For example, in an organization such as a company or a governmental office, the responsibility to be borne and the authority that can be exercised by a constituent member of the organization differs depending on his/her position. Accordingly, reading and writing of resources, i.e., access to resources, such as materials or information sources held in the organization need to be controlled in accordance with the position of each constituent member. An MLS system (Multilevel Security System) is known as a system for controlling access to resources.
In the MLS system, a security level that indicates the degree of sensitivity is assigned to users who access resources, as well as to resources which are access targets. User access of resources by the users is controlled in accordance with the security level assigned to the users and the security level of the resources. For example, Patent Document 1 discloses a technique for realizing the MLS system at the time of network access between a client and a server.
In the system disclosed in Patent Document 1, a kernel in a transmission-side client controls operation of input/output functions, memories, processes, and execution programs. The kernel also creates a port identifier by combining a security level and a port number. The port identifier is inserted into a protocol area of an IP (Internet Protocol) header of an IP packet. The IP header is transmitted to a reception-side server after having data attached thereto.
A reception-side kernel in the reception-side server acquires a port identifier from the received IP header, and thereafter extracts the security level and the port number. If the port corresponding to the extracted port number is accessible at the extracted security level, the reception-side kernel releases the port and realizes network access in accordance with the security level.