JP2011197849A - Security management system and security management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system for easily achieving the security management of a file.SOLUTION: When the installation of an application is started, a first information generation part B2 of a management object computer B generates file information for specifying a file created by the installation, and a first information transmission part B3 transmits it to a management computer A. A policy retrieval part A2 of a management computer A retrieves policy data from the file information. When there exists the pertinent policy data, a first transmission part A3 transmits the pertinent policy data, and otherwise, transmits information indicating that there does not exist any policy data, to the management object computer B. When receiving the pertinent policy data, a first registration part B4 of the management object computer B stores the pertinent policy data, and when receiving the information indicating that there does not exist any policy data, generates policy data from the file information, and stores it. An access control part B5 executes file access control based on the stored policy data.

Description

  The present invention relates to a technique for managing file security in a computer.

  File access control based on an access control policy is known as a security technique for protecting a file from unauthorized access from a network or the like. The access control policy is file access control information such as access authority for a file, and is described in a policy file which is an example of policy data existing for each computer system. The computer performs file access control based on the access control policy of the policy file to prevent unauthorized access to the file.

JP 2001-337864 A

  By the way, the application is composed of at least one file. By setting the access control policy for the files constituting the application in the policy data, the computer can control access to the application. However, since the policy data describes an access control policy for each file, it is necessary for a system administrator or the like to know in advance information such as the file names of all the files constituting the application. In addition, it may be difficult for a system administrator or the like to grasp information on all files constituting an application. For this reason, a system administrator or the like cannot easily manage file security.

In addition, the security administrator cannot grasp the files created during application execution.
Therefore, in view of such problems, it is an object of the present invention to provide a technique that facilitates file security management.

  In one embodiment of the present technology, when the application is installed, the management target computer generates first file information for specifying the file created by the installation and the type of the created file, and the management computer Send to. When the management computer receives the first file information, the management computer searches for policy data corresponding to the first file information. When the corresponding policy data exists, the management computer transmits the corresponding policy data to the management target computer, and when the corresponding policy data does not exist, the management computer transmits information indicating that the policy data does not exist. When the managed computer receives the policy data, it stores the policy data in the first storage. On the other hand, when it receives information indicating that the policy data does not exist, the managed computer generates the policy data and generates the first data Store in storage. Then, the management target computer executes file access control based on the policy data stored in the first storage.

  In another embodiment of the present technology, when a file is created by an application, the managed computer determines whether it is necessary to update policy data corresponding to the application. When it is necessary to update, the management target computer generates second file information in which the access control policy corresponding to the type of the created file is associated with the created file, and transmits the second file information to the management computer. When receiving the second file information, the management computer adds the access control policy to the policy data, and transmits the added policy data to the management target computer. When the managed computer receives the policy data, the managed computer stores the policy data in the first storage.

  According to the present technology, file security management is facilitated and the management cost of the computer system is reduced.

It is a sequence diagram which shows the outline | summary of this technique. It is a figure showing composition of this art. 1 is an overall configuration diagram illustrating an embodiment of a computer system to which the present technology is applied. It is a block diagram of a management object computer. It is explanatory drawing of a standard policy file. It is explanatory drawing of a type definition file. It is a block diagram of a management computer. It is explanatory drawing of a policy file. It is explanatory drawing of a list file. It is explanatory drawing of an incremental list file. It is explanatory drawing of a management file. It is explanatory drawing of a distribution management file. It is a flowchart of an installation detection process. It is a flowchart of a list file generation process. It is a flowchart of a policy file application process. It is a flowchart of a file access control process. It is a flowchart of a file creation detection process. It is a flowchart of a policy file generation process. It is a flowchart 1 of a list file comparison process. It is a flowchart 2 of a list file comparison process. It is explanatory drawing of the example 1 of the list file in the storage of a management computer. It is explanatory drawing of the example 2 of the list file in the storage of a management computer. It is explanatory drawing of the example 3 of the list file in the storage of a management computer. It is explanatory drawing of the example 1 of the list file produced | generated by the list production | generation part. It is explanatory drawing of the example 2 of the list file produced | generated by the list production | generation part. It is a flowchart of a management process. It is a flowchart of a management process 1 subroutine. It is a flowchart of a management process 2 subroutine. It is a flowchart of a management process 3 subroutine.

First, an overview of the present technology will be described with reference to FIG.
The computer system of the present technology includes a management computer and a management target computer. When the management target computer detects installation of the application, the management target computer generates information on the file created by the installation and transmits it to the management computer. The management computer determines whether the received file information and the previously stored policy are applicable, and if there is an applicable policy, transmits the policy to the management target computer. If there is no applicable policy, the management computer notifies the management target computer that there is no policy. The management target computer stores the received policy when it receives the policy, and generates a policy based on the standard policy when it receives that the policy does not exist.

  In addition, when the management target computer detects that a file is generated when the application is executed, the management target computer determines whether there is a policy corresponding to the generated file. If there is no policy, the managed computer generates a policy corresponding to the created file and sends it to the management computer. The management computer transmits the received policy to the managed computer to which the policy is to be applied.

Hereinafter, the present technology will be described in detail with reference to the accompanying drawings.
FIG. 2 shows a configuration of a computer system of the present technology. The management computer A is connected to a plurality of management target computers B to be managed. The management computer A collectively manages policy data distributed to the management target computer B, that is, policy data of files (hereinafter abbreviated as installation files) constituting the application installed on the management target computer B.

  As shown in FIG. 2, the managed computer B includes a first storage B1 such as a hard disk drive. The first storage B1 stores policy data corresponding to the application and an access control policy corresponding to the file type.

  The managed computer B executes a security management program installed in the first storage B1 or the like, thereby causing the first information generation unit B2, the first information transmission unit B3, the first registration unit B4, and the access control. The unit B5, the policy determination unit B6, the second information generation unit B7, the second information transmission unit B8, and the second registration unit B9 are implemented. The security management program is installed in the first storage B1 of the management target computer B1 from a computer-readable recording medium such as a CD-ROM or DVD-ROM in which the security management program is recorded. The same applies to the management computer A.

The first information generation unit B2 generates first file information for specifying the installation file created by the installation and the type of the installation file.
The first information transmission unit B3 transmits the first file information to the management computer A.

  The first registration unit B4 stores the policy file received from the management computer A in the first storage B1. In addition, the first registration unit B4 generates policy data and stores it in the first storage B1.

The access control unit B5 executes file access control based on the policy data stored in the first storage B1.
The policy determination unit B6 determines whether or not the policy data corresponding to the application needs to be updated when the file is created by the application.

  When it is necessary to update the policy data, the second information generation unit B7 generates second file information in which the access control policy corresponding to the type of the created file is associated with the created file.

The second information transmission unit B8 transmits the second file information to the management computer A.
The second registration unit B9 stores the policy data received from the management computer A in the first storage B1.

  The management computer A includes a second storage A1 such as a hard disk drive as shown in FIG. The second storage A1 stores policy data distributed to a plurality of managed computers B.

  The management computer A executes the security management program installed in the second storage A1 or the like, so that the policy search unit A2, the first transmission unit A3, the policy addition unit A4, and the second transmission unit A5 are respectively performed. To embody.

When the policy search unit A2 receives the first file information from the managed computer B, the policy search unit A2 searches for policy data corresponding to the first file information.
As a result of the search by the policy search unit A2, the first transmission unit A3 displays the corresponding policy data when the corresponding policy data exists, and information indicating that the policy data does not exist when the corresponding policy data does not exist. Transmit to the managed computer B.

When the policy adding unit A4 receives the second file information from the managed computer B, the policy adding unit A4 adds the access control policy to the policy data.
The second transmission unit A5 transmits the policy data to which the access control policy is added by the policy addition unit A4 to the managed computer B.

  FIG. 3 shows an embodiment of a computer system to which the present technology is applied. The management computer 100 is connected to a plurality of management target computers 400 to be managed via a network 300 such as a LAN (Local Area Network) and a WAN (Wide Area Network). The management computer 100 collectively manages policy files distributed to the management target computer 400, that is, policy files of application installation files installed on the management target computer 400.

  As shown in FIG. 4, the management target computer 400 includes a storage 510 such as a hard disk drive. The storage 510 stores an application folder 520, a standard policy file 530, a type definition file 540, and an application 550. The storage 510 is an example of the first storage.

  The application folder 520 stores a policy file 221 distributed from the management computer 100 to the management target computer 400 (details of the policy file 221 will be described later). The policy file 221 in the application folder 520 is used for file access control of the management target computer 400.

  In the standard policy file 530, an access control policy is defined for each file type and each file name extension. Specifically, as shown in FIG. 5, the standard policy file 530 stores at least a record that associates the file type, extension, and access control policy of the file. Here, for each symbol of the access control policy item in FIG. 5, r is “read”, w is “write”, c is “create”, d is “delete”, n is “rename”, and a is “ Attribute change ”, s“ Start ”, t“ End ”, L“ Only log output processing permitted ”, P“ Permitted ”, and D“ Rejected ”(the same applies to the policy file 221 described later). .) The standard policy file 530 is used for setting an access control policy for the installation file. A system administrator or the like determines an access control policy for each file type and extension of a file and describes it in the standard policy file 530.

  The type definition file 540 is used to determine the file type and file format of the file, and describes information defining the file type and file format of the file. Specifically, as shown in FIG. 6, the type definition file 540 stores at least a record in which a file extension, a file type, and a file format are associated with each other. The file extension, file type, and file format are described by a system administrator or the like.

  The application 550 is application software installed on the management target computer 400. The application 550 includes an execution file 551 and a file 552. The file 552 is a file created by the execution file 551 after the application 550 is installed.

  The management target computer 400 executes the security management program installed in the storage 510 or the like, thereby causing the detection unit 560, the list generation unit 570, the application unit 580, the control unit 590, the monitoring unit 600, and the policy generation unit 610, respectively. To embody. The security management program is installed in the storage 510 of the management target computer 400 from a computer-readable recording medium such as a CD-ROM or DVD-ROM in which the security management program is recorded. The same applies to the management computer 100.

  If the program started on the management target computer 400 is an installation program, the detection unit 560 notifies the list generation unit 570 that installation has started.

The list generation unit 570 generates a list file 231 (details of the list file 231 will be described later) and transmits the list file 231 to the management computer 100.
The detection unit 560 or the list generation unit 570 is an example of the first information generation unit. The list generation unit 570 is an example of a first information transmission unit.

  The application unit 580 stores the policy file 221 distributed by the management computer 100 in the application folder 520 or overwrites the existing policy file 221. The application unit 580 is an example of a first registration unit and a second registration unit.

  The control unit 590 controls I / O processing for files executed by the management target computer 400 according to the contents of the policy file 221 in the application folder 520. In addition, when the execution file 551 of the application 550 creates the file 552, the control unit 590 transmits information on I / O processing at the time of creating the file 552 to the monitoring unit 600. The control unit 590 is an example of an access control unit and a second information generation unit.

  The monitoring unit 600 determines whether the file 552 is a file controlled by the control unit 590. In the case of a file to be controlled, the monitoring unit 600 transmits I / O processing information to the policy generation unit 610. The monitoring unit 600 is an example of a policy determination unit and a second information generation unit.

  The policy generation unit 610 generates a policy file 221 for the application 550 and transmits it to the management computer 100. The policy generation unit 610 is an example of a first registration unit, a second information generation unit, and a second information transmission unit.

  The management computer 100 includes a storage 210 such as a hard disk drive, as shown in FIG. The storage 210 stores a policy folder 220, a list folder 230, an incremental list folder 240, a management file 250, a distribution management file 260, and a type definition file 270, respectively.

  The policy folder 220 stores a policy file 221 managed by the management computer 100. The policy file 221 is generated for each application installed in the management target computer 400. The policy file 221 describes an access control policy for the installation file. Specifically, as shown in FIG. 8, the policy file 221 stores at least a record that associates the file type of the file, the file name, the directory path of the directory in which the file exists, and the file access control policy. The policy file name of the policy file 221 is created by adding the extension “pol” to the application name including the name and version information of the corresponding application. (The same applies to a list file name and an incremental list file name described later.) For example, if the name of the installed application is “FJSVxxxx” and the version is “V14.0.0”, the application name is “FJSVxxxx_V1400”. The policy file name is “FJSVxxxx_V1400.pol”, the list file name is “FJSVxxxx_V1400.lst”, and the incremental list file name is “FJSVxxxx_V1400_add.lst”.

  The list folder 230 stores a list file 231 managed by the management computer 100. The list file 231 describes installation file information. The list file 231 is generated for each application installed in the management target computer 400. Specifically, as shown in FIG. 9, the list file 231 includes at least a record in which the file type, the file creation source program name, the file name, the directory path of the directory where the file exists, and the file size are associated. Stored. The list file 231 is an example of file information and first file information.

  The incremental list folder 240 stores an incremental list file 241 managed by the management computer 100. The incremental list file 241 is generated when an application installed on the management target computer 400 creates a file after installation. The incremental list file 241 is generated for each application that created a file after installation. In addition, the incremental list file 241 describes information on files created by the application. Specifically, as shown in FIG. 10, the incremental list file 241 includes a record in which at least the file type of the file, the file creation source program name, the file name, the directory path of the directory where the file exists, and the file size are associated with each other. Is stored.

  The management file 250 describes information for associating the application, the policy file 221 in the policy folder 220, the list file 231 in the list folder 230, and the incremental list file 241 in the incremental list folder 240. Specifically, as shown in FIG. 11, the management file 250 stores at least a record in which an application name and an application list file name, an incremental list file name, and a policy file name specified by the application name are associated with each other. The The item of the incremental list file name of an application that has not created a file after installation is blank.

  The distribution management file 260 describes information for associating the policy file 221 distributed to the management target computer 400 by the management computer 100 with the management target computer 400 of the distribution destination. Specifically, as shown in FIG. 12, the distribution management file 260 stores at least a record associated with the name of the distribution destination computer to which the policy file 221 has been distributed and the distribution policy file name.

The type definition file 270 describes the same contents as the type definition file 540 of the management target computer 400.
The management computer 100 embodies the comparison unit 280 and the management unit 290 by executing a security management program installed in the storage 210 or the like. The storage 210 is an example of the second storage.

  The comparison unit 280 compares the list file 231 received from the management target computer 400 with the list file 231 in the list folder 230, and transmits the list file name of the list file 231 whose contents match to the management unit 290. On the other hand, when there is no matching list file 231, the comparison unit 280 returns the list file 231 received from the management target computer 400 to the management target computer 400 as it is. The comparison unit 280 is an example of a policy search unit and a first transmission unit.

  The management unit 290 updates the policy file 221 in the policy folder 220, the list file 231 in the list folder 230, the incremental list file 241 in the incremental list folder 240, the management file 250, and the distribution management file 260. In addition, the management unit 290 distributes the policy file 221 to the management target computer 400. The management unit 290 is an example of a first transmission unit, a policy addition unit, and a second transmission unit.

  FIG. 13 is a flowchart of an installation detection process that is executed when the detection unit 560 of the management target computer 400 receives a message indicating that a program has been started from an operating system (hereinafter abbreviated as OS).

  In step 1 (abbreviated as “S1” in the figure, the same applies hereinafter), the detection unit 560 acquires the program name and process ID of the activated program from the OS service program or the like.

  In step 2, the detection unit 560 determines whether the activated program is a program related to installation. For example, if the acquired program name is an installation command program such as setup.exe, msi, rpm, and pkgadd, or a program that expands an archive format file such as tar, zip, and gzip, the detection unit 560 is activated. Is considered to be a program for installation. Then, if the activated program is a program related to installation, the detection unit 560 advances the process to step 3 (Yes), but ends the process if the activated program is not a program related to installation (No).

In step 3, the detection unit 560 transmits the acquired program name and process ID to the list generation unit 570.
According to such an installation detection process, when a program related to installation is activated, the detection unit 560 transmits the program name and process ID of the program to the list generation unit 570.

  FIG. 14 is a flowchart of list file generation processing that is executed when the list generation unit 570 of the management target computer 400 receives the program name and process ID from the detection unit 560.

  In step 11, the list generation unit 570 obtains information on the I / O process by hooking an I / O process issued from the OS I / O manager or the like. Here, the acquired I / O processing information includes the program name and process ID of the program that issued the I / O processing, and the name of the program that created the I / O processing target file, the file name, the file size, and the file Contains the directory path of the existing directory. Further, the information on the I / O processing includes the name and version information of the installed application.

  In step 12, the list creation unit 570 extracts the program name and process ID of the program that issued the I / O process from the information on the I / O process. The list generation unit 570 compares the extracted program name and process ID with the program name and process ID received by the list generation unit 570. If the program name and process ID match, the list generation unit 570 advances the process to step 13 (Yes), while if the program name and process ID do not match, the list generation unit 570 advances the process to step 14 ( No).

  In step 13, the list generation unit 570 creates installation file information in which information on the I / O processing target file is described. The installation file information is described in a state in which an I / O processing target file creation source program name, a file name, a directory path of a directory in which the file exists, a file size, and a file type of the file are associated with each other. The installation file information also describes the name and version information of the application including the installation file. The list generation unit 570 extracts the I / O processing target file creation source program name, file name, directory path of the directory where the file exists, and file size from the I / O processing information, and describes them in the installation file information. In addition, the list generation unit 570 extracts the name and version information of the application including the installation file from the I / O processing information, and describes it in the installation file information. Further, the list generation unit 570 extracts a record specified by the file name extension of the I / O processing target file from the type definition file 540. Then, the list creation unit 570 describes the file type of the extracted record in the installation file information.

  In step 14, the list generation unit 570 determines whether or not the program specified by the received program name and process ID has ended by inquiring of the OS. If the program is finished, the list generation unit 570 advances the process to step 15 (Yes), while if the program is continuing, the list generation unit 570 advances the process to step 11 (No).

  In step 15, the list generation unit 570 generates a list file 231. The list file name of the list file 231 is created based on the application name and version information of the installation file information. For example, if the name of the installed application is “FJSVxxxx” and the version is “V14.0.0”, the list file name is “FJSVxxxx_V1400.lst”. Further, the list generation unit 570 describes the file type, the creation source program name, the file name, the directory path of the directory where the file exists, and the file size of the I / O processing target file of the installation file information in the generated list file 231. To do.

  In step 16, the list generation unit 570 is either a program that expands an archive format file such as tar, zip, and gzip, or an installation command program such as setup.exe, msi, rpm, and pkgadd. Determine if there is. If it is a program that expands an archive format file, the list generation unit 570 advances the process to step 17 (Yes), whereas if it is an installation command program, the list generation unit 570 advances the process to step 18 (No). .

  In step 17, the list generation unit 570 determines whether or not the file name item described in the generated list file 231 includes the file name of the executable file. Here, the execution format file is a file whose file name extension is exe, dll, or so, and a file that does not have the extension described as the execution format in the file header information. If the file name of the execution format file is included, the list generation unit 570 advances the process to step 18 (Yes). If the file name of the execution format file is not included, the list generation unit 570 performs the process. Proceed to 19 (No).

In step 18, the list generation unit 570 transmits the generated list file 231 to the comparison unit 280 of the management computer 100.
In step 19, the list generation unit 570 deletes the generated list file 231.

  According to the list file generation process, the list generation unit 570 generates a list file 231 from information on files copied or expanded in the storage 510 by a program related to installation and information on installed applications. In addition, the list generation unit 570 transmits the generated list file 231 to the comparison unit 280 of the management computer 100.

  FIG. 15 shows a flowchart of a policy file application process that is executed when the application unit 580 of the management target computer 400 receives the policy file 221 from the management unit 290 of the management computer 100.

  In step 21, the application unit 580 determines whether a policy file 221 having the same name as the received policy file 221 exists in the application folder 520. If the policy file 221 having the same name exists, the application unit 580 advances the process to step 22 (Yes), whereas if the policy file 221 having the same name does not exist, the application unit 580 advances the process to step 23 (No). ).

In step 22, the application unit 580 overwrites the received policy file 221 over the existing policy file 221 in the application folder 520.
In step 23, the application unit 580 stores the received policy file 221 in the application folder 520.

According to the policy file application process, the application unit 580 updates the policy file 221 of the application folder 520 based on the received policy file 221.
FIG. 16 shows a flowchart of a file access control process repeatedly executed by the control unit 590 when the security management program is executed on the management target computer 400.

  In step 31, the control unit 590 obtains I / O processing information (hereinafter abbreviated as I / O information) by hooking the I / O processing issued by the managed computer 400. Here, the I / O information includes the file name of the I / O processing target file and the I / O processing type (file read, creation, update, deletion, etc.) for the I / O processing target file.

  In step 32, the control unit 590 determines whether or not the hooked I / O processing is file creation from the I / O processing type of the I / O information. If the I / O processing type is not file creation, the control unit 590 advances the process to step 33 (Yes), while if the I / O processing type is file creation, the control unit 590 proceeds to step 36. Advance (No).

  In step 33, the control unit 590 determines whether or not the record specified by the file name of the I / O processing target file of the I / O information exists in the policy file 221 of the application folder 520. If the record exists, the control unit 590 extracts the policy file 221 in which the record exists from the application folder 520, and advances the process to step 34 (Yes). On the other hand, if there is no record, the control unit 590 advances the process to step 35 (No).

  In step 34, the control unit 590 extracts a record specified by the file name of the I / O processing target file of the I / O information from the extracted policy file 221. Also, the control unit 590 determines whether or not the I / O processing type of the I / O information is permitted by the access control policy of the extracted record. If permitted by the access control policy, the control unit 590 advances the process to step 35 (Yes), but if not permitted by the access control policy, the control unit 590 ends the process (No).

In step 35, the control unit 590 executes the hooked I / O process.
In step 36, the control unit 590 obtains the file name of the execution file 551 and the directory path of the directory in which the execution file 551 exists from the hooked I / O processing, and adds it to the I / O information. Further, the control unit 590 also obtains the file name of the file 552, the directory path of the directory in which the file 552 was created, the creation source program name and the file size of the file 552 from the hooked I / O processing, and I / O information Add to Then, the control unit 590 transmits the I / O information to the monitoring unit 600.

  According to such file access control processing, the control unit 590 executes file access control according to the contents of the policy file 221 in the application folder 520. In addition, the control unit 590 detects the creation of the file 552 and transmits I / O information to the monitoring unit 600.

FIG. 17 is a flowchart of the file creation detection process that is executed when the monitoring unit 600 of the management target computer 400 receives I / O information from the control unit 590.
In step 41, the monitoring unit 600 extracts the file name of the execution file 551 and the directory path of the directory where the execution file 551 exists from the I / O information. Next, the monitoring unit 600 determines whether the record specified by the extracted file name and directory path exists in the policy file 221 of the application folder 520. If there is a record, the monitoring unit 600 extracts the policy file 221 in which the record exists from the application folder 520 and advances the processing to step 42 (Yes), but if there is no record, the monitoring unit 600 ends the processing. (No).

  In step 42, the monitoring unit 600 extracts the file name of the file 552 and the directory path of the directory in which the file 552 is created from the I / O information. Next, the monitoring unit 600 determines whether or not a record specified by the extracted file name and directory path exists in the extracted policy file 221. If the record does not exist, the monitoring unit 600 advances the process to step 43 (Yes), while if the record exists, the monitoring unit 600 ends the process (No).

In step 43, the monitoring unit 600 transmits the I / O information and the policy file name of the policy file 221 extracted in step 41 to the policy generation unit 610.
According to the file creation detection process, the monitoring unit 600 takes out the policy file 221 in which the record describing the information of the execution file 551 exists from the application folder 520. Further, when there is no record in which the information of the file 552 is described in the extracted policy file 221, the monitoring unit 600 transmits the I / O information and the policy file name of the extracted policy file 221 to the policy generation unit 610. To do.

  18 is executed when the policy generation unit 610 of the management target computer 400 receives the list file 231 from the comparison unit 280 of the management computer 100 or the I / O information and the policy file name from the monitoring unit 600. The flowchart of a policy file generation process is shown.

  In step 51, the policy generation unit 610 determines whether the list file 231 has been received. If the list file 231 has been received, the policy generation unit 610 advances the process to step 52 (Yes), whereas if the list file 231 has not been received, the policy generation unit 610 advances the process to step 56 (No). .

  In step 52, the policy generation unit 610 generates a policy file 221. The policy file name of the generated policy file 221 is created based on the list file name of the received list file 231. For example, when the list file name of the received list file 231 is “FJSVxxxx_V1400.lst”, the policy file name is “FJSVxxxx_V1400.pol” in which the extension “.lst” of the list file name is changed to “.pol”. .

  In step 53, the policy generation unit 610 describes the file type, file name, and directory path of the items described in the received list file 231 in the generated policy file 221.

  In step 54, the policy generation unit 610 sets an access control policy item for each record of the generated policy file 221 in accordance with the standard policy file 530. For example, when the standard policy file 530 is FIG. 5, the file name of the record to be set is “application_1.exe” (file name extension is “exe”), and the file type is “executable file”, access control is performed. “R = P, w = D, c = D, d = D, n = D, a = D, s = P, t = P” are set in the policy.

In step 55, the policy generation unit 610 transmits the received list file 231 and the generated policy file 221 to the management unit 290 of the management computer 100.
In step 56, the policy generation unit 610 extracts the file name of the file 552 from the I / O information. Further, the policy generation unit 610 identifies a record described in the standard policy file 530 by the extension of the extracted file name. Further, the policy generation unit 610 extracts the file type and access control policy of the identified record from the standard policy file 530.

  In step 57, the policy generation unit 610 creates an access control rule in which information of the file 552 is described. In the access control rule, the directory path of the directory in which the file 552 is created, the creation source program name of the file 552, the file name, the file size, the file type, the access control policy, and the policy file name are described. The policy generation unit 610 extracts the directory path of the directory in which the file 552 was created from the I / O information, the creation source program name of the file 552, the file name and file size, and the policy file name, and describes them in the access control rule. . The policy generation unit 610 also describes the extracted file type and access control policy in the access control rule. The access control rule is an example of file information and second file information.

In step 58, the policy generation unit 610 transmits the created access control rule to the management unit 290 of the management computer 100.
According to the policy file generation process, when the policy generation unit 610 receives the list file 231, the policy generation unit 610 generates the policy file 221 based on the received list file 231. Then, the policy generation unit 610 transmits the received list file 231 and the generated policy file 221 to the management unit 290 of the management computer 100. When the policy generation unit 610 receives the I / O information and the policy file name, the policy generation unit 610 creates an access control rule and transmits it to the management unit 290 of the management computer 100.

  19 and 20 are lists that are executed when the comparison unit 280 of the management computer 100 receives a list file 231 (hereinafter abbreviated as a comparison source list file) from the list generation unit 570 of the management target computer 400. The flowchart of a file comparison process is shown.

  In step 61, the comparison unit 280 determines whether or not the comparison source list file has been compared with all the list files 231 stored in the list folder 230. If the comparison with all the list files 231 has not been performed yet, the comparison unit 280 advances the process to step 62 (Yes), while if the comparison with all the list files 231 has been performed, the comparison unit 280 The process proceeds to step 66 (No).

In step 62, the comparison unit 280 sequentially takes out the list file 231 for comparison with the comparison source list file from the list folder 230 and makes it a comparison target list file.
In step 63, the comparison unit 280 determines whether or not the number of records described in the comparison source list file matches the number of records described in the comparison target list file. If the number of records matches, the comparison unit 280 advances the process to step 64 (Yes), while if the number of records does not match, the comparison unit 280 advances the process to step 61 (No).

  In step 64, the comparison unit 280 determines whether or not a record for comparison with the record described in the comparison target list file remains in the comparison source list file. If the record for comparison remains, the comparison unit 280 advances the process to step 65 (Yes), while if the record for comparison does not remain, the comparison unit 280 advances the process to step 67 (No). .

In step 65, the comparison unit 280 sequentially takes out records to be compared with the records in the comparison target list file from the comparison source list file, and sets them as comparison source records.
In step 66, the comparison unit 280 returns the comparison source list file to the policy generation unit 610 of the management target computer 400.

In step 67, the comparison unit 280 transmits the list file name of the comparison target list file to the management unit 290.
In step 68, the comparison unit 280 determines whether or not the record specified by the file name of the comparison source record exists in the comparison target list file. If the record exists, the comparison unit 280 advances the process to step 69 (Yes), while if the record does not exist, the comparison unit 280 advances the process to step 61 (No).

In step 69, the comparison unit 280 takes out the record specified by the file name of the comparison source record from the comparison target list file and sets it as the comparison target record.
In step 70, the comparison unit 280 identifies the record of the type definition file 270 by the extension of the file name of the comparison source record. If the record file format is binary as a result of the identification, the comparison unit 280 advances the process to step 71 (Yes), while if the record file format is not binary, the comparison unit 280 advances the process to step 72 (No). ).

  In step 71, the comparison unit 280 determines whether or not the creation source program name and the file size items of the comparison source record and the comparison target record match. If the creation source program name and the file size item match, the comparison unit 280 advances the process to step 64 (Yes). If the creation source program name and the file size item do not match, the comparison unit 280 performs the process. Proceed to step 61 (No).

  In step 72, the comparison unit 280 determines whether or not the creation source program name items of the comparison source record and the comparison target record match. If the creation source program items match, the comparison unit 280 advances the process to step 64 (Yes), while if the creation source program name items do not match, the comparison unit 280 advances the process to step 61 (No). .

  According to the list file comparison process, the comparison unit 280 searches the list folder 230 for a list file 231 having the same content as the comparison source list file. If there is a matching list file 231, the comparison unit 280 transmits the list file name of the matching list file 231 to the management unit 290. If there is no matching list file 231, the comparison unit 280 returns a comparison source list file to the policy generation unit 610 of the management target computer 400. For example, when the list file 231 of the list folder 230 is FIG. 21, FIG. 22 and FIG. 23 and the comparison source list file is FIG. 9, the comparison unit 280 has the list file 231 having the same contents in the list folder 230. Judge not to. Alternatively, when the list file 231 of the list folder 230 is FIG. 21, FIG. 22 and FIG. 23 and the comparison source list file is FIG. 24, FIG. 21 shows the list file 231 whose contents match with each other. The list file 231 is determined.

  In the present technology, the above-described “search for the list file 231 whose contents match the comparison source list file from the list folder 230” is processed as “from the list folder 230 the list file 231 including the contents of the comparison source list file. The processing may be changed to “Find” processing. For example, when the list file 231 of the list folder 230 is FIG. 21, FIG. 22, FIG. 23 and the comparison source list file is FIG. 25, the comparison unit 280 includes a list file 231 including the contents of the comparison source list file: The list file 231 shown in FIG. 22 is determined.

  26 shows that the management unit 290 of the management computer 100 has received the list file name from the comparison unit 280, or the policy file 221 and the list file 231 or the access control rule from the policy generation unit 610 of the management target computer 400. The flowchart of the management process performed as an opportunity is shown.

  In step 81, the management unit 290 determines whether a list file name has been received. If the list file name has been received, the management unit 290 proceeds to step 82 (Yes), whereas if the list file name has not been received, the management unit 290 proceeds to step 83 (No).

In step 82, the management unit 290 executes a management process 1 subroutine.
In step 83, the management unit 290 determines whether or not the policy file 221 and the list file 231 have been received. If the policy file 221 and the list file 231 have been received, the management unit 290 advances the process to step 84 (Yes), whereas if the policy file 221 and the list file 231 have not been received, the management unit 290 performs the process. Proceed to 85 (No).

In step 84, the management unit 290 executes a management process 2 subroutine.
In step 85, the management unit 290 executes the management process 3 subroutine.
FIG. 27 shows a flowchart of the management process 1 subroutine.

  In step 91, the management unit 290 specifies a record of the management file 250 based on the received list file name. Further, the management unit 290 specifies the policy file 221 of the policy folder 220 based on the policy file name of the specified record.

In step 92, the management unit 290 transmits the identified policy file 221 to the application unit 580 of the management target computer 400.
In step 93, the management unit 290 describes the name of the managed computer 400 that is the transmission destination of the transmitted policy file 221 in the item of the distribution destination computer name of the distribution management file 260. In addition, the management unit 290 describes the policy file name of the transmitted policy file 221 in the item of the distribution policy file name of the distribution management file 260.

FIG. 28 shows a flowchart of the management process 2 subroutine.
In step 101, the management unit 290 stores the received list file 231 in the list folder 230. Also, the management unit 290 stores the received policy file 221 in the policy folder 220.

  In step 102, the management unit 290 determines the application name of the application corresponding to the received list file 231 from the received list file name of the list file 231. For example, in the case of “FJSVxxxx_V1400.lst”, the application name is “FJSVxxxx_V1400”. In addition, the management unit 290 describes the list file name of the received list file 231, the policy file name of the received policy file 221, and the application name in the management file 250.

In step 103, the management unit 290 returns the received policy file 221 to the application unit 580 of the management target computer 400.
In step 104, the management unit 290 describes the name of the management target computer 400 that is the reply destination of the returned policy file 221 in the item of the distribution destination computer name of the distribution management file 260. In addition, the management unit 290 describes the policy file name of the returned policy file 221 in the item of the distribution policy file name of the distribution management file 260.

FIG. 29 shows a flowchart of the management process 3 subroutine.
In step 111, the management unit 290 specifies the record of the management file 250 from the policy file name of the received access control rule. In addition, the management unit 290 determines whether or not the item of the incremental list file name of the identified record is blank. If the increment list file name item is blank, the management unit 290 proceeds to step 112 (Yes), while if the incremental list file name item is not blank, the management unit 290 proceeds to step 114 (step 114). No).

  In step 112, the management unit 290 generates the incremental list file 241. The incremental list file name of the generated incremental list file 241 is created based on the policy file name of the access control rule. For example, if the policy file name of the access control rule is “FJSVxxxx_V1400.pol”, the incremental list file name will be “FJSVxxxx_V1400_add.lst” with the extension “.pol” of the policy file name changed to “_add.lst” . Further, the management unit 290 stores the generated incremental list file 241 in the incremental list folder 240.

In step 113, the management unit 290 describes the incremental list file name of the generated incremental list file 241 in the record of the management file 250 identified in step 111.
In step 114, the management unit 290 identifies the incremental list file 241 in the incremental list folder 240 from the incremental list file name of the record in the management file 250 identified in step 111. In addition, the management unit 290 describes the file type, creation source program name, file name, directory path, and file size of the file described in the access control rule in the specified incremental list file 241.

  In step 115, the management unit 290 identifies the policy file 221 of the policy folder 220 from the policy file name of the access control rule. Further, the management unit 290 describes the file type, file name, directory path, and access control policy of the file described in the access control rule in the identified policy file 221.

  In step 116, the management unit 290 retrieves the record specified by the policy file name of the access control rule from the distribution management file 260. In addition, the management unit 290 specifies the management target computer 400 of the distribution destination of the policy file 221 specified in step 115 by the distribution destination computer name of the extracted record.

In step 117, the management unit 290 transmits the policy file 221 identified in step 115 to the application unit 580 of the identified managed computer 400.
According to such management processing, the management unit 290 updates the policy file 221 of the policy folder 220, the list file 231 of the list folder 230, the incremental list file 241 of the incremental list folder 240, the management file 250, and the distribution management file 260. . In addition, the management unit 290 transmits the policy file 221 in the policy folder 220 to the application unit 580 of the management target computer 400.

  In this embodiment, the operation flow of each unit when the application 550 is installed in the management target computer 400 is as follows. The detection unit 560 of the managed computer 400 detects the start of the installation program of the application 550 and notifies the list generation unit 570 that the installation has started. When the list generation unit 570 is notified by the detection unit 560 that the installation has started, the list generation unit 570 collects information on the application 550 and information on files copied or expanded in the storage 510 by the installation program. Further, the list generation unit 570 generates a list file 231 from the collected file information and transmits it to the comparison unit 280 of the management computer 100. The comparison unit 280 of the management computer 100 extracts the list file 231 whose contents match the list file 231 received from the list generation unit 570 from the list folder 230 and transmits the list file name of the extracted list file 231 to the management unit 290. To do. Note that the flow when there is no list file 231 having the same content will be described later. The management unit 290 identifies the policy file 221 of the policy folder 220 based on the list file name received from the comparison unit 280 and transmits the policy file 221 to the application unit 580 of the management target computer 400. In addition, the management unit 290 describes the name of the transmitted policy file and the name of the transmission destination management target computer 400 in the distribution management file 260. The application unit 580 of the management target computer 400 stores the policy file 221 received from the management unit 290 in the application folder 520. The control unit 590 controls I / O processing for the files described in the policy file 221 of the application folder 520 according to the access control policy.

  The operation flow of each unit when the list file 231 whose contents match the list file 231 received by the comparison unit 280 of the management computer 100 is not in the list folder 230 is as follows. The comparison unit 280 of the management computer 100 returns the list file 231 received from the management target computer 400 to the policy generation unit 610 of the management target computer 400. The policy generation unit 610 of the management target computer 400 generates the policy file 221 based on the list file 231 and the standard policy file 530 received from the comparison unit 280, and transmits them to the management unit 290 of the management computer 100 together with the received list file 231. To do. The management unit 290 of the management computer 100 stores the policy file 221 and the list file 231 received from the policy generation unit 610 in the policy folder 220 and the list folder 230, respectively. The management unit 290 also describes the name of the received policy file 221, the name of the list file 231, and the application name of the application 550 in the management file 250. Further, the management unit 290 returns the received policy file 221 to the application unit 580 of the management target computer 400. Then, the management unit 290 describes the name of the returned policy file 221 and the name of the managed computer 400 that is the reply destination in the distribution management file 260. The application unit 580 of the management target computer 400 stores the policy file 221 received from the management unit 290 in the application folder 520. The control unit 590 controls I / O processing for the files described in the policy file 221 of the application folder 520 according to the access control policy.

  Alternatively, in this embodiment, the operation flow of each unit when the execution file 551 of the application 550 creates the file 552 after the application 550 is installed on the management target computer 400 is as follows. The control unit 590 of the managed computer 400 detects the creation of the file 552 and transmits information on I / O processing at the time of creating the file 552 to the monitoring unit 600. Based on the I / O processing information received from the control unit 590, the monitoring unit 600 determines whether or not the policy file 221 in which the execution file 551 information and the file 552 information are described exists in the application folder 520. To do. When the policy file 221 exists, the monitoring unit 600 transmits the information of the file 552 to the policy generation unit 610. The policy generation unit 610 creates an access control rule for the file 552 based on the information on the file 552 received from the monitoring unit 600 and the standard policy file 530, and transmits the access control rule to the management unit 290 of the management computer 100. The management unit 290 of the management computer 100 updates the incremental list file 241 in the incremental list folder 240 based on the access control rule received from the policy generation unit 610. (At this time, if the incremental list file 241 of the application 550 is not in the incremental list folder 240, the management unit 290 generates the incremental list file 241 and stores it in the incremental list folder 240.) Also, the management unit 290 accesses Based on the control rule, the management file 250 and the policy file 221 of the policy folder 220 are updated. Furthermore, the management unit 290 specifies the management target computer 400 that is the transmission destination of the updated policy file 221 based on the distribution management file 260. Then, the management unit 290 transmits the updated policy file 221 to the application unit 580 of the identified management target computer 400. The application unit 580 of the managed computer 400 overwrites the policy file 221 in the application folder 520 with the policy file 221 received from the management unit 290. The control unit 590 controls I / O processing for the files described in the policy file 221 of the application folder 520 according to the access control policy.

  Therefore, based on the standard policy file 530, a policy file 221 corresponding to the application installed on the managed computer 400 is generated. Alternatively, a policy file 221 that has been used in one managed computer 400 is diverted to another managed computer 400. Further, the access control policy of the file created by the application of the management target computer 400 is added to the policy file 221 corresponding to the application. This facilitates file security management and reduces the management cost of the computer system. In addition, an effective security environment is quickly established.

Regarding the above embodiment, the following additional notes are disclosed.
(Supplementary note 1) A managed computer having a first storage storing an access control policy corresponding to a file type, and policy data in which an access control policy is defined and distributed to a plurality of managed computers A security management system having a stored second storage, wherein when the application is installed in the managed computer, the file created by the installation and the type of the file are specified A first information generating unit that generates first file information for the management target computer, a first information transmitting unit that transmits the first file information to the management computer, and the management computer; The first file In the policy search unit that searches the second storage for policy data corresponding to the first file information when the policy data is received, and when the policy data exists in the management computer, the policy data When the policy data does not exist, the policy data is received by the first sending unit that sends information indicating that the policy data does not exist to the managed computer and the managed computer. In this case, when the policy data is received as information indicating that the policy data does not exist, the first storage for each file specified by the first file information is referred to, and Access corresponding to the file type specified by the first file information A first registration unit that generates policy data in which the control policy is associated with the file and stores the policy data in the first storage; and in the managed computer, based on the policy data stored in the first storage An access control unit that executes file access control. (1)

(Supplementary Note 2) Policy data in which an access control policy corresponding to an application is defined, a managed computer having a first storage storing an access control policy corresponding to a file type, and a policy distributed to a plurality of managed computers A management computer having a second storage for storing data, wherein when a file is created by an application in the managed computer, the first storage is referred to, and In the policy determination unit that determines whether or not it is necessary to update the policy data corresponding to the application, and when the policy data needs to be updated in the managed computer, refer to the first storage , A second information generation unit that generates second file information in which an access control policy corresponding to a file type and the file are associated with each other, and the management target computer transmits the second file information to the management computer And when the second file information is received in the management computer, the policy data corresponding to the application among the policy data stored in the second storage when the second file information is received. A policy addition unit for adding an access control policy for the file based on the second file information; and a second transmission unit for transmitting policy data to which the access control policy is added to the managed computer in the management computer. And access on the managed computer A second registration unit that stores the policy data to which the access control policy has been added in the first storage when the policy data to which the control policy has been added is received; and And an access control unit that executes file access control based on the policy data stored in the security management system. (2)

  (Supplementary Note 3) A managed computer having a first storage storing an access control policy corresponding to a file type, and policy data in which an access control policy is defined and distributed to a plurality of managed computers. A security management method for a security management system, comprising: a management computer having a stored second storage, wherein when the application is installed on the managed computer, the file created by the installation and the file Generating first file information for specifying a type; sending the first file information to the management computer; and managing the computer to send the first file information to the management computer. Received The policy data corresponding to the first file information is retrieved from the second storage, and if the management computer exists the policy data, the policy data is converted to the policy data. If the management target computer receives the policy data, the information indicating that the policy data does not exist is transmitted to the management target computer. When information indicating that policy data does not exist is received, the file specified by the first file information is referred to the first storage for each file specified by the first file information. Associate the access control policy corresponding to the type of file and the file Generating the stored policy data in the first storage, and executing the file access control based on the policy data stored in the first storage by the managed computer. A security management method characterized by the above.

(Appendix 4) Policy data in which an access control policy corresponding to an application is defined, a managed computer having a first storage storing an access control policy corresponding to a file type, and a policy distributed to a plurality of managed computers A security management method of a security management system having a second storage storing data, wherein the managed computer refers to the first storage when a file is created by an application Determining whether it is necessary to update the policy data corresponding to the application;
Second file information that associates the file with an access control policy corresponding to the file type by referring to the first storage when the managed computer needs to update the policy data Generating the second storage information when the management target computer transmits the second file information to the management computer, and when the management computer receives the second file information. Adding the access control policy of the file based on the second file information to the policy data corresponding to the application among the policy data stored in the management data, and adding the access control policy to the management computer The managed policy data is stored in the managed computer. And when the managed computer receives the policy data to which the access control policy has been added, storing the policy data to which the access control policy has been added in the first storage, And a step of executing file access control based on the policy data stored in the first storage by the managed computer.

  (Supplementary Note 5) When an application is installed on a managed computer having a storage storing an access control policy corresponding to the file type, file information for specifying the file created by the installation and the type of the file And when the policy data in which an access control policy is defined is received from the management computer as a response to the file information, the policy data is sent as a response to the file information. When information indicating that no policy data exists from the management computer is received, the storage is referred to for each file specified by the file information, and the file type specified by the file information is matched. Generating the policy data associating the access control policy with the file and storing the policy data in the storage; and executing the file access control based on the policy data stored in the storage. A featured security management program. (3)

  (Supplementary Note 6) Policy data in which an access control policy is defined, which is stored in a management computer storing policy data distributed to a plurality of managed computers, can be installed by installing an application from any of the managed computers. When the file information for specifying the created file and the file type is received, the policy data corresponding to the file information is retrieved from the storage; and the managed computer that has transmitted the file information is searched for And a step of transmitting the policy data. (4)

  (Supplementary note 7) When a file is created by an application on a managed computer having a storage storing policy data in which an access control policy corresponding to the application is defined and an access control policy corresponding to the file type, the storage To determine whether it is necessary to update the policy data corresponding to the application, and when the policy data needs to be updated, the storage is referred to and the file type is determined. An access control policy added from the management computer as a response to the file information, generating a file information associating the access control policy corresponding to the file and the file, sending the file information to the management computer When the received policy data is received, the policy data to which the access control policy is added is stored in the storage, and the file access control is executed based on the policy data stored in the storage. Security management program characterized by

  (Supplementary Note 8) Policy data in which an access control policy corresponding to an application is defined, and a management computer having a storage storing policy data distributed to a plurality of managed computers, from any of the managed computers, When the file information that associates the file created by the application of the managed computer with the access control policy of the file is received, the policy data corresponding to the application is the policy data stored in the storage. Adding an access control policy for the file based on the file information, and transmitting policy data with the access control policy added to the managed computer that has transmitted the file information. Security management program for causing achieved and step, the.

A management computer A1 second storage A2 policy search unit A3 first transmission unit A4 policy addition unit A5 second transmission unit B managed computer B1 first storage B2 first information generation unit B3 first information transmission Unit B4 first registration unit B5 access control unit B6 policy determination unit B7 second information generation unit B8 second information transmission unit B9 second registration unit

Claims (4)

A managed computer having a first storage that stores an access control policy corresponding to a file type, and a second that stores policy data in which the access control policy is defined and distributed to a plurality of managed computers A security management system having a storage computer
A first information generation unit configured to generate first file information for specifying a file created by the installation and a type of the file when an application is installed in the managed computer;
A first information transmission unit configured to transmit the first file information to the management computer;
In the management computer, when receiving the first file information, a policy search unit that searches the second storage for policy data corresponding to the first file information;
In the management computer, when the policy data exists, the policy data is transmitted to the management target computer, and when the policy data does not exist, information indicating that the policy data does not exist is transmitted to the management target computer. The transmitter of
In the managed computer, when the policy data is received, the policy data is received. When the information indicating that the policy data does not exist is received, each file specified by the first file information is received. Referring to the first storage with respect to the file, the access control policy corresponding to the file type specified by the first file information and policy data associating the file are generated and stored in the first storage A first registration unit that
An access control unit that executes file access control based on policy data stored in the first storage in the managed computer;
A security management system comprising: Policy data in which an access control policy corresponding to an application is defined, a managed computer having a first storage storing an access control policy corresponding to a file type, and policy data distributed to a plurality of managed computers are stored A security management system having a management computer having a second storage,
In the managed computer, when a file is created by an application, a policy determination unit that determines whether it is necessary to update policy data corresponding to the application with reference to the first storage;
In the managed computer, when the policy data needs to be updated, second file information in which the file is associated with the access control policy corresponding to the file type with reference to the first storage. A second information generation unit for generating
A second information transmission unit configured to transmit the second file information to the management computer in the management target computer;
In the management computer, when the second file information is received, the policy data corresponding to the application among the policy data stored in the second storage is based on the second file information. A policy adding unit for adding an access control policy for the file;
A second transmission unit configured to transmit policy data to which the access control policy is added to the management target computer in the management computer;
A second registration unit that stores the policy data with the access control policy added to the first storage when the managed computer receives the policy data with the access control policy added;
An access control unit that executes file access control based on policy data stored in the first storage in the managed computer;
A security management system comprising: To a managed computer with storage that stores the access control policy corresponding to the file type,
Generating file information for specifying a file created by the installation and a type of the file when the application is installed;
Sending the file information to a management computer;
As a response to the file information, when policy data in which an access control policy is defined is received from the management computer, the policy data is received, and information indicating that policy data does not exist is received from the management computer. Refers to the storage for each file specified by the file information, generates policy data associating the file with an access control policy corresponding to the file type specified by the file information, and the storage The step of storing in
Performing file access control based on policy data stored in the storage;
Security management program characterized by realizing To a management computer having a storage storing policy data in which an access control policy is defined and distributed to a plurality of managed computers.
A step of searching the storage for policy data corresponding to the file information when receiving a file created by installing an application and file information for specifying the type of the file from any of the managed computers When,
Sending the policy data to the managed computer that sent the file information;
Security management program characterized by realizing

Images