PC-Unix (Registered Trademark), etc., represented by Linux, FreeBSD manages the execution of a program by a process and executes the program in the computer apparatus. Even in an electronic device equipped with a personal digital assistant (PDA), or a CPU such as a digital camera device, a digital video device, etc., the OS similarly manages and executes the execution of a program by a process.
Heretofore, the above-mentioned OS has executed process state management only regarding a process of an execution state, an executable state, a temporary pause, etc. Further, checking of integrity of an execution file or a library is performed by a tool for periodically checking the integrity such as Tripwire or for checking the integrity of the entire execution file immediately before the execution. An encryption of a file is executed in a file unit.
An applicant of the present invention discloses a technology for performing a memory protection when an access to an incorrect address area occurs in an operating system without decelerating an execution processing speed by Pat. Document (WO00/34871).
The conventional OS performs a status management regarding the processing of a process only about processing of the above-mentioned execution state, the executable state, the temporary pause, etc., and regarding whether the integrity of the process is held or not or whether important data decoded from the important execution file encrypted to prevent an analysis by a third party is held or not has not been grasped at all.
Therefore, even in the process in which a process to access to important data is falsified, the OS allows to access to the data since the process cannot be identified from a normal process. Even in the process to be executed is the falsified process, if the processing is correct, this process can be executed.
The process consists of an execution file and various libraries. Therefore, even if all the linked libraries are checked by a signature, etc. and the integrity of the libraries are held, unless the execution file has signature and the integrity is guaranteed, the process cannot be guaranteed to be correct with no falsification. Even if the integrity of one execution file is performed, if the integrity of the other library is not held, the integrity is not held as the entire process. It is considered to use a tool for checking whether the signature is attached only to the execution file to confirm the integrity, but since the process moves as one as a whole, if any one of the execution file, the libraries is not held at the integrity, the integrity as the process cannot be guaranteed.
However, it is not practical to sign all the execution files and the libraries in view of an overhead and management, and only the necessary file must be signed.
Thus, in the case of process control and management of only the process, which process is executed by what reliability cannot be grasped, and hence access control to important data or the like cannot be performed at the OS side.
In checking the integrity of the execution file or the library, if periodical integrity is checked at each one week or each one month, the integrity can be guaranteed immediately after the end of the checking, but it cannot be confirmed whether the integrity is held or not until the next integrity check is completed.
If the integrity is checked immediately before the execution, when the execution file or the library of large size is checked, since the files are all read in a memory, a large quantity of memory is consumed to delay starting. Therefore, a frequently used library has relatively large size, and it is not practical to check the entire file at each starting time. Further, since the checking is performed only at the starting time, the checking during execution is not performed. Therefore, the integrity if the process is falsified during execution is not held.
It is necessary to decode and execute the execution file encrypted before the execution in the encryption of the file to be executed in a file unit irrespective of the data file, but since the encryption is performed in a file unit, the decryption must be performed after the entire file is once read in the memory. Therefore, in the case of the file having the large size, the large quantity of the memory is consumed similarly to the checking of the integrity, and hence the starting is delayed.
Furthermore, in the above-mentioned Pat. Document, the technology for protecting the memory when access to an incorrect address area occurs is disclosed but does not disclose a process control, that is an object of the present invention, for managing the processing state of the process, checking the integrity of the file of the program intended to be executed by the execution file or protecting data to be decoded from the encrypted data.