JP2013152743A - Device, security management method, security management program and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a device, a security management method, a security management program and a recording medium that can expand a function of a framework while properly maintaining security.SOLUTION: A device includes a framework in which at least a part of an interface is disclosed and is capable of executing an application program prepared on the basis of the framework. The device includes security management means for determining a security level imparted to the application program and limiting the use of the framework by the application program according to the security level and authority management means for managing information showing the authority of the use of the framework for each security level. The security management means limits the use of the framework on the basis of the authority management means.

Description

  The present invention relates to an apparatus, a security management method, a security management program, and a recording medium, and more particularly, an apparatus having a framework with at least a part of an interface open and capable of executing an application created based on the framework The present invention relates to a security management method, a security management program, and a recording medium.

  Since the Java (registered trademark) language does not have an enumerated type (enum type) as in the C / C ++ language, if you want to specify possible values of a variable in advance, use the definition shown in FIG. The enumeration type can be realized in a pseudo manner.

  FIG. 1 is a diagram for explaining a first method for realizing an enumeration type in the Java (registered trademark) language.

  FIG. 1 shows an example in which constants corresponding to enumerated values are declared by “final static int”. That is, in (A), constants (PLAIN, BOLD) representing the type of font are defined as follows.

public final static int PLAIN = 1;
public final static int BOLD = 2;
Thus, PLAIN and BOLD can be designated as the value of the second argument (fontStyle) on the call side of the createFont () method as shown in (B).

  However, the new type is not defined in the method of Fig. 1, and PLAIN, BOLD, etc. are treated as existing types (here, int type), so the second argument of the createFont () method is optional. Can be specified. Therefore, it is necessary to check the range of the second argument value in the createFont () method.

  If the type is the same as the defined constant, specify the constant (PLAIN, BOLD, etc.) for other arguments (for example, int type size, which is the third argument of the createFont () method). The compiler cannot detect the coding mistake and may cause an unexpected error at runtime.

  Therefore, in general, enumeration types are often realized by definitions as shown in FIG. FIG. 2 is a diagram for explaining a second method for realizing the enumeration type in the Java (registered trademark) language.

  FIG. 2 shows an example in which enumerated values are defined as class objects. That is, in (A), constants (PLAIN, BOLD) representing the font type are defined as instances of the FontStyle class as follows.

public final static int PLAIN = new FontStyle ();
public final static int BOLD = new FontStyle ();
As a result, the type of the second argument of the createFont () method as shown in (B) can be defined as the “FontStyle” type. Therefore, if a value other than the FontStyle type is specified as the second argument of the createFont () method, a compile error will occur, and an error during execution can be prevented. In the example of Fig. 2, the final modifier is added to the definition of the FontStyle class, so it is possible to prevent the subclass of the FontSytle class from being defined. Can be prevented. Therefore, it is guaranteed that the constant is within a predetermined range, and it is possible to eliminate the need to check the value range within the createFont () method.

  However, if the above class (class for realizing the enum type) is defined in the so-called framework, the FontStyle class cannot be subclassed to extend the enumeration values, so the FonsStyle class definition It must change itself. Therefore, the provider of the framework must provide not only the extended part but also the entire extended framework to the user of the framework. In some cases, the user of the framework However, there is a problem in that recompilation of an application built on the framework must be executed.

  In recent years, some image forming apparatuses such as copiers and multi-function peripherals have a framework mounted and an API (Application Program Interface) published. Some users of the image forming apparatus can add functions unique to the user by installing an application based on the API. Therefore, the above-described problem can occur in such an image forming apparatus as well.

  The present invention has been made in view of the above points, and it is an object of the present invention to provide an apparatus, a security management method, a security management program, and a recording medium that can expand the functions of the framework while appropriately maintaining security. And

  Accordingly, in order to solve the above-described problem, the present invention includes a framework having at least a part of an interface open to the public and capable of executing an application program created based on the framework, the application A security management means for determining a security level given to the program and restricting the use of the framework by the application program according to the security level; and information indicating an authority to use the framework for each security level. Authority management means for managing, and the security management means restricts the use of the framework based on the authority management means.

  In such an apparatus, the function of the framework can be expanded while maintaining security appropriately.

  In order to solve the above problems, the present invention may be a security management method in the above apparatus, a security management program for causing a computer to execute the security management method, or a recording medium on which the security management program is recorded.

  According to the present invention, it is possible to provide an apparatus, a security management method, a security management program, and a recording medium that can expand the functions of a framework while appropriately maintaining security.

It is a figure for demonstrating the 1st method for implement | achieving enumeration type in a Java (trademark) language. It is a figure for demonstrating the 2nd method for implement | achieving enumerated type in a Java (trademark) language. It is a figure showing the compound machine in an embodiment of the invention. It is a hardware block diagram of the compound machine in an embodiment of the invention. It is an external view of the compound machine in an embodiment of the invention. It is a figure showing an operation panel. It is a class diagram of a JSDK application and a JSDK platform. It is a figure for demonstrating the function of a security manager. It is a figure which shows the example of a definition of a security policy setting file. It is a figure for demonstrating operation | movement of the user application of level 1. FIG. It is a figure for demonstrating the implementation example of enumeration type in the JSDK platform in embodiment of this invention. It is a figure which shows the inheritance relationship of the class for defining enumeration value in embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 3 is a diagram showing the multi-function apparatus according to the embodiment of the present invention. The compound machine 101 shown in FIG. 3 includes various hardware 111, various software 112, and a compound machine starting unit 113.

  As the hardware 111 of the multi-function peripheral 101, there are an imaging unit 121, a printing unit 122, and other hardware 123. The imaging unit 121 is hardware for reading an image (image data) from a read original. The printing unit 122 is hardware for printing an image (image data) on printing paper.

  As the software 112 of the multi-function peripheral 101, there are various applications 131 and various platforms 132. These programs are executed in parallel on a process basis by an OS (Operating System) such as UNIX (registered trademark).

  The application 131 includes a copy application 141 that is a copy application, a printer application 142 that is a printer application, a scanner application 143 that is a scanner application, a facsimile application 144 that is a facsimile application, and a network file application. There is a network file application 145. Further, a web browser 181 that is web page browsing software, a web server software 182 that is web page distribution software, an SDK application service (SAS) that is software for controlling the CSDK application 146 and the JSDK application 147. 183 exists.

  The application 131 can be developed using a dedicated SDK (software development kit). An application 131 developed using the SDK is called an SDK application. As the dedicated SDK, “CSDK” for developing the application 131 in C language and “JSDK” for developing the application 131 in Java (registered trademark) language are provided. An application 131 developed using CSDK is called a “CSDK application”, and an application 131 developed using JSDK is called a “JSDK application”. The MFP 101 of FIG. 3 also has a CSDK application 146 and a JSDK application 147. 3 further includes a JSDK platform 148 as software 112 that mediates between the JSDK application 147 written in the Java (registered trademark) language and the other software 112 written in the C language. The JSDK platform 148 corresponds to a specific example of a framework in the embodiment of the present invention.

  The platform 132 includes various control services 151, a system resource manager 152, and various handlers 153. The control service 151 includes a network control service (NCS) 161, a facsimile control service (FCS) 162, a delivery control service (DCS) 163, an engine control service (ECS) 164, a memory control service (MCS) 165, and an operation panel control service. There are (OCS) 166, a certification control service (CCS) 167, a user directory control service (UCS) 168, and a system control service (SCS) 169. As the handler 153, there are a facsimile control unit handler (FCUH) 171 and an image memory handler (IMH) 172.

  The process of the NCS 161 mediates network communication. The FCS 162 process provides a facsimile API. The process of the DCS 163 performs control related to the distribution processing of the stored document. The process of the ECS 164 performs control related to the imaging unit 121 and the printing unit 122. The process of the MCS 165 controls the memory and hard disk drive. The process of the OCS 166 performs control related to the operation panel. The process of the CCS 167 performs control related to authentication processing and billing processing. The process of the UCS 168 performs control related to management of user information. The process of the SCS 169 performs control related to system management.

  A virtual application service (VAS) 135 exists as software 112 that mediates between the application 131 and the platform 132. The VAS 135 operates as a server process using the application 131 as a client, and also operates as a client process using the platform 132 as a server. The VAS 135 has a wrapping function that hides the platform 132 when viewed from the application 131, and plays a role of absorbing version differences associated with version upgrades of the platform 132.

  The MFP starter 113 is executed first when the MFP 101 is turned on. As a result, an OS such as UNIX (registered trademark) is activated, and the application 131 and the platform 132 are activated. These programs are stored in the hard disk drive or the memory card, and are reproduced from the hard disk drive or the memory card and activated in the memory.

  FIG. 4 is a hardware configuration diagram of the compound machine according to the embodiment of the present invention. The hardware 111 of the multi-function peripheral 101 includes a controller 201, an operation panel 202, a facsimile control unit (FCU) 203, an imaging unit 121, and a printing unit 122.

  The controller 201 includes a CPU 211, ASIC 212, NB221, SB222, MEM-P231, MEM-C232, HDD (hard disk drive) 233, memory card slot 234, NIC (network interface controller) 241, USB device 242, IEEE 1394 device 243, and Centronics device. 244.

  The CPU 211 is an IC for various information processing. The ASIC 212 is an IC for various image processing. The NB 221 is a north bridge of the controller 201. The SB 222 is a south bridge of the controller 201. The MEM-P 231 is a system memory of the multifunction machine 101. The MEM-C 232 is a local memory of the multifunction machine 101. The HDD 233 is a storage of the multifunction machine 101. The memory card slot 234 is a slot for setting the memory card 235. The NIC 241 is a controller for network communication using a MAC address. The USB device 242 is a device for providing a USB standard connection terminal. The IEEE 1394 device 243 is a device for providing a connection terminal of the IEEE 1394 standard. The Centronics device 244 is a device for providing a Centronics specification connection terminal.

  The operation panel 202 is hardware (operation unit) for an operator to input to the multifunction machine 101 and hardware (display unit) for the operator to obtain an output from the multifunction machine 101.

  FIG. 5 is an external view of the compound machine in the embodiment of the present invention. FIG. 5 illustrates the position of the imaging unit 121, the position of the printing unit 122, and the position of the operation panel 202. FIG. 5 further shows a document setting unit 301 that is a setting destination of a read document, a paper feeding unit 302 that is a printing paper feeding destination, and a paper discharge unit 303 that is a printing paper discharge destination. .

  As shown in FIG. 6, the operation panel 202 includes a touch panel 311, a numeric keypad 312, a start button 313, a reset button 314, a function key 315, and an initial setting button 316. The touch panel 311 is hardware (touch operation unit) for inputting by a touch operation and hardware (screen display unit) for obtaining an output by screen display. The numeric keypad 312 is hardware for inputting numbers by operating keys (buttons). The start button 313 is hardware for performing a start operation by a button operation. The reset button 314 is hardware for performing a reset operation by a button operation. The function key 315 is hardware for displaying an operation screen by the CSDK application 146 or the JSDK application 147 by a key (button) operation. The initial setting button 316 is hardware for displaying an initial setting screen by button operation.

  The document setting unit 301 includes an ADF (automatic document feeder) 321, a flat bed 322, and a flat bed cover 323. The paper feed unit 302 includes four paper feed trays. The paper discharge unit 303 includes a single paper discharge tray. A plurality of read originals can be set on the ADF 321 in an overlapping manner. On the flat bed 322, the read original is set downward.

(JSDK)
FIG. 7 is a class diagram of the JSDK application and the JSDK platform. The JSDK application 147 and the JSDK platform 148 are executed on the same process as one process as a whole. Each block in the JSDK application 147 and the JSDK platform 148 is executed in parallel (multithread) in units of threads as threads on one process. The JSDK application 147 and the JSDK platform 148 are collectively translated from source code to bytecode by a Java (registered trademark) compiler, and sequentially executed by a Java (registered trademark) virtual machine. The JSDK application 147 and the JSDK platform 148 are implemented based on the Personal Basis Profile of Java (registered trademark) 2 Micro Edition.

  As the JSDK application 147, there are a user application 701, a JSDK GUI Manager 711, a Task Bar Manager 712, and the like.

  The user application 701 is a JSDK application developed by a user (for example, a vendor) of the multi-function peripheral 101 using JSDK. The JSDK GUI Manager 711 is a JSDK application that displays an operation screen for other JSDK applications (such as the user application 701). The Task Bar Manager 712 is a JSDK application that displays a task bar that operates on another JSDK application (such as the user application 701).

  Here, the user application 701 is an Xlet that is a Java (registered trademark) application along with a stand-alone application and an applet. Here, the JSDK GUI Manager 711 and the Task Bar Manager 712 are Xlet (XletEx) with a unique extension.

  The JSDK platform 148, the JSDK Main721, a JSDK Environment722, the Locale Manager723, the Xlet Manager731, the Multi Xlet Manager732, a JSDK Manager733, and Send Manager741, and Event Manager742, the System Event Manager743, and Panel Manager744, Install Manager745 And a class such as Server / Client Manager 746 and Security Manager 747.

  The JSDK Main 721 is a class that performs startup setting of the JSDK system. JSDK Environment 722 is a class for setting the startup environment of the JSDK system. The Local Manager 723 is a class that performs internationalization (language specification).

  The Xlet Manager 731 is a class that manages the Xlet life cycle on a one-to-one basis. Here, the life cycle of five Xlets is managed by five Xlet Managers 731 on a one-to-one basis. The Multi Xlet Manager 732 is a class that manages the life cycle of all Xlet Managers 731. Here, the life cycles of five Xlet Managers 731 are all managed by one Multi Xlet Manager 732. The JSDK Manager 733 is a class that manages the life cycle of the entire JSDK system. For example, Multi Xlet Manager 732, Send Manager 741, Event Manager 742, System Event Manager 743, Panel Manager 744, Install Manager 745, Server / Client Manager 746, and Management 747's Life 47 management cycle.

  The System Event Manager 743 is a class that manages system events (power mode, etc.) from the platform 132 of FIG. Panel Manager 744 is a class that performs arbitration when one Xlet occupies the screen of the operation panel 202. Install Manager 745 is a class that manages installation and uninstallation from SDcard and Web.

  The JSDK system shown in FIG. 7 includes JSDK API 751 and JSDK API 752 as APIs. Note that the difference between Xlet and XletEx is that the JSDK API 751 can be used and the JSDK platform 148 can be accessed to access an object. Further, the MFP 101 shown in FIG. 3 includes a JSDK Session 753 and a Native JSDK Session 754 that serve as an interface between the C language and the Java (registered trademark) language as elements relating to the JSDK system shown in FIG. 3 further includes a Java (registered trademark) program for sequentially executing a Java (registered trademark) program translated from source code into bytecode by a Java (registered trademark) compiler as an element related to the JSDK system of FIG. There is a CVM (compact virtual machine) 755 which is a (registered trademark) virtual machine.

(Security Manager)
The Security Manager (security manager) 747 is a class that extends the Security Manager class originally provided by Java (registered trademark), and implements a security mechanism so that an unauthorized application is not executed on the JSDK platform 148. That is, the user application 701 is permitted to access the JSDK public class and the Java (registered trademark) standard class (hereinafter simply referred to as “standard class”) among various classes in the JSDK platform 148. The user application 701 makes an inquiry about access authority to the security manager 747.

  FIG. 8 is a diagram for explaining the function of the security manager. For example, when the user application 701 accesses the JSDK public class 148a in the JSDK platform 148 (S101), the JSDK private class 148b and the standard class 148c are called based on the JSDK public class 148a (S102, S103). In S101 to S103, for example, a constructor of a certain JSDK public class 148a is called by the user application 701, and constructors of the JSDK private class 148b and the standard class 148c as superclasses of the JSDK public class 148a are called in a chain. Such a case should be assumed. The JSDK public class refers to a class whose interface is disclosed, and the JSDK private class refers to a class whose interface is private.

  Subsequently, the standard class 148c inquires the security manager 747 about the authority of the user application 701 (S104). In response to the inquiry, the security manager 747 reads the security policy of the JSDK platform 148 from the Policy object, and determines the authority of the user application 701 (S105). The Policy object is used to read and hold a security policy from a file in which the security policy of the JSDK platform 148 is set in advance (hereinafter referred to as “security policy setting file”) when the JSDK platform 148 is started. It is an object (S106).

  If the security manager 148 determines that the user application 701 does not have access rights to the JSDK private class 148b, an exception is generated (S107). The exception is notified to the user application 701 through the standard class 148c, the JSDK private class 148b, and the JSDK public class 148a (S108, S109, S110).

  The security policy of the JSDK platform 148 in this embodiment is defined based on the security level. Here, the security level refers to information for classifying the authority of each user application 701, and has, for example, three levels. That is, in the security policy setting file, access authority for various resources of the multi-function peripheral 101 is set for each security level.

  FIG. 9 is a diagram illustrating a definition example of a security policy setting file. In FIG. 9, for the sake of convenience, a specific example of the contents of the access authority is not described. For example, the level 1 application can access all resources including the same authority as the JSDK platform 148 (including the private class 148b). The level 2 application is defined such that access to resources is restricted compared to level 1 and the level 3 application is further restricted to access resources.

  On the other hand, each user application 701 is assigned a security level in advance. Accordingly, in FIG. 8, the security manager 747 determines the authority of the user application 701 by comparing the security level of the user application 701 with the setting contents of the security level setting file.

  The security level may be assigned and changed by applying to the vendor of the multifunction machine 101, for example. By doing so, the authority of each user application 701 can be strictly managed by the vendor of the MFP 101. Also, the security level value for each user application 701 may be defined in a predetermined file, and the security manager 747 may make a determination based on the file, or the user application 701 may notify the security manager 747. It may be.

  For example, the operation of the user application 701 given level 1 is as shown in FIG. FIG. 10 is a diagram for explaining the operation of the level 1 user application.

  The level 1 user application 701 is permitted to access not only the JSDK public class 148a but also the JSDK private class 148b. Therefore, the standard class 148c is called (S203, S204) based on the call to either one (S201, S202). The standard class 148c makes an inquiry about the authority of the user application 701 to the security manager 747. The security manager 747 permits access to the private class 148b of the user application 701 by collating the security level (level 1) of the user application 701 with the setting contents of the security policy setting file.

(Enumeration)
Hereinafter, an example in which an enumeration type is realized in the Java (registered trademark) language in the JSDK platform 148 having the above-described mechanism will be described.

  FIG. 11 is a diagram for explaining an implementation example of the enumeration type in the JSDK platform according to the embodiment of the present invention.

  FIG. 11 shows an example in which enumerated values are defined as class objects. That is, the definition 800 shows a definition example of the FontStyle class that is pre-installed in the JSDK platform 148 as the class. As shown in the description 801, the final modifier is added to the definition of the FontStyle class. This prohibits inheritance of the FontStyle class. The FontStyle class inherits the CoreFont class. Here, the CoreFont class is a class defined as one of the JSDK private classes. Further, as shown in the description 804, the public modifier and the protected modifier are not added to the constructor of the FontStyle class. As a result, generation of an object of the FontStyle class is permitted only for the same package and subclass. Also, as shown in the description 805, the constructor of the parent class (here, the CoreFont class) is called in the constructor.

  In description 802 and description 803, PLAIN and BOLD, which are objects of the FontSytle class, are instantiated as enumerated values. The FontStyle class is implemented as a JSDK public class.

  By defining the FontStyle class as described above, if the enumeration value needs to be expanded (for example, if ITALIC needs to be added as a new enumeration value), the implementation shown in the definition 900 should be implemented. It can be done additionally as an optional library. Here, “additionally” means that there is no need to change the source code of the JSDK platform 148 (here, the definition of the FontStyle class). That is, the user who has distributed the option library can expand the enumeration value by installing the option library in the multi-function peripheral 101.

  In the definition 900, as shown in the description 901, the FontStyleSub class is defined as a subclass of the FontStyle class. Note that inheritance is also prohibited for the FontStyleSub class by adding a final modifier. By the way, although it has been described above that inheritance of the FontStyle class is prohibited, strictly speaking, inheritance of the FontStyle class is permitted within the same package. Therefore, it is possible to inherit the FontStyle class by making the FontStyleSub class the same package as the FontStyle class. In FIG. 11, since the package of the FontStyle class is “ja.co.rrr.function.font” as shown in the description 806, the package of the FontStyleSub class is also “ja.co.rrr.function.font” (description 905).

  Description 902 defines a new enumerated value ITALIC as an instance of the FontStyleSub class. However, since the FontStyleSub class is a subclass of the FontStyle class, ITALIC can handle it as the FontStyle type.

  As shown in the description 903, the constructor of the FontStyleSub class does not add the public modifier and the predicted modifier similarly to the FontStyle class. Also, as shown in the description 904, the constructor of the parent class (here, the FontStyle class) is called.

  The inheritance relationship of FIG. 11 is shown in a class diagram as shown in FIG. FIG. 12 is a diagram showing the inheritance relationship of classes for defining enumerated values in the embodiment of the present invention.

  As already described in FIG. 11, the FontStyle class 502 inherits the CoreFont class 501. Here, the CoreFont class is a JSDK private class, and access is not permitted unless the security level is an application of level 1. On the other hand, the FontStyle class 502 is a JSDK public class. The CoreFont class 501 and the FontStyle class 502 are classes that are pre-installed in the JSDK platform 148.

  When a new extension is necessary for the enumeration value representing the font type, the FontStyle class 502 is inherited and the FontStyleSub class 503 is defined. Here, in the user application 701, even if an attempt is made to define a user extension class 504 that inherits the FontStyleSub class 503 in the package “ja.co.rrr.function.font”, the security level of the level 1 is set for the user application 701. If is not given, the user extension class 504 cannot be used.

  That is, as described with reference to FIG. 8, when the user extension class 504 is to be instantiated, the constructors of the FontStyleSub class 503, the FontStyle class 502, and the CoreFont class 501 are called, and an inquiry from the CoreFont class 501 to the security manager 747 is made. The security manager 747 determines the authority (security level) of the user application 701. As a result, if the security level of the user application 701 is not level 1, the security manager 747 generates an exception. As a result, use of the user extension class 504 can be prohibited and unexpected expansion of enumerated values can be prevented.

  If the user extension class 504 is defined in a package different from the FontStyleSub class 503, inheritance in a different package is prohibited by the final qualifier in the definition of the FontStyleSub class 503, so that an exception is also generated by the security manager 747. It is done.

  In the above description, the example of enumeration value expansion has been described. However, the present invention is not limited to enumeration value expansion, and various function expansions such as subclassing a framework such as the JSDK platform 148 are performed. It is effective for ensuring security.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the specific embodiment which concerns, In the range of the summary of this invention described in the claim, various deformation | transformation * It can be changed.

DESCRIPTION OF SYMBOLS 101 Compound machine 111 Hardware 112 Software 113 Compound machine starting part 121 Imaging part 122 Printing part 123 Other hardware 131 Application 132 Platform 133 Application program interface 134 Engine interface 135 Virtual application service 141 Copy application 142 Printer application 143 Scanner application 144 Facsimile Application 145 Network file application 146 CSDK application 147 JSDK application 148 JSDK platform 151 Control service 152 System resource manager 153 Handler 161 Network control service 162 Facsimile control service 163 Delivery control service 164 Engine control service 165 Memory control service 166 Operation panel control service 167 Certification control service 168 User directory control service 169 System control service 171 Facsimile control unit handler 172 Image memory handler 181 Web browser 182 Web server software 183 SDK application service 201 Controller 202 Operation panel 203 Facsimile control unit 211 CPU
212 ASIC
221 NB
222 SB
231 MEM-P
232 MEM-C
233 HDD
234 Memory card slot 235 Memory card 241 NIC
242 USB device 243 IEEE 1394 device 244 Centronics device 301 Document setting unit 302 Paper feed unit 303 Paper discharge unit 311 Touch panel 312 Numeric keypad 313 Start button 314 Reset button 315 Function key 316 Initial setting button 321 ADF
322 Flatbed 323 Flatbed cover 501 CoreFont class 502 FontStyle class 503 FontStyleSub class 504 User extension class 711 JSDK GUI Manager
712 Task Bar Manager
721 JSDK Main
722 JSDK Environment
723 Local Manager
731 Xlet Manager
732 Multi Xlet Manager
733 JSDK Manager
741 Send Manager
742 Event Manager
743 System Event Manager
744 Panel Manager
745 Install Manager
746 Server / Client Manager
747 Security Manager
751 JSDK API
752 JSDK API
753 JSDK Session
754 Native JSDK Session
755 CVM

Therefore, in order to solve the above-mentioned problem, the present invention is an apparatus, and when the program accesses a first interface accessible by a specific program among the interfaces that can control the apparatus, Security management means for determining an access right given to the program and restricting access of the second interface by the program according to the access right, and the program to which the specific access right is given, Access to the first interface and the second interface is permitted .

Claims (10)

An apparatus having a framework in which at least a part of the interface is open and capable of executing an application program created based on the framework,
Security management means for determining a security level given to the application program and restricting the use of the framework by the application program according to the security level;
Authority management means for managing information indicating the authority to use the framework for each security level;
The security management means restricts the use of the framework based on the authority management means. The apparatus according to claim 1, wherein the security management unit restricts use of the framework according to the security level when an access is made to an interface that is not disclosed in the framework. . The framework is composed of a plurality of classes,
The said security management means restrict | limits the use of the said class by the said application program according to the said security level, when the said application program uses the subclass which inherited the said class. The device described. One of the plurality of classes is a class that defines an enumeration value;
When the application program uses a subclass that inherits a class that defines the enumeration value, the security management unit restricts use of the class that defines the enumeration value by the application program according to the security level. The apparatus of claim 3. A security management method in an apparatus that has a framework in which at least a part of an interface is open and that can execute an application program created based on the framework,
A security level determination procedure for determining a security level given to the application program;
Security management procedures for restricting the use of the framework by the application program according to the security level,
The security management method is characterized in that the use of the framework is restricted based on authority information indicating the authority to use the framework for each security level. 6. The security according to claim 5, wherein the security management procedure restricts the use of the framework according to the security level when an access occurs to an interface that is not disclosed in the framework. Management method. The framework is composed of a plurality of classes,
7. The security management procedure, when the application program uses a subclass that inherits the class, restricts use of the class by the application program according to the security level. The security management method described. One of the plurality of classes is a class that defines an enumeration value;
The security management procedure restricts the use of the class that defines the enumerated value by the application program according to the security level when the application program uses a subclass that inherits the class that defines the enumerated value. 8. The security management method according to claim 7, wherein: A security management program for causing a computer to execute the security management method according to claim 5. A computer-readable recording medium on which the security management program according to claim 9 is recorded.

Images