For safe implementation of a security protocol, it has been heretofore necessary to properly determine whether data is to be protected for each variable in a program or not. There is hence a protection attribute determination method which pays attention to security functions such as encryption, signature, hash function, etc. included in the security protocol. In this method, a protection attribute requiring that a value of each input/output variable is stored in a protected memory area or a non-protected memory area based on presence/absence of confidentiality property and integrity property is defined for each security function, so that the protection attribute of each variable in the program is determined based on this restriction. As for a security protocol using a value transmitted from the outside or a value shared with the outside as an encryption key, protection attributes are determined.
However, this method gives no consideration to processing path information such that some (start point) function returns a value of variables as output and some (end point) function takes the value of the variables (returned from the start point function) as input (via some processes).