JP2014119789A - Function use control device, function use control method, and function use control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To operate a virtual machine within a range corresponding to a use purpose.SOLUTION: A function use control device comprises: a virtualization unit which virtualizes a physical machine to operate a virtual machine; a monitoring unit which monitors a predetermined operation state of the physical machine or the virtual machine; and use propriety control unit which controls use propriety for the virtual machine to use an external function of the virtual machine according to the predetermined operation state monitored by the monitoring unit.

Description

  The present invention relates to a technique for controlling use of an external function from a virtual machine.

  Research has been conducted on virtualization technology that virtualizes computer resources of a physical machine and operates the virtual machine. Such a virtual machine can use various devices (for example, a communication device, an input / output device, a storage device, etc.) of a physical machine that are external functions for the virtual machine. For example, Patent Document 1 describes a technique of using a network device included in a physical machine from such a virtual machine. Alternatively, a plurality of virtual machines can be activated and operated on the same physical machine, and communication can be performed between the virtual machines. In this case, the virtual machine is connected to another virtual machine operating on the same physical machine via a virtual local area network (LAN) that is an external function for the virtual machine.

JP 2012-93917 A

  However, when such a virtual machine uses an external function such as various devices of the physical machine or other virtual machines operating on the same physical machine, the use is performed in a range and a method in accordance with the use of the virtual machine. It is desirable that For example, if the physical machine is a portable terminal that can communicate via a mobile communication network, such as a smartphone, it will only operate on the physical machine if it cannot communicate with other terminals from the mobile communication network You may want to make communication between virtual machines. Alternatively, for example, when the authority of the virtual machine is taken over (rooting), it may be desired to prohibit the use of external functions.

  The present invention has been made in view of such a situation, and provides a function use control device, a function use control method, and a function use control program for operating a virtual machine in a range corresponding to an application.

  In order to solve the above-described problem, an aspect of the present invention includes a virtualization unit that virtualizes a physical machine and operates the virtual machine, a monitoring unit that monitors a predetermined operation state of the physical machine or the virtual machine, and a monitoring A function usage control apparatus comprising: a availability control unit that controls availability of an external function of a virtual machine by a virtual machine according to a predetermined operation situation monitored by the unit.

  In one embodiment of the present invention, the virtualization unit causes the first virtual machine and the second virtual machine to operate on the physical machine, and the first virtual machine has an external function with respect to the virtualization unit. The second virtual machine includes an external function usage request unit that outputs an external function usage request to the first virtual machine, and the availability control unit includes When the use request is output from the external function use request unit of the second virtual machine, it is determined whether or not the use request can be used, and the external function use control unit of the first virtual machine is determined to be usable by the use control unit In such a case, the usage request output from the external function usage request unit of the second virtual machine is output to the virtualization unit.

  Further, one aspect of the present invention includes a condition table storage unit that stores a condition table in which availability of an external function according to a predetermined operation situation is associated with each of a plurality of external functions, and the availability control unit Is characterized by controlling whether or not the external function can be used by the virtual machine based on the condition table.

  One embodiment of the present invention further includes a control table storage unit that stores a control table in which the availability of external functions is associated with each of a plurality of external functions, and the availability control unit is monitored by the monitoring unit. It is characterized in that the availability of an external function corresponding to a predetermined operation situation is read from the condition table, the control table is updated, and the availability of the external function is controlled based on the updated control table.

  One embodiment of the present invention further includes an order table storage unit that stores an order table indicating an application order of availability of external functions for each external function, and the availability control unit includes an application order indicated in the order table. Based on the above, whether to use an external function is controlled.

  According to another aspect of the present invention, the function usage control device virtualizes a physical machine and operates the virtual machine, a step of monitoring a predetermined operation status of the physical machine or the virtual machine, and a predetermined operation to be monitored And a step of controlling whether or not the external function of the virtual machine can be used by the virtual machine according to the situation.

  According to another aspect of the present invention, a step of virtualizing a physical machine and operating a virtual machine in a computer of the function use control device, a step of monitoring a predetermined operation status of the physical machine or the virtual machine, and a predetermined monitoring And a step of controlling whether or not the external function of the virtual machine can be used by the virtual machine according to the operation status of the function.

  As described above, according to the present invention, the function usage control device virtualizes a physical machine and operates the virtual machine, and a monitoring unit that monitors a predetermined operation status of the physical machine or the virtual machine, The availability control unit for controlling the availability of the external function of the virtual machine according to the predetermined operation status monitored by the monitoring unit is provided. It is possible to dynamically control and operate a virtual machine in a range according to the application.

It is a block diagram which shows the structure of the virtual machine control apparatus by one Embodiment of this invention. It is a figure which shows the example of data of the condition table by one Embodiment of this invention. It is a figure which shows the example of data of the control table by one Embodiment of this invention. It is a figure which shows the example of data of the order table by one Embodiment of this invention. It is a flowchart which shows the operation example of the virtual machine control apparatus by one Embodiment of this invention. It is a conceptual diagram which shows the Example of the virtual machine control apparatus by one Embodiment of this invention. It is a figure which shows the example of data of the condition table by one Embodiment of this invention. It is a figure which shows the example of data of the control table by one Embodiment of this invention. It is a 1st figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 2nd figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 3rd figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 4th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 5th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 6th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 7th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is an 8th figure explaining operation | movement of the smart phone by one Embodiment of this invention.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the configuration of the virtual machine control device 100 according to this embodiment. The virtual machine control device 100 is a computer device such as a PC (Personal computer), a tablet PC, or a smartphone, and is a physical machine. In the present embodiment, the virtual machine control device 100 will be described as a smartphone. The virtual machine control device 100 includes a device 110-1, a device 110-2, a device 110-3, a device 110-4,..., A virtualization unit 120, a management OS 130, a virtual machine 140-1, and a virtual machine. 140-2,... Is a function use control device that controls the use of external functions from the virtual machine 140-1, the virtual machine 140-2,.

  The device 110-1, the device 110-2, the device 110-3, the device 110-4,... Have the same configuration and will be described as the device 110 unless otherwise distinguished. The device 110 is a hardware device included in the virtual machine control apparatus 100 that is a physical machine, and includes, for example, a wireless LAN device, a communication device with a mobile communication network, an infrared communication device, an IC communication device, and an NFC (near field communication) device. An internal storage device, a memory device, a touch panel device, a microphone device, a camera device, a speaker device, a USB (Universal Serial Bus) device, and the like are conceivable.

The virtualization unit 120 is a hypervisor that virtualizes the hardware of the various devices 110 of the virtual machine control apparatus 100 that is a physical machine and operates the virtual machine on the virtualized hardware. In the present embodiment, the virtualization unit 120 displays a management OS 130 that is a first virtual machine, a virtual machine 140-1 that is a second virtual machine, a virtual machine 140-2,... On a physical machine. To work. The virtualization unit 120 includes a native device driver that is a device driver that operates various devices 110 in response to requests for using various devices from the management OS 130 that operates on the virtual machine control apparatus 100. In addition, the virtualization unit 120 controls a connection state of a virtual LAN that allows communication between a plurality of virtual machines 140 operating on the same virtual machine control apparatus 100.
The management OS 130 is one of the virtual machines that operate on the hardware virtualized by the virtualization unit 120, and has a function for managing other virtual machines.

  The virtual machine 140-1, the virtual machine 140-2,... Are virtual machines that operate on the hardware virtualized by the virtualization unit 120. Although two virtual machines are illustrated and described here, one or three or more virtual machines may operate in the virtualization unit 120. Since the virtual machine 140-1, the virtual machine 140-2,... Have the same configuration, they will be described as the virtual machine 140 unless otherwise distinguished. For example, the virtual machine 140 starts and executes various applications used by the user. Each of the virtual machine 140-1 and the virtual machine 140-2 includes an external function use request unit 141-1 and an external function use request unit 141-2. Since the external function use request unit 141-1 and the external function use request unit 141-2 have the same configuration, the external function use request unit 141 will be described unless otherwise distinguished.

  The external function use request unit 141 outputs a request for the virtual machine 140 to use the external function of the virtual machine 140. The external function of the virtual machine 140 is a virtual function for connecting to various devices 110 that are functional units external to the virtual machine 140 and other virtual machines 140 operating on the same virtual machine control apparatus 100. The term “LAN” means that an external function is used means that these functions are used. The external function use request unit 141 is a virtual device driver provided in the virtual machine. The external function use request output by the external function use request unit 141 includes, for example, a command (function call) for the virtual machine 140 to access a file to the storage device that is the device 110, other physical machines, and the like. Commands for communicating with the virtual machine 140 are included. Here, the external function use request unit 141 always outputs an external function use request to the external function use control unit 136 of the management OS 130 described later. That is, if it is determined that the use request for the external function output to the management OS 130 is not usable, the external function cannot be used from the virtual machine 140.

The management OS 130 includes a condition table storage unit 131, a control table storage unit 132, an order table storage unit 133, a monitoring unit 134, an availability control unit 135, and an external function usage control unit 136.
The condition table storage unit 131 stores a condition table in which availability of an external function corresponding to a predetermined operation situation is associated with each of a plurality of external functions. FIG. 2 is a diagram illustrating a data example of the condition table stored in the condition table storage unit 131. “Permitted” indicates that it can be used, and “No” indicates that it cannot be used. “-” Indicates that the external function is not controlled, and indicates that the availability of the corresponding external function is not changed even if the operation status changes. Here, for example, when mobile communication network communication is not possible (mobile communication network communication is not possible), it is indicated that the external functions of device A and device C can be used.

  The control table storage unit 132 stores a control table in which the availability of the external function is associated with each of the plurality of external functions. FIG. 3 is a diagram illustrating an example of control table data stored in the control table storage unit 132. Here, for example, device A is available, device B is unavailable (not), and device C is unavailable (not). Based on the information shown in such a control table, use of an external function from the virtual machine 140 is controlled by the availability control unit 135 described later.

  The order table storage unit 133 stores, for each external function, an order table indicating the application order of availability of the external function. The application order refers to the actual order of availability when the availability control unit 135 controls the use of external functions from the virtual machine 140 based on the control table stored in the control table storage unit 132. Information indicating whether to apply. When the information in the control table stored in the control table storage unit 132 is updated, it is only necessary to start the control after updating by reflecting all the updated information. It is difficult to reflect all updates. Therefore, the order of performing the control reflecting the update is defined, and the update is reflected along this order. Thereby, it is possible to prevent the virtual machine 140 from performing an unintended operation. FIG. 4 is a diagram illustrating an example of data in the order table stored in the order table storage unit 133. Here, it is shown that the application order of device A is 1, the application order of device B is 2, and the application order of device C is 3.

  Returning to FIG. 1, the monitoring unit 134 monitors a predetermined operation status of at least one of the virtual machine control device 100 that is a physical machine and the virtual machine 140. In the present embodiment, it is assumed that both predetermined operating conditions are monitored. The predetermined operation status is, for example, a state such as whether or not mobile communication network communication is possible, whether or not the virtual machine 140 has been routed. The rooting of the virtual machine 140 means enabling the system operation with the administrator authority to the virtual machine 140. The monitoring unit 134 detects such an operation state by monitoring each device 110 or the like. Whether or not the rooting has been performed is, for example, whether or not a SU command has been input, or SuperUser. It can be detected by whether or not apk is installed.

  The availability control unit 135 controls the availability of external functions by the virtual machine 140 according to a predetermined operation status monitored by the monitoring unit 134. Specifically, when a use request is output from the external function use request unit 141 of the virtual machine 140, the use availability control unit 135 determines whether the use request is available. Here, the availability control unit 135 controls the availability of external functions by the virtual machine 140 based on the condition table stored in the condition table storage unit 131. That is, the availability control unit 135 reads from the condition table whether or not the external function corresponding to the predetermined operation situation monitored by the monitoring unit 134 is read, and the control table stored in the control table storage unit 132 according to the read availability. Update. Further, the availability control unit 135 controls the availability of the external function based on the updated control table. To control availability, the usage request output from the external function usage requesting unit 141 is received, the control table is referenced, the availability of the external function according to the received usage request is determined, and if it is available, This means that an external function is used and control is performed so that the external function is not used if it cannot be used. Specifically, for example, when the external function is used, the use request is output as it is to the external function use control unit 136 described later, and when the external function is not used, the use request is output to the external function. An error is returned to the external function usage requesting unit 141 that is the output source of the usage request without outputting the usage control unit 136. In this way, the availability control unit 135 controls the connection between the external function usage request unit 141 of the virtual machine 140 and the external function usage control unit 136 of the management OS 130. Further, the availability control unit 135 controls availability of the external function based on the application order shown in the order table.

  The external function usage control unit 136 uses the external function in response to the external function usage request output from the external function usage request unit 141. The external function use control unit 136 is a virtual device driver provided in the management OS, and causes the virtual machine 140 to use the external function by outputting a use request for the external function to the virtualization unit 120. That is, all virtual machines 140 operating on the virtual machine control device 100 by the virtualization unit 120 access the virtual machine control device 100 of the virtual machine control device 100 unless the external function use control unit 136 of the management OS 130 is passed. It is configured so that it cannot. If the usage request output from the external function usage request unit 141 of the virtual machine 140 is determined to be usable by the availability control unit 135, the external function usage control unit 136 sends the usage request to the virtualization unit 120. Output. When it is determined by the availability control unit 135 that the usage is not possible, the usage request is not output to the virtualization unit 120.

  Next, an operation example of the virtual machine control device 100 according to the present embodiment will be described with reference to the drawings. FIG. 5 is a flowchart illustrating an operation example of the virtual machine control apparatus 100 according to the present embodiment. When the management OS 130, the virtual machine 140-1, and the virtual machine 140-2 are activated in the virtual machine control apparatus 100, the management OS 130 causes the virtual machine control apparatus 100 to start the virtual machine 140-1 and the virtual machine. The operation status with 140-2 is monitored (step S1).

  When the monitoring unit 134 detects a change in the operation status, the availability control unit 135 reads the availability of the external function according to the changed operation status from the condition table storage unit 131 and stores it in the control table storage unit 132. The existing control table is updated (step S2). The availability control unit 135 reads the order table stored in the order table storage unit 133, and applies the updated availability in the control table in the read order (step S3).

  As described above, according to the present embodiment, the availability of the external function for each of the plurality of virtual machines 140 can be dynamically changed and controlled according to the operation status. As a result, the virtual machine 140 operating on the virtual machine control device 100 can be restricted from using an external function that is not necessary for the virtual machine 140 or performing an unexpected behavior. As a result, the virtual machine 140 can be operated in a range corresponding to the application.

<Example>
Next, an example of the above-described virtual machine control apparatus 100 will be described. FIG. 6 is a conceptual diagram illustrating an example of the virtual machine control device 100 according to the present embodiment. Here, an example in which a management OS 230, a virtual machine 240-1, and a virtual machine 240-2 are operating on the hardware of a smartphone 200 to which the virtual machine control device 100 is applied will be described.

  In this embodiment, the virtual machine 240-1 operating on the smartphone 200 communicates with a server 300 connected via a network such as a mobile communication network, and uses a service provided by the server 300. An OS (user OS 1) that operates an application (AP), and has a function as a service use terminal that is a client for the server 300. The virtual machine 240-1 receives input of data to be transmitted to the server 300 such as a user ID and a password from the user, and performs processing such as transmitting the input data to the server 300. As the service use application, for example, an application for performing some kind of settlement can be applied. As described above, when the virtual machine 240-1 and the server 300 communicate with each other via the mobile communication network, it is considered that the case where communication is possible and the case where communication is impossible are frequently switched depending on the communication status. At this time, for example, after the user inputs information to the virtual machine 240-1, the communication status between the virtual machine 240-1 and the server 300 deteriorates and cannot be transmitted due to an error, and the user inputs the same information again. If it becomes, it will be troublesome for the user.

  Therefore, for such a case, the virtual machine 240-2, which is a pseudo server of the server 300, is caused to operate on the smartphone 200. When the management OS 230 detects that communication is impossible due to reasons such as being unable to receive radio waves from the mobile communication network, it disables the communication device with the mobile communication network and disables communication with the server 300. Instead, communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled. Then, the virtual machine 240-1 transmits information to be sent to the server 300 to the virtual machine 240-2. The virtual machine 240-2 stores information transmitted from the virtual machine 240-1. When the mobile communication network communication by the smartphone 200 is possible, the virtual machine 240-2 transmits the stored information to the server 300 instead of the virtual machine 240-1. In this way, the user can complete the input process regardless of the communication status.

  The management OS 230 corresponds to the management OS 130 of the virtual machine control device 100. The management OS 230 includes a policy 232, a monitoring function 234, a driver control function 235, an M-VDD (Management Virtual Device Driver) 236, a native device driver 237, and an external input IF (interface).

  The policy 232, the monitoring function 234, the driver control function 235, and the M-VDD 236 are transmitted from the condition table storage unit 131 provided in the virtual machine control device 100 to the order table storage unit 133, the monitoring unit 134, the availability control unit 135, and the external function usage control. Corresponds to the portion 136. The virtual machine 240-1 corresponds to the virtual machine 140-1. A U-VDD (User Virtual Device Driver) 241-1 included in the virtual machine 240-1 corresponds to the external function use request unit 141-1 included in the virtual machine 140-1. The U-VDD 241-1 is a driver group for using an external function such as an LCD, an external input IF, an SD access, an external NW, and an OS communication.

  Here, for example, if SD access from the virtual machine 240-1 is prohibited in the first place regardless of the operation status, the use of SD access can be prohibited and the virtual machine 240-1 can be started. Alternatively, the SD access driver may not be installed when the virtual machine 240-1 is activated. In the present embodiment, controlling the availability of the external function by the control at the time of starting the virtual machine 240-1 is referred to as static control. On the other hand, controlling the availability of an external function according to the operation status is called dynamic control. The virtual machine 240-2 corresponds to the virtual machine 140-2. The U-VDD 241-2 included in the virtual machine 240-2 corresponds to the external function use request unit 141-2 included in the virtual machine 140-2.

  FIG. 7 is a diagram illustrating a data example of the condition table in the present embodiment. Here, for each predetermined operation status of the external function to be monitored, a predetermined action for updating the control table according to the operation status is associated. For example, if the 3G network (mobile communication network) cannot communicate (if Disable), the control policy of device A is set to ON (1) (available) for both OS1 and OS2. Here, only an example of the operation status of a plurality of AND conditions is shown, but a predetermined action can be associated with the operation status of the OR condition.

  FIG. 8 is a diagram illustrating an example of data in the control table in the present embodiment. Here, each device that is an external function is associated with information indicating whether or not the device can be used. 0 indicates that it cannot be used. 1 indicates availability. Here, only 0 and 1 will be described, but a numerical value of 2 or more may be determined. For example, if it is 2, it is possible to use only communication with a specific communication destination in the communication function. Or if it is 3, for example, it can be considered that only a specific time zone can be used.

  FIG. 9 is a first diagram illustrating the operation of the smartphone 200 in the present embodiment. In the initial state, it is assumed that the external NW of the virtual machine 240-1 can be used and communication between OSs cannot be used. When the service use AP is activated in the virtual machine 240-1, the service use AP uses the external input IF 238 that is an external function via the U-VDD 241-1, the M-VDD 236, and the native device driver 237. The input data is received and acquired (step S11).

  FIG. 10 is a second diagram illustrating the operation of the smartphone 200 in the present embodiment. When predetermined processing is performed on the input data acquired by the service use AP in step S11, the service use AP transmits the input data to the server 300 as a destination via the U-VDD 241-1. At this time, the monitoring function 234 detects whether or not communication via the mobile communication network is possible (step S12).

  FIG. 11 is a third diagram illustrating the operation of the smartphone 200 in the present embodiment. When the monitoring function 234 determines in step S12 that communication via the mobile communication network is possible, the management OS 230 uses the M-VDD 236, the native device driver 237, and the input data transmitted from the service use AP in step S12. Is transmitted to the server 300 (step S13).

  FIG. 12 is a fourth diagram illustrating the operation of the smartphone 200 in the present embodiment. On the other hand, if the monitoring function 234 determines in step S 12 that communication via the mobile communication network is not possible, the driver control function 235 updates the control table based on the condition table stored in the policy 232. As a result, access from the external NW to the virtual machine 240-1 is disabled, and communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled (step S14).

  FIG. 13 is a fifth diagram illustrating the operation of the smartphone 200 in the present embodiment. When the communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled in step S14, the driver control function 235 receives the input data transmitted from the service use AP to the server 300 in step S12. The data is transmitted to the virtual machine 240-2 via the M-VDD 236. The pseudo server AP of the virtual machine 240-2 receives the transmitted input data and stores it in its own storage area (step S15).

  FIG. 14 is a sixth diagram illustrating the operation of the smartphone 200 in the present embodiment. The monitoring function 234 monitors the communication status of the smartphone 200 via the M-VDD 236. If communication using the mobile communication network is not possible, communication using the mobile communication network is disabled, and a state where communication between OSs is enabled is maintained (step S16).

  FIG. 15 is a seventh diagram illustrating the operation of the smartphone 200 in the present embodiment. When the monitoring function 234 detects that the mobile communication network is ready for communication, the pseudo server AP reads the input data stored in step S15, and transmits the input data via the M-VDD 236 and the native device driver 237. It transmits to the server 300 (step S17).

  FIG. 16 is an eighth diagram illustrating the operation of the smartphone 200 in the present embodiment. In step S 17, when the input data is transmitted to the server 300, the driver control function 235 updates the control table based on the condition table stored in the policy 232. As a result, access from the external NW to the virtual machine 240-1 is enabled, and communication between the virtual machine 240-1 and the virtual machine 240-2 is disabled (step S18).

  Moreover, as an example of the present embodiment, for example, it is preferable to use a smartphone as a dedicated terminal on which only a specific application operates. For example, when one terminal is used as a dedicated terminal for a certain application and is also used as a dedicated terminal for another application, each application is operated on a different virtual machine 140 to be configured in different domains. I can keep it. As a result, a virtual machine on which an application operates can be isolated and hidden from a virtual machine on which another application operates in the same terminal. At this time, when switching the use of the virtual machine (application), the external function to be used can be changed for each virtual machine.

  Further, according to the present embodiment, for example, when a virtual machine is rooted, all external functions from the virtual machine can be disabled. As a result, when a specific virtual machine is rooted on a physical machine on which a plurality of virtual machines are operating, it is possible to prevent information on other virtual machines from being read from the virtual machine. Further, for example, it is possible to prevent a program such as an OS stored in a USB memory or the like from being connected to the virtual machine control apparatus 100 and starting the OS in the USB memory.

The application order stored in the order table storage unit 133 is, for example, the case where the mobile communication network is disabled and the inter-OS communication is enabled, and the case where the mobile communication network is enabled and the inter-OS communication cannot be used. The order of application can also be reversed.
In addition, the condition table stored in the condition table storage unit 131 and the control table stored in the control table storage unit 132 may be applied to the entire plurality of virtual machines 140, or may be a table for each virtual machine 140. May be prepared and stored.
In this embodiment, the example in which the management OS 130 is activated on the virtualization unit 120 has been described. However, the virtualization unit 120 itself may include processing units similar to the units included in the management OS 130.

  Note that a program for realizing the function of the processing unit in the present invention is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by a computer system and executed to control the virtual machine. May be performed. Here, the “computer system” includes an OS and hardware such as peripheral devices. Further, the “computer system” may include a plurality of computer devices connected via a network including a communication line such as the Internet, WAN, LAN, and dedicated line. The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Furthermore, the “computer-readable recording medium” holds a program for a certain period of time, such as a volatile memory (RAM) inside a computer system that becomes a server or a client when the program is transmitted via a network. Including things. The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

  In addition, some or all of the functions described above may be realized as an integrated circuit such as an LSI (Large Scale Integration). Each function described above may be individually made into a processor, or a part or all of them may be integrated into a processor. Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. In addition, when an integrated circuit technology that replaces LSI appears due to the advancement of semiconductor technology, an integrated circuit based on the technology may be used.

100 Virtual Machine Control Device 110 Device 120 Virtualization Unit 130 Management OS
131 Condition table storage unit 132 Control table storage unit 133 Order table storage unit 134 Monitoring unit 135 Usability control unit 136 External function use control unit 140 Virtual machine 141 External function use request unit 200 Smartphone 232 Policy 234 Monitoring function 235 Driver control function 236 M-VDD
237 Native device driver 238 External input IF
241 U-VDD
300 servers

Claims (7)

A virtualization unit that virtualizes a physical machine and operates the virtual machine;
A monitoring unit that monitors a predetermined operation status of the physical machine or the virtual machine;
An availability control unit that controls availability of an external function of the virtual machine by the virtual machine according to the predetermined operation status monitored by the monitoring unit;
A function use control device comprising: The virtualization unit operates a first virtual machine and a second virtual machine on the physical machine,
The first virtual machine includes an external function use control unit that outputs a use request for the external function to the virtualization unit,
The second virtual machine includes an external function use request unit that outputs the use request for the external function to the first virtual machine,
When the use request is output from the external function use request unit of the second virtual machine, the use availability control unit determines whether the use request is available,
The external function use control unit of the first virtual machine, when the use permission control unit determines that the use is possible, the use request output from the external function use request unit of the second virtual machine, The function use control apparatus according to claim 1, wherein the function use control apparatus outputs the data to the virtualization unit. For each of the plurality of external functions, a condition table storage unit that stores a condition table in which the availability of the external function corresponding to the predetermined operation situation is associated is stored.
The function usage control apparatus according to claim 1, wherein the availability control unit controls availability of the external function by the virtual machine based on the condition table. For each of the plurality of external functions, a control table storage unit that stores a control table in which the availability of the external function is associated is provided,
The availability control unit reads the availability of the external function corresponding to the predetermined operation status monitored by the monitoring unit from the condition table, updates the control table, and based on the updated control table, The function usage control apparatus according to claim 3, wherein availability of an external function is controlled. For each of the external functions, an order table storage unit that stores an order table indicating the application order of the availability of the external function,
The function according to any one of claims 1 to 4, wherein the availability control unit controls the availability of the external function based on an application order indicated in the order table. Usage control device. Function usage control device
Virtualizing a physical machine and operating the virtual machine;
Monitoring a predetermined operation status by the physical machine or the virtual machine;
Controlling whether to use an external function of the virtual machine by the virtual machine according to the predetermined operation status to be monitored;
A function use control method comprising: In the computer of the function use control device,
Virtualizing a physical machine and operating the virtual machine;
Monitoring a predetermined operation status by the physical machine or the virtual machine;
Controlling whether to use an external function of the virtual machine by the virtual machine according to the predetermined operation status to be monitored;
A function usage control program that executes

Images