JP2005157682A - Network defense system and shared storage device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To acquire data from the Internet without connection to the Internet in order to prevent intrusions and attacks from the Internet. <P>SOLUTION: When a computer A 110 connected to the Internet stores data in a shared storage device 100, the data 114 can be immediately acquired by a computer B 111. Even if the computer A 110 fails, the data 114 stored in a hard disk 102 can be immediately acquired and processed by the computer B 111. The shared storage device 100 is connected to the two computers by connecting means 112 using a different interface protocol than a LAN uses, to secure the computer B 111 and all computers connected to an intranet LAN 113. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a network defense system and a shared storage device, and in particular, includes a shared storage that can easily acquire data from the Internet from a computer connected to the Internet without being connected to the Internet. When a computer connected to the network is invaded by a hacking attack and becomes inoperable due to an attack, this computer data can be easily retrieved, and hacking can propagate to other computers TECHNICAL FIELD The present invention relates to a network defense system and a shared storage device that prevent a problem.

  Conventionally, as a means for preventing illegal actions called hacking, a means for providing a so-called firewall is known as a general means for preventing intrusion and attacks via the Internet network. This firewall has a function of monitoring a communication data division unit called a packet transmitted between the Internet network and the in-house LAN, and discarding a packet that does not comply with a rule defined by the user on the spot. It is a device or system. As a result, software resources on the computer can be protected from attack packets sent by hackers (hackers who perform hacking), and destruction, theft, and leakage of data can be prevented (for example, see Non-Patent Document 1). .)

  This firewall is the only practical means to prevent hacking from the Internet, and a variety of products are in widespread use, all of which decide whether to pass packets according to user-defined rules. Therefore, it is difficult to completely stop an attack packet that uses various disguise means and attempts to infiltrate with a legitimate packet. Incidentally, when the in-house LAN is connected to the Internet network, in the worst case, there is a risk that all computers connected to the in-house LAN will be attacked. This is because the Internet network and the LAN both use the same protocol (communication protocol) called TCP / IP. In other words, as long as this attack using TCP / IP is performed, no matter how strict the rules are, security holes (passages) are likely to be found, and the communication speed decreases as the rules become stricter. Because it becomes difficult to use, in actual operation, this rule cannot be strictly enforced, so it is difficult to completely stop the attack.

For example, one of the actual attack patterns is a technique called password hacking. This is a technique to obtain the ID and password, which is the identification information of the authorized user of the computer targeted for attack, and invade it. The ID and password can be obtained by using an identification information analysis tool or administrator. Or obtain and analyze an encrypted password file (see Non-Patent Document 2). In any of these methods, once an intrusion is allowed, all operations that can be performed by the original authorized user can be performed by hackers pretending to be authorized users. In the above Non-Patent Document 2, the term “cracking” is used as a synonym for “hacking”.
Another technique (attack pattern) different from the aforementioned password hacking technique is a buffer overflow technique. This technique is also the technique shown in Non-Patent Document 2 described above, and uses a program bug to enter.

In this method, first, a hacker knows which version of what program (software product) is running on the attack target computer by executing the above-described password hacking (pre-survey). Then, you can also find out what kind of bugs (defects, weaknesses, bugs) are included in the software product from the bug information published on the Internet by the manufacturer of this software product. Can do. Therefore, the hacker exploits this public information to launch a bug-attacking attack, causing the program to cause a phenomenon of buffer overflow, and then executing an illegal instruction.
Hereinafter, how this buffer overflow occurs and how it is abused will be described with reference to the above-mentioned Non-Patent Document 2.

(1) The program is expanded in the RAM of the computer and executed by the CPU.
(2) The program is composed of a combination of a large number of instruction codes, and these are written in the RAM.
(3) A buffer area for storing data used for communication and the like is also secured in the RAM.
(4) Normally, the buffer area is programmed so that a programmer creating the program secures a sufficient size in consideration of the size of transmission / reception data.
(5) However, this programming is performed by humans, and is not always performed correctly without error. In some programs, for example, when unexpectedly large data is received, an error process (for example, buffer overflow check) is not provided and the data is directly written in the buffer area.

(6) A phenomenon that occurs when unexpectedly large data is received by such a program, that is, a buffer overflow.
Incidentally, when data overflows from the buffer area, the RAM outside the buffer area is rewritten, so that the program hangs up or malfunctions. This is because program instruction codes (regular instruction codes) are generally written in the RAM outside the buffer area, and after the above-described buffer overflow occurs, the CPU stores data in the RAM area outside the buffer area. This is because the written data is executed assuming that it is the regular instruction code.
(7) Moreover, in order to exploit the malfunction of the CPU, the hacker causes the instruction code of the illegal program to be written in the RAM outside the buffer area described above. However, the return address is rewritten so as to move to the head address of the area where the illegal instruction code is written.

In this way, the data sent by the hacker is executed as an unauthorized program, not just received data. This is the trick of the buffer overflow attack.
As described above, in a computer connected to the Internet network, it is difficult to completely prevent hacking via the Internet network even if a firewall is installed. In addition, as long as the LAN communicates with the same protocol as the Internet network, other computers (clients) connected to the same LAN may be further attacked using the computer that was attacked first as a stepping stone. There is even a risk that hacking propagates to all computers connected to the same LAN.

FIG. 12 is an explanatory diagram for explaining a data flow at the time of data transfer in a conventional general shared storage device.
The conventional common shared storage apparatus shown in the figure includes a controller 9a and a RAM 9c that is a buffer RAM (a specific configuration example of the controller 9a is shown in FIG. 3 to be described later). ).
In the case of this conventional general shared storage device, when data is transferred, data is once buffered in a buffer RAM (RAM 9c) installed as a pre-stage buffer of the hard disk device. If an illegal program is sent to the preceding buffer (RAM 9c) by a corresponding new attack means, there is a risk of buffer overflow.

In addition, this conventional general shared storage device can be constructed using a highly versatile computer 9b such as a personal computer without using the dedicated controller 9a. As in the case of, data is always buffered in the buffer RAM in the computer 9b. This leaves a new hacking risk corresponding to the buffer overflow described above.
In addition, when a prior art is retrospectively investigated from patent documents, first, a technology for safely receiving services on the Internet network from a private network is disclosed (see Patent Document 1). Incidentally, before the time point at which this patent document 1 was disclosed, the in-house LAN was divided into a public network connected to the Internet network and a private network not connected to the Internet, and both were connected by a router. By doing so, a technology has been known that increases the security of the private network against external intrusions. However, with this technology, on the other hand, various services on the Internet network can be freely received from the private network side. I couldn't.

On the other hand, in the technique disclosed in Patent Document 1 described above, a TCP / IP for a private network is connected by connecting the public network and the private network with a special router using interface means different from TCP / IP. A hacking attack using IP can be prevented. In addition, a computer on this private network can receive Internet services by remotely operating a computer on the public network connected to the Internet network via a router.
Furthermore, as another system, a system is disclosed that uses a disk array device to share information while ensuring mutual security between a plurality of networks (see, for example, Patent Document 2).
That is, in the system disclosed in Patent Document 2, the disk array apparatus is selectively connected to each network and controlled so as not to be simultaneously connected to a plurality of networks. Unique information is not leaked to other networks.

"JP 2000-354056 A" "JP 2001-16245 A" “Nikkei NETWORK, Nikkei BP, February 2001,“ Basics of Firewall ”, p75-85” "Nikkei NETWORK, Nikkei BP, May 2001," Study on cracking technique ", p43-59"

By the way, in the conventional network defense system and hacking prevention method described in the background art, as described above, even if a computer (server) connected to the Internet network has a firewall, hacking is completely performed. However, it is difficult to prevent.
Also, if you can't completely prevent hacking, limit hacking to just that computer and prevent propagation to other computers (clients, etc.) and other networks to minimize damage. However, in the conventional network defense system and hacking defense method, there is a problem that such a countermeasure is not taken into consideration.
Furthermore, if measures are taken such that the data of a computer that has been hacked and cannot be operated is immediately retrieved and processed by another computer, the actual damage can be further reduced. However, the conventional network defense system and hacking defense method have a problem that such measures are not taken into consideration at all.

The present invention has been made in view of the above-described conventional problems. The first object of the present invention is to make a computer connected to the Internet network intruded by a hacking attack and become inoperable due to the attack. It is an object of the present invention to provide a network defense system and a shared storage device that can prevent a situation in which hacking propagates to other computers.
A second object of the present invention is to provide a defense system and a shared storage device that can easily acquire data from the Internet from a computer connected to the Internet without being connected to the Internet.
A third object of the present invention is to make this computer inoperable from other computers not connected to the Internet network when the computer connected to the Internet network becomes inoperable due to attacks by hacking or viruses. It is an object of the present invention to provide a defense system and a shared storage device that can immediately retrieve and process data of a computer that has become.
A fourth object of the present invention is that a hacking attack in which a malicious program is sent to the shared storage apparatus according to the present invention by a new means equivalent to buffer overflow or buffer overflow is physically impossible in the future. It is an object of the present invention to provide a network defense system and a shared storage device.

  In order to achieve the above object, the invention according to claim 1 is characterized in that at least one computer communicably connected to a first communication line including at least an Internet network and second communication not including the Internet network. In a network defense system including a shared storage apparatus that can be commonly accessed from one or more computers communicably connected to a line, the shared storage apparatus communicates with the first and second communication lines. Means for enabling access from the plurality of computers by connection means having different interface protocols, a storage device that does not pass through a pre-stage buffer for buffering read / write data, and a storage medium installed in the storage device; A storage medium in the storage device for writing data from each of the computers Means for writing logically directly, characterized in that the read data to each of said plurality of computers and means for reading logically directly from a storage medium in the storage device.

The invention described in claim 2 is the network defense system according to claim 1, wherein the shared storage device accesses the storage medium in the storage device for each of the plurality of computers. An exclusive control means for exclusively controlling the right is provided.
According to a third aspect of the present invention, in the network defense system according to the second aspect, the exclusive control means includes information on a user who requests access to the shared storage device, and the type of access right requested. And an internal control information area for storing at least one of information for designating a storage area on the storage medium in the storage device.
Further, in the network defense system according to claim 3, the exclusive control means permits access to the storage medium in the storage device only to a user who has successfully accessed the control information area. It can also be configured to.

Further, in the network defense system according to claim 3, access means to the control information area may be installed in each of the plurality of computers.
According to a fourth aspect of the invention, there is provided the network defense system according to the third aspect, further comprising control information input means for inputting control information to be written in the control information area to each of the plurality of computers. It is characterized by.
Further, the invention according to claim 5 is the network defense system according to claim 3, wherein the information regarding the user who requests access to the shared storage device includes at least the identifier of the user and / or the user. It contains the identifier of the owning computer.
In the network defense system according to claim 3, it is assumed that the type of access right requested includes at least information indicating login / logout distinction.

Furthermore, in the network defense system according to claim 1, it is assumed that the type of the storage device that is a component of the shared storage device includes at least a hard disk device.
According to a sixth aspect of the present invention, at least one computer communicably connected to a first communication line including at least an Internet network and a second communication line not including the Internet network are communicably connected. In the shared storage device having a shared storage device that can be accessed in common from one or more computers that are connected, the first and second communication lines are connected to each other by means of connection means having different communication interface protocols. A storage device that does not pass through a preceding buffer for buffering read / write data, a storage medium installed in the storage device, and write data from each of the plurality of computers in the storage device Means for logically directly writing to the storage medium, and the plurality of computers Characterized by comprising a means for reading the read data to each logically directly from a storage medium in the storage device.

The invention according to claim 7 is the shared storage device according to claim 6, wherein each of the plurality of computers has exclusive rights to access the storage medium in the storage device. An exclusive control means for controlling is provided.
According to an eighth aspect of the present invention, in the shared storage device according to the seventh aspect, the exclusive control means includes information on a user who requests access, a type of requested access right, and information in the storage device. An internal control information area for storing at least one of information for designating a storage area on the storage medium is provided.
9. The shared storage device according to claim 8, wherein the exclusive control unit permits access to a storage medium in the storage device only to a user who has successfully accessed the control information area. It can also be configured.
The invention according to claim 9 is the shared storage apparatus according to claim 8, wherein the information related to the user who requests access includes at least an identifier of the user and / or an identifier of a computer owned by the user. It is included.

  According to the first aspect of the present invention, one or more computers communicably connected to a first communication line (including a LAN or the like) including at least an Internet network and the Internet network are included. In a network defense system including a shared storage device that can be accessed in common from one or more computers that are communicably connected to a second communication line (such as a LAN) that is not present, the shared storage device is the first storage device. And a second communication line, a means for enabling access from the plurality of computers by means of a connection means having a different communication interface protocol, a storage device that does not include a preceding buffer for buffering read / write data, and the storage device Storage medium and write data from each of the plurality of computers And a means for logically directly writing to a storage medium in the storage device and a means for logically directly reading the read data to each of the plurality of computers from the storage medium in the storage device. The shared storage device can have its own exclusive control function, and the plurality of computers connected to the shared storage device do not require special driver software, and can be safely connected between the plurality of computers. In addition, it is possible to provide a network defense system that enables free data exchange, is easy to install, and does not affect the reliability of the operating system that controls the plurality of computers.

  In addition, even when one of the computers connected to the Internet network is inoperable due to a hacking attack or has been deprived of control, the operation is performed from another computer not connected to the Internet network. It is necessary to pay attention to security because it is possible to immediately retrieve and process computer data that has been impossible or has been deprived of control, and to acquire data from the Internet without connecting to the Internet. Disappear. Moreover, the computer connected to the first communication line including the Internet network and the computer connected to the second communication line not including the Internet network are interfaces provided in the first and second communication lines. Since the connection storage means is connected to the shared storage device by a connection means that is completely different from the means, a hacking attack against the computer connected to the second communication line from at least the computer connected to the first communication line It is possible to provide a network defense system that makes it impossible.

According to the invention of claim 2, the shared storage device exclusively controls each of the plurality of computers the right to access the storage medium in the storage device. Network control means that each of the plurality of computers can share data on the storage medium in the storage device, and conversely can be occupied. A system can be provided.
According to the invention of claim 3, the exclusive control means includes information on a user who requests access to the shared storage device, the type of access right requested and the storage medium in the storage device. Since the internal control information area for storing at least one of the information for designating the upper storage area is provided, the storage medium in the storage device is exclusively controlled. In addition to the above-described effects, it is possible to provide a network defense system capable of confirming the user, determining the type of access right, determining the area on the storage medium, and the like.

Further, in the network defense system, when the exclusive control unit is configured to permit access to the storage medium in the storage device only for a user who has successfully accessed the control information area. Can simplify the control program for the shared storage device, and can provide a network defense system that does not require a large operating system to exclusively control the storage medium in the storage device.
Further, in the network defense system, when the access means to the control information area is configured to be installed in each of the plurality of computers, any of the plurality of computers can store the storage device in the storage device. A network defense system capable of accessing a storage medium can be provided.

According to the invention described in claim 4, since each of the plurality of computers is provided with control information input means for inputting control information to be written in the control information area, the plurality of computers Each of the users can provide a network defense system in which control information for accessing the storage medium in the storage device can be easily specified without creating a complicated control program.
According to the invention described in claim 5, the information relating to the user who requests access to the shared storage device includes at least the identifier of the user and / or the identifier of the computer owned by the user. Therefore, it is possible to provide a network defense system capable of authenticating a user who requests access to the storage medium in the storage device and authenticating a computer used by the user.

Further, in the network defense system, when the type of access right requested includes at least information indicating login / logout distinction, each of the users of the plurality of computers can store the storage device. It is possible to provide a network defense system capable of performing access specifying the login / logout distinction to the storage medium.
Further, in the network defense system, when the storage device that is a component of the shared storage device is configured to include at least a hard disk device, the capacity is low, the cost per bit is low, and the reliability is high. It is possible to provide a network defense system that can use a hard disk device with a high level as the storage device.

  According to the sixth aspect of the present invention, in order to achieve the above-described object, communication is connected to a first communication line (which may include a LAN or the like) including at least the Internet network. In the shared storage apparatus that can be accessed in common from one or more computers and one or more computers communicably connected to a second communication line (such as a LAN) that does not include the Internet network, Installed in the storage device that does not pass through the preceding buffer for buffering read / write data, means for enabling access from the plurality of computers by connection means having a communication interface protocol different from that of the second communication line A storage medium in the storage device and write data from each of the plurality of computers And a means for logically directly reading data read from each of the plurality of computers from a storage medium in the storage device, so that a unique exclusive control function is provided. And the plurality of computers do not require special driver software, enables safe and free data exchange between the plurality of computers, is easy to install, and is also easy to install. It is possible to provide a shared storage apparatus that does not affect the reliability of the operating system that controls the computer.

  Also, with this configuration, in particular, data from the Internet can be easily obtained from a computer connected to the Internet without being connected to the Internet, and therefore, the computer connected to the Internet network can be easily acquired. Even if one of them is inoperable or deprived of control rights due to a hacking attack, the inoperable or deprived control right of another computer not connected to the Internet network Data can be immediately retrieved and processed, and the computer connected to the first communication line including the Internet network and the computer connected to the second communication line not including the Internet network are: What are the interface means provided in the first and second communication lines? Since the connection storage device is connected to the shared storage apparatus by connection means having completely different interface protocols, at least a computer connected to the first communication line does not have a hacking attack against the computer connected to the second communication line. A shared storage device that can be provided can be provided.

According to the invention described in claim 7, there is provided an exclusive control means for exclusively controlling the right to access the storage medium in the storage device for each of the plurality of computers. Therefore, each of the plurality of computers can share data on the storage medium in the storage device, and conversely, a shared storage device that can be occupied is provided. it can.
According to the eighth aspect of the present invention, of the information about the user who requests access, the type of access right requested, and the information for designating the storage area on the storage medium in the storage device Since the internal control information area for storing at least one of them is provided, in addition to the effect obtained by controlling the storage medium in the storage device exclusively, user confirmation or In addition, it is possible to provide a shared storage apparatus that can determine the type of access right and the area on the storage medium.

Further, in the shared storage device, the exclusive control means is controlled so as to permit access to the storage medium in the storage device only to a user who has successfully accessed the control information area. In such a case, the control program for the shared storage device can be simplified, and a shared storage device that does not require a large operating system for exclusively controlling the storage medium in the storage device can be provided. .
According to the ninth aspect of the present invention, since at least the identifier of the user and / or the identifier of the computer owned by the user is included in the information about the user who requests access, the storage device It is possible to provide a shared storage device capable of authenticating a user who requests access to the storage medium in the computer and authenticating a computer used by the user.

When the shared storage device is configured to include at least information indicating the distinction between login / logout in the type of access right requested, each of the users of the plurality of computers can store the storage device. It is possible to provide a shared storage apparatus capable of performing access specifying the login / logout distinction with respect to the storage medium.
Further, in the shared storage device, when at least a hard disk device is included in the type of the storage device that is a component of the shared storage device, the capacity is high, the cost per bit is low, and the reliability is high. It is possible to provide a shared storage device that can use a hard disk device with a high storage capacity as the storage device.

The network defense system according to the present invention can easily obtain data from the Internet from a computer connected to the Internet without being connected to the Internet, and data of a computer that has become inoperable due to a hacking attack. The data is transferred between multiple computers connected to the network, while the other computers are immediately retrieved and processed, and the other computers are not at risk of being hacked. This is achieved by installing a shared storage device for enabling sharing of the data.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of a network defense system and a shared storage device according to the present invention will be described in detail below with reference to the drawings.

FIG. 1 is a configuration diagram showing the overall configuration of a network defense system according to an embodiment of the present invention.
In the figure, the network defense system of the present embodiment includes an Internet LAN 109 as a first communication line connected to the Internet network 108, a computer A110 communicably connected to the Internet LAN 109, and a second network. An intranet LAN 113 as a communication line, a computer B111 communicably connected to the intranet LAN 113 not including the Internet network, and a shared storage device for enabling data sharing between the computer A110 and the computer B111 100 (shared storage device according to the present embodiment).

The shared storage device 100 includes a CPU 104 connected to the system bus 101, a work area for programs, and a RAM (Random Access Memory) 105 for storing stack information, an internal table for control programs, and the like. The ROM (Read Only Memory) 106 for storing all the programs necessary for the operation of the shared storage device 100 including the exclusive control program, the hard disk 102 as a storage device for storing the shared data, and the hard disk 102 are connected. A hard disk interface device 103 and a computer interface device 107 connected to the computer A110 and the computer B111.
The computer A 110 is connected to the Internet LAN 109, and the Internet LAN 109 is connected to the Internet network 108. Further, the computer A 110 can communicate with the computer interface device 107 of the shared storage apparatus 100 via the connection means 112 having a computer interface which is a connection means having a communication interface protocol different from that of the Internet LAN 109 and the intranet LAN 113 ( Accessible). In general, a plurality of computers A110 may be provided.

The computer B111 is connected to the intranet LAN 113, and is connected to the computer interface device 107 via the connection means 112 having a computer interface having a different interface protocol as described above. In general, there may be a plurality of computers B111. The connection unit 112 can also use a wireless interface.
In the shared storage apparatus 100 according to the present embodiment shown in FIG. 1, the case where the hard disk 102 is a constituent element is shown. In general, in the present invention, in addition to the hard disk 102, a DVD-RAM / R / RW apparatus, A magneto-optical disk (MO) device and a CD-R / RW device can be used in the same manner.

Hereinafter, the operation of the network defense system according to the present embodiment will be described.
The computer interface device 107 has no communication interface protocol with the interface means for connecting to the LAN and the Internet network in order to prevent a hacking attack against the computer B 111 via the Internet network 108, the Internet LAN 109, and the computer A 110 sequentially. The computer A110 and the computer B111 are connected so as to be accessible by connection means 112 having a computer interface provided with different interface means. In the present invention, the RAM 105 is not used as a data transfer buffer.
The connection means 112 having a computer interface is an interface means (standard) for connecting the computer interface device 107 to the computer A110 and the computer B111, and is a standard for connecting to the LAN and the Internet network 108. IEEE1394 (also referred to as Fire Wire (trademark) and iLink (trademark)), USB (Universal serial Bus), SCSI (Small Computer System Interface), etc., which are completely different standards, are used.

  The computer A 110 receives data received from the Internet network 108 via the Internet LAN 109 and stores it in the hard disk 102 of the shared storage device 100 (this data is shown as data 114 in FIG. 1). At this time, in order to prevent the data 114 from being destroyed when the hard disk 102 of the shared storage device 100 is simultaneously operated from a plurality of computers, the exclusive control function ( Hereinafter, it is assumed that the hard disk 102 of the shared storage apparatus 100 is exclusively used by using “exclusive control function”. The hard disk 102 of the shared storage device 100 can be used by being divided into a plurality of volumes within the range of the functions of the OS (operating system) of the computer connected to the shared storage device 100. Since exclusive control in units of volumes is possible, as long as a plurality of computers using the shared storage apparatus 100 use different volumes in the hard disk 102, these different volumes can be operated simultaneously.

When the computer B111 retrieves the data 114 stored in the hard disk 102 of the shared storage device 100, like the computer A110, the computer B111 performs exclusive control on the volume storing the data 114 (exclusive control). means). This exclusive control means will be described in detail with reference to FIGS.
FIG. 2 is a block diagram showing the configuration of this embodiment when the controller unit, which is the main part of the shared storage device of the network defense system according to the embodiment of the present invention, is configured with a SCSI interface.
The controller unit, which is the main part of the shared storage apparatus 100 of the network defense system according to the present embodiment shown in the figure, includes an input / output interface 202 that controls the interface with the input / output apparatus, and a work SRAM 203 that functions as a work static RAM. And SCSI connectors 205 and 209 of the SCSI standard, SCSI protocol controllers 206 and 208 having a SCSI protocol, a DMA controller 207, and a DMA-bus 211 constituting a DMA bus.

FIG. 3 is a block diagram showing a configuration in the case where a controller unit, which is a main part of a general (conventional) storage device, is configured with a SCSI interface.
The difference in configuration between the controller unit that is the main part of the shared storage device of the network defense system according to the present embodiment shown in FIG. 2 and the controller unit that is the main part of the general storage device shown in FIG. There is only the presence or absence of SDRAM 210 (a kind of RAM). As can be seen from this difference, between SPC0 (208), which is an SPC (Scsi Protocol Controller) for controlling data transfer with the host computer, and SPC1 (206) for controlling data transfer with the hard disk (not shown). In general, when data is exchanged, as shown in FIG. 3, it passes through the SDRAM 210 as a buffer. However, the controller unit is a main part of the shared storage device of the network defense system according to the present embodiment shown in FIG. Then, this buffer is not used, and data is directly transferred between SPCs (between SPC0 and SPC1) via the DMA-bus 211.

The SCSI connector 209 shown in FIG. 2 is daisy chained (crossover connection using a cable) with the connecting means 112 having the computer interfaces of the computer A110 and the computer B111 shown in FIG. A SCSI interface hard disk is connected to the SCSI connector 205 shown in FIG.
In the embodiment of the controller unit shown in FIG. 2, the case where the SCSI interface is used as an interface unit between the computer A110 and the computer B111 and the shared storage device 100 has been described. However, the interface having the SCSI standard is used. Similarly to the above, the present invention can be similarly implemented by an interface provided with an IEEE 1394 (also referred to as Fire Wire (trademark), iLink (trademark)) standard, a fiber channel, or a USB (Universal Serial Bus) standard.

For example, the configuration in the case of using the IEEE 1394 standard can be realized with the same configuration as that in the case of the SCSI standard. Although the data is serial processing and device identification is performed without using a unique ID, it differs from the parallel processing SCSI standard, but basically the functions implemented at the interface level are the same. It is possible to carry out the same operation as long as hardware is prepared. That is, since the controller unit shown in FIG. 2 is configured by the SCSI standard, the controller unit can be implemented in the same manner as long as a controller unit is prepared by replacing the controller unit with the IEEE 1394 standard.
The configuration of the fiber channel can also be realized with the same configuration as that of the SCSI standard. Since Fiber Channel basically has the same functions implemented at the interface level, it can be implemented in the same way as long as hardware is prepared. That is, since the controller unit shown in FIG. 2 is configured according to the SCSI standard, it can be implemented in the same manner as long as a controller unit using this as a fiber channel is prepared.

The configuration of the USB standard can be realized with almost the same configuration as that of the SCSI standard. However, since the USB standard is based on a 1: 1 connection between a computer and a peripheral device, the portion corresponding to the SCSI connector 209 shown in FIG. be able to. In this way, the controller unit shown in FIG. 2 can be connected to the computer A 110 and the computer B 111 shown in FIG. 1, and access to the hard disk 102 (FIG. 1) from both computers can be exclusively controlled and shared. it can.
FIG. 4 is a sequence chart showing a communication procedure for performing exclusive control between the shared storage apparatus according to the embodiment of the present invention and a plurality of computers.
The shared storage device 100 shown in FIG. 1 cannot be accessed from the computer at all in the initial state when the power is turned on, and this login operation is performed by performing an operation called login from the computer A110 or the computer B111. It can be used from a computer.

First, the login (operation) shown in FIG. 4 is executed when the user inputs necessary items on the operation screen of the login program exemplified in FIG. 8 described later from the computer A110 or the computer B111. Hereinafter, this operation will be described.
FIG. 8 is an explanatory diagram showing an example of an operation screen of a login program from a host computer that accesses the shared storage apparatus according to the embodiment of the present invention.
Each user on each host computer side uses the login program operation screen (input screen) illustrated in FIG. 8 to determine the user ID assigned to him and the access type assigned to the volume he wishes to use. Enter the password (read only (RO password) or read / write (RW password)), select the volume you want to use, and then press the "Shared Login" or "Exclusive Login" button (Control Information Area) Control information input means). When the RW password is used, exclusive login is unconditionally performed, and thereafter, all login requests for the same volume from other computers are rejected.

When the RO password is used, only reading is possible, and all writing is rejected. In addition, when the user presses the “shared login” button using the RO password, the shared login using the RO password can be performed from another computer thereafter, and only reading is simultaneously performed by a plurality of computers. be able to. If the “exclusive login” button is pressed using the RO password, any login from another computer is refused thereafter.
FIG. 5 is an area map showing an example of the structure of the communication table (a) and the volume information table (b) having an exclusive control function installed in the shared storage apparatus according to the embodiment of the present invention.
By the above-described login operation, as shown in FIG. 4, a login request communication (login write) is performed from the computer that has executed the login operation to the shared storage device 100. At this time, the RAM 105 of the shared storage apparatus 100 stores the communication table (a) and the volume information table (with the exclusive control function shown in FIG. 5) in case the login operations are simultaneously performed from a plurality of computers. A control information area consisting of b) is provided, and this communication table (a) is exclusively used to store login operation information.

With this configuration, the plurality of computers repeatedly perform login write (retry) until the communication table (a) can be used via the above-described login program operation screen (FIG. 8). Thus, the right to execute login (success in login write) is given to any one computer that has successfully accessed the table having the exclusive control function.
Next, the computer that has acquired the right to execute this login checks and updates the corresponding volume information area of the volume information table (FIG. 5B) based on the information in this communication table, and as a result, shares The storage device 100 returns login OK / NG (write response).
If the login OK is returned, the volume designated from the computer can only be accessed according to the logged-in access type (read only or read / write) and the sharing mode (shared or exclusive). When a login NG is returned, all accesses to the specified volume are denied even if the computer has acquired the right to execute the login.

  On the other hand, the logout operation is performed in the same procedure as described above by specifying a volume from any computer via the above-mentioned login program operation screen (FIG. 8) and pressing the logout button, and the logout is correctly performed. In this case, thereafter, all accesses to the specified volume from the computer that has logged out are denied, and at the same time, the above-described login operation from the other computer to the volume becomes possible (the login operation is released). In this way, the data 114 in the hard disk 102 of the shared storage device 100 shown in FIG. 1 can be safely and freely accessed from a plurality of computers (here, computer A110 and computer B111).

FIG. 6 is a flowchart for explaining the operation of the initialization process when the power is turned on in the CPU of the shared storage apparatus according to the embodiment of the present invention.
Hereinafter, with reference to FIG. 1, the operation of the initialization process at the time of power-on in the CPU 104 of the shared storage apparatus 100 will be described using the flowchart shown in FIG.
First, initialization is performed including resetting the communication table lock flag of the communication table shown in FIG. 5A (step S101).
Next, the hard disk 102 (FIG. 1) is accessed to obtain volume information (step S102).
Next, based on the acquired volume information, a volume information table (FIG. 5B) is initialized, and all volumes are set in a logout state (step S103).

Next, a final wall ("Final Wall" is a trademark) file provided in the hard disk 102 and used as a data area for communication with a plurality of computers is searched (step S104), and the file exists in the root directory. It is verified whether or not (step S105). If the file exists in the root directory, the location information is set in the communication table (FIG. 5) (step S106), and then the initialization process at power-on is terminated. In this case, since the final wall file is created in the root directory thereafter, the exclusive control function is enabled in the shared storage device 100 shown in FIG.
If the file does not exist in the root directory, the process ends. In this case, thereafter, exclusive access control is not performed and all accesses from the host computer are accepted. In this case, it is assumed that the host computer side is connected and accessed at a stage where the login program by input using the login program operation screen shown in FIG. 8 is not yet incorporated.

FIG. 7 is a flowchart showing an operation when an access request is made from a plurality of computers to the shared storage apparatus according to the embodiment of the present invention.
Hereinafter, the operation of the CPU 104 when an access request is made to the shared storage apparatus 100 from the computer A110 or the computer B111 will be described with reference to FIGS.
First, referring to the communication table (FIG. 5), it is verified whether or not a final wall exists in the root directory (step S201). If a final wall file exists in the root directory, the process proceeds to step S202 where exclusive control is performed. If the final wall file does not exist in the root directory, it is determined that exclusive control is not performed, and the process proceeds to step S220.

In step S202, it is verified whether or not the login / logout request process is being performed. If the login / logout request is requested, the process proceeds to step S203, and if not, the process proceeds to step S216.
In step S203, it is verified whether or not the communication table used for the login / logout process is in use. If the communication table is already in use, the process proceeds to step S204. If the communication table is not used, Alternatively, if released from the in-use state, the process proceeds to step S206.
In step S204, it is verified whether or not the communication table is used by the own task (task as one of the control programs for controlling the CPU 104). If the own task is used, the process proceeds to step S207. If it is not the invoking task that uses the communication table, the process is delayed for several seconds (step S205), and then the process proceeds to step S203 to release the communication table. It is verified repeatedly.

In S206, a communication table lock flag is set and an occupation declaration is made, and the process proceeds to step S207.
In step S207, login / logout request information is set in the communication table. This is for recording information of the last login / logout.
Next, it is verified whether the request is a login request or a logout request (step S208). If the request is a login request, the process proceeds to step S209. If the request is a logout request, the process proceeds to step S222.
In step S209, the volume information table is compared with the login request, and it is verified whether or not login has already been performed by a request from another (that is, whether or not the volume of the login request can be logged in). If the requested volume can be logged in, the process proceeds to step S210, and if already logged in from another, the process proceeds to step S214.
In step S210, as a log-in process, a flag (sign) indicating that the log-in is being performed, the ID of the computer that has made the log-in request, and the log-in mode are stored in the corresponding volume area of the volume information table.

Next, in step S211, the type of the recording medium of the hard disk 102 (FIG. 1) of the shared storage device 100 as a block device is shown as a removable medium (removable recording medium), and the medium (recording medium) is exchanged. Is returned to the OS (operating system) of the computer that sent the login request, and the current read buffer (cache) is cleared and a data read request is set.
As a result of this processing, the data requested to be read can be newly read from the shared storage device 100, so that the data 114 on the hard disk 102 of the shared storage device 100 is transferred by another computer different from the computer currently logged in. Even if the data has been rewritten, the correct (latest) data 114 can be read. This function allows the hard disk 102 of the shared storage apparatus 100 to be connected to the plurality of computers simultaneously with the exclusive control function for preventing the situation where the hard disk 102 of the shared storage apparatus 100 is erroneously operated simultaneously from a plurality of computers to destroy data. This is an indispensable function for reading the latest data that is always shared.

Next, in step S212, a write completion write response (return information for the login request write) is set.
Next, by clearing the communication table lock flag, the communication table is released (step S213), and then the processing ends (in this case, the login is successful).
In step S214, since a login has already been made by another computer, a write response is set as a login error.
Next, by clearing the communication table lock flag, the communication table is released (step S215), and then the process ends (in this case, the process ends when the login fails).
In step S222, logout request processing is performed. First, the logout parameter is verified. If the logout parameter check is OK, the process proceeds to step S223, and if the logout parameter is NG, the process proceeds to step S225.

In step S223, the corresponding volume information table of the logout request is cleared and put into a logout state.
Next, a write response of logout completion (return information for the logout request write) is set (step S224), and the process proceeds to step S225.
In step S225, the communication table is cleared by clearing the communication table lock flag, and the logout process is terminated.
In step S216, it is verified whether or not the access request is an access to the final wall file. If the access request is an access to the final wall file, the access is permitted, and the process directly proceeds to step S220. This is a function that makes it possible to delete the final wall file without logging in, for example, when it is desired to access the system without the exclusive control function during maintenance. If the access is not to the final wall file, the process proceeds to step S217.

In step S217, it is verified whether or not the login has already been performed by the computer that transmitted the request. If the login has been performed, the process proceeds to step S218. If the login has not been performed, the process proceeds to step S221.
In step S218, it is verified that the access area is within the range of the volume. In step S219, the verification result is determined. If the access area is within the range of the volume, the process proceeds to step S220. Is not within the range of the volume, the process proceeds to step S221.
In step S220, a read or write process corresponding to the access request is performed, and the process ends (in this case, the process waits for the completion of access).
In step S221, an access rejection response code is set and the process ends (in this case, the access rejection ends).

FIG. 9 is an explanatory diagram for explaining a data flow at the time of data transfer in the shared storage apparatus according to the embodiment of the present invention.
As shown in the figure, in the case of the shared storage device 100 according to the present invention (a specific example of the controller 8a is shown in FIG. 2), since the preceding buffer (RAM) of the hard disk device does not exist, an illegal program is sent. However, there is no risk of buffer overflow.
Note that the shared storage apparatus 100 according to the present invention shown in FIG. 9 can be constructed using a highly versatile computer 8b such as a personal computer. Also in this case, the same data transfer technique as that of the interface unit of the shared storage apparatus 100 according to the present invention can be incorporated in the interface unit of the computer 8b.

FIG. 10 is a block configuration diagram showing a hardware configuration of the data transfer unit of the controller unit as an embodiment of the shared storage apparatus according to the embodiment of the present invention.
That is, FIG. 10 is a hardware block diagram of the data transfer portion of the controller of FIG. 2 constructed by SCS1.
By connecting two SPC (Sci Protocol Controller) by this hardware, that is, SPC0 and SPC1 directly with DMA-Data-Bus11a, and controlling both SPC DREQ (Data Request) and DACK (Data Acknowledge) signals. High-speed direct transfer is realized between SPCs that are not temporarily stored (buffered) in the RAM.

In FIG. 10, since the read / write signal for DMA (Direct Memory Access) control is connected to the PLD (Programmable Logic Device) in a separated state, one is a data source (transfer source) and the other is a data destination. Operate as (destination). However, in the embodiment of the present invention, the DMA data bus between the SPCs is coupled by a physical wiring on the substrate, and therefore is transferred in units of 2 bytes (Word).
In the above-described embodiment, there is a possibility that a file containing a virus may be downloaded from the computer A110 of FIG. 1 to the shared storage device 100. This is strictly checked for virus infection when the computer B111 uploads. You can get rid of it.

FIG. 11A shows a configuration of the data transfer unit of the controller unit as an embodiment of the shared storage apparatus according to the embodiment of the present invention, and FIG. It is explanatory drawing which shows contrast with the controller part of a shared storage apparatus by a block structure.
In FIG. 2 described above, the configuration of the shared storage controller unit as an example when the shared storage device of the network defense system according to the embodiment of the present invention is configured with the SCSI interface is shown in FIG. ) Is a block diagram showing a hardware configuration of a data transfer portion of the controller unit (FIG. 2) constructed by the SCSI.

With this hardware, two SPCs (Scsi Protocol Controllers), that is, SPC0 and SPC1, are directly connected by DMA-Data-Bus 11a as shown in FIG. 11A, and DREQ (Data Request) of both SPCs is connected. ), By controlling a DACK (Data Acknowledge) signal, high-speed direct transfer between the two SPCs is realized without temporarily storing (buffering) the RAM (SDRAM) as in the conventional example shown in FIG. doing.
Although not shown in the figure, a read / write signal terminal for DMA (Direct Memory Access) control is connected to a PLD (Programmable Logic Device) in a separated state, so that one of them is a data source (data transfer source). The other is used as a data destination (data transfer destination). However, in the embodiment of the present invention, the DMA data bus (DMA-Data-Bus 11a) between the two SPCs is coupled by a physical wiring on the substrate, so that the transfer is performed in units of 2 bytes (Word).

In this embodiment, there is a possibility that a file containing a virus may be downloaded from the computer A110 shown in FIG. 1 to the shared storage device 100 (finally, the hard disk 102). When the computer B111 uploads, it can be removed by strictly checking for virus infection.
A control program for executing the processing of the CPU 104 of the shared storage apparatus 100 according to the present invention by the procedure shown in the flowcharts of FIGS. 6 and 7 is a computer such as a semiconductor memory, a CD-ROM or a magnetic tape. It may be stored and distributed in a readable recording medium. A computer including at least a microcomputer, a personal computer, and a general-purpose computer may read the program from the recording medium and execute the program.

The present invention can be applied to a computer system and a network system installed in any organization such as a company, a public office, a local government, a hospital, a news agency, a broadcasting station, and a computer system owned by an individual.
In particular, in computer systems and network systems installed in organizations such as corporations, government offices, local governments, hospitals, news agencies, broadcasting stations, etc., by applying the present invention, even by hacking attacks from the Internet network, It is possible to avoid a risk that an intranet LAN, which is a private network, is attacked, and the information is destroyed or leaked.
In addition, the current Basic Resident Register network of local governments that are claimed to be secured by a firewall, even if a firewall is installed, has the risk of being hacked as described above. By constructing a new network system to which the present invention is applied, the safety against hacking can be dramatically improved, so that the privacy information of residents can be kept more strictly confidential.

It is a lineblock diagram showing the whole network defense system composition concerning an embodiment of the invention. It is a block diagram which shows the structure as one Embodiment at the time of comprising the controller part which is a principal part of the shared storage apparatus of the network defense system which concerns on embodiment of this invention by a SCSI interface. It is a block diagram which shows the structure at the time of comprising the controller part which is the principal part of a general storage apparatus with a SCSI interface. It is a sequence chart which shows the communication procedure for performing exclusive control between the shared storage apparatus which concerns on embodiment of this invention, and several computers. FIG. 5A shows a structure of a communication table having an exclusive control function installed in the shared storage apparatus according to the embodiment of the present invention, and FIG. 5B shows an area showing the structure of the volume information table. It is a map. It is a flowchart for demonstrating the operation | movement of the initialization process at the time of power activation in CPU of the shared storage apparatus which concerns on embodiment of this invention. 6 is a flowchart showing an operation when an access request is made from a plurality of computers to the shared storage apparatus according to the embodiment of the present invention. It is explanatory drawing which shows an example of the operation screen of the login program from the host computer which accesses the shared storage apparatus which concerns on embodiment of this invention. It is explanatory drawing explaining the data flow at the time of the data transfer of the shared storage apparatus which concerns on embodiment of this invention. It is a block block diagram which shows the structure of the data transfer part of the control part as an Example of the shared storage apparatus which concerns on embodiment of this invention. FIG. 11A shows the configuration of the data transfer unit of the controller unit as an embodiment of the shared storage apparatus according to the embodiment of the present invention, and FIG. 11B shows a conventional general shared storage. It is each explanatory drawing which shows contrast with the controller part of an apparatus with a block structure. It is explanatory drawing explaining the flow of the data at the time of the data transfer in the conventional common shared storage apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Shared storage apparatus 101 System bus 102 Hard disk 103 Hard disk interface apparatus 104 CPU
105 RAM
106 ROM
107 Computer interface device 108 Internet network 109 Internet LAN (first communication line)
112 Connection means having computer interface 113 Intranet LAN (second communication line)
201 CPU
202 I / O interface 203 Work SRAM (Static RAM for work)
205, 209 SCSI connector 206, 208 SCSI protocol controller 207 DMA controller 210 SDRAM (synchronous dynamic RAM)
211 DMA-bus (DMA bus)

Claims (9)

One or more computers communicably connected to a first communication line including at least the Internet network and one or more computers communicably connected to a second communication line not including the Internet network In a network defense system with a shared storage device that can be accessed by
Means for enabling the shared storage device to be accessed from the plurality of computers by connection means having a communication interface protocol different between the first and second communication lines;
A storage device that does not pass through a preceding buffer for buffering read / write data, and a storage medium installed in the storage device;
Means for logically directly writing write data from each of the plurality of computers to a storage medium in the storage device;
Means for logically directly reading data read to each of the plurality of computers from a storage medium in the storage device;
A network defense system characterized by comprising: The shared storage device includes an exclusive control unit that exclusively controls a right to access the storage medium in the storage device for each of the plurality of computers. The exclusive control means includes information on a user requesting access to the shared storage device, a type of access right requested, and information for designating a storage area on the storage medium in the storage device. 3. The network defense system according to claim 2, further comprising an internal control information area for storing at least one of them. 4. The network defense system according to claim 3, further comprising control information input means for inputting control information to be written in the control information area to each of the plurality of computers. 4. The network defense according to claim 3, wherein the information regarding the user who requests access to the shared storage device includes at least an identifier of the user and / or an identifier of a computer owned by the user. system. One or more computers communicably connected to a first communication line including at least the Internet network and one or more computers communicably connected to a second communication line not including the Internet network In a shared storage device comprising a shared storage device that can be accessed by
Means for enabling the first and second communication lines to be accessed from the plurality of computers by connection means having different communication interface protocols;
A storage device that does not pass through a preceding buffer for buffering read / write data, and a storage medium installed in the storage device;
Means for logically directly writing write data from each of the plurality of computers to a storage medium in the storage device;
Means for logically directly reading data read to each of the plurality of computers from a storage medium in the storage device;
A shared storage device comprising: 7. The shared storage apparatus according to claim 6, further comprising an exclusive control unit that exclusively controls a right to access the storage medium in the storage apparatus for each of the plurality of computers. The exclusive control means includes at least one of information on a user who requests access, a type of access right requested and information for designating a storage area on the storage medium in the storage device. 8. The shared storage device according to claim 7, further comprising an internal control information area for storing 9. The shared storage apparatus according to claim 8, wherein the information relating to the user who requests access includes at least an identifier of the user and / or an identifier of a computer owned by the user.