JP6043615B2 - Function use control device, function use control method, function use control program - Google Patents

Function use control device, function use control method, function use control program Download PDF

Info

Publication number
JP6043615B2
JP6043615B2 JP2012272213A JP2012272213A JP6043615B2 JP 6043615 B2 JP6043615 B2 JP 6043615B2 JP 2012272213 A JP2012272213 A JP 2012272213A JP 2012272213 A JP2012272213 A JP 2012272213A JP 6043615 B2 JP6043615 B2 JP 6043615B2
Authority
JP
Japan
Prior art keywords
virtual machine
external server
communication
external
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2012272213A
Other languages
Japanese (ja)
Other versions
JP2014119789A (en
Inventor
康雅 平井
康雅 平井
市原 尚久
尚久 市原
Original Assignee
株式会社エヌ・ティ・ティ・データ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社エヌ・ティ・ティ・データ filed Critical 株式会社エヌ・ティ・ティ・データ
Priority to JP2012272213A priority Critical patent/JP6043615B2/en
Publication of JP2014119789A publication Critical patent/JP2014119789A/en
Application granted granted Critical
Publication of JP6043615B2 publication Critical patent/JP6043615B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to a technique for controlling use of an external function from a virtual machine.

  Research has been conducted on virtualization technology that virtualizes computer resources of a physical machine and operates the virtual machine. Such a virtual machine can use various devices (for example, a communication device, an input / output device, a storage device, etc.) of a physical machine that are external functions for the virtual machine. For example, Patent Document 1 describes a technique of using a network device included in a physical machine from such a virtual machine. Alternatively, a plurality of virtual machines can be activated and operated on the same physical machine, and communication can be performed between the virtual machines. In this case, the virtual machine is connected to another virtual machine operating on the same physical machine via a virtual local area network (LAN) that is an external function for the virtual machine.

JP 2012-93917 A

  However, when such a virtual machine uses an external function such as various devices of the physical machine or other virtual machines operating on the same physical machine, the use is performed in a range and a method in accordance with the use of the virtual machine. It is desirable that For example, if the physical machine is a portable terminal that can communicate via a mobile communication network, such as a smartphone, it will only operate on the physical machine if it cannot communicate with other terminals from the mobile communication network You may want to make communication between virtual machines. Alternatively, for example, when the authority of the virtual machine is taken over (rooting), it may be desired to prohibit the use of external functions.

  The present invention has been made in view of such a situation, and provides a function use control device, a function use control method, and a function use control program for operating a virtual machine in a range corresponding to an application.

In order to solve the above-described problem, one embodiment of the present invention virtualizes a physical machine and operates a first virtual machine, a second virtual machine, and a third virtual machine on the physical machine. Each of the second virtual machine and the third virtual machine has an external function usage request unit that outputs a usage request to communicate with an external server to the first virtual machine. The first virtual machine receives a monitoring unit that determines a communicable state with the external server, and the external function use request unit of each of the second virtual machine and the third virtual machine. Upon receiving the usage request, the external function usage control unit that outputs a usage request to communicate with the external server to the virtualization unit, and the monitoring unit determine that communication with the external server is not possible The external server If communication with the second virtual machine is disabled and the monitoring unit determines that communication with the external server is possible, communication between the external server and the second virtual machine is possible. And the external function usage control unit, when communication between the external server and the second virtual machine is disabled, from the second virtual machine to the external The data to be transmitted to the server is transmitted to the third virtual machine, and the external function use request unit of the third virtual machine stores the data received from the external function use control unit in an internal storage area. When the communication between the external server and the second virtual machine is enabled, the function use control is characterized in that the data stored in the internal storage area is transmitted to the external server. Device.

Another embodiment of the present invention, for each of the plurality of external servers, the condition table storing unit which condition table whether communication with the external server is associated in accordance with the operating status of Jo Tokoro is stored wherein the availability control unit, based on the condition table, and controls the availability of communication with the external server and the second virtual machine and the third virtual machine (1 ) Is a function use control device .

Another embodiment of the present invention, for each of the plurality of the external server, a control table storage unit control table whether communication with the external server is associated is stored, the availability control unit , the monitoring unit updates the external server communication the control table whether reading from the condition table that corresponds to the predetermined operating condition to be monitored, of the external on the basis of the updated the control table The function use control device according to (2), which controls availability of communication with a server .

Another embodiment of the present invention, for each of the external server, with the order table storage unit order table showing the application order of whether communication with the external server is stored, the availability control unit, based on the application the order shown in the sequence table, in function usage control apparatus according to any one of controlling the availability of communication with the external server from wherein (1) up to (3) There is .

One embodiment of the present invention is a function usage control method using a computer, in which the virtualization unit virtualizes a physical machine to perform a first virtual machine, a second virtual machine, and a third virtual machine. Operating on the physical machine, an external function use request unit of the second virtual machine outputting a use request to communicate with an external server to the first virtual machine, and the third The external function use request unit of the virtual machine outputs a use request to communicate with an external server to the first virtual machine, and the monitoring unit of the first virtual machine communicates with the external server. A step of determining a possible state, and the external function use control unit of the first virtual machine receives the use request from the external function use request unit of each of the second virtual machine and the third virtual machine. Receiving And outputting a use request to communicate with the external server to the virtualization unit, and the availability control unit of the first virtual machine can communicate with the external server by the monitoring unit. If it is determined that the external server and the second virtual machine are not allowed to communicate with each other, the monitoring unit determines that communication with the external server is possible. And the step of enabling communication between the external server and the second virtual machine, and the external function use control unit of the first virtual machine disables communication between the external server and the second virtual machine. and if, and transmitting the data to be transmitted to the external server from the second virtual machine to the third virtual machine, wherein the external function utilization request of the third virtual machine, the external function utilization The data received from the control unit is stored in an internal storage area. When communication between the external server and the second virtual machine is enabled, the data stored in the internal storage area is stored in the internal storage area. And a step of transmitting to an external server.

According to one aspect of the present invention, a computer virtualizes a physical machine and causes the first virtual machine, the second virtual machine, and the third virtual machine to operate on the physical machine; The second virtual machine outputs a use request to communicate with an external server to the first virtual machine, and the third virtual machine sends a use request to communicate with an external server to the first virtual machine. Outputting to the virtual machine; determining a state in which communication with the external server is possible by the first virtual machine; and performing the second virtual machine and the third virtual machine by the first virtual machine. Receiving the use request from the virtual machine, outputting a use request for communicating with the external server, and when determining that communication with the external server is not possible, If the virtual machine disables communication between the external server and the second virtual machine and determines that communication with the external server is possible, the first virtual machine the method comprising the server and the communication between the second virtual machine as allowed by the first virtual machine, if the communication with the external server and the second virtual machine is not permitted, the first Transmitting the data transmitted from the second virtual machine to the external server to the third virtual machine, storing the received data in an internal storage area by the third virtual machine, and A function for executing a step of transmitting the data stored in the internal storage area to the external server when communication between the server and the second virtual machine is permitted Is a use control program.

  As described above, according to the present invention, the function usage control device virtualizes a physical machine and operates the virtual machine, and a monitoring unit that monitors a predetermined operation status of the physical machine or the virtual machine, The availability control unit for controlling the availability of the external function of the virtual machine according to the predetermined operation status monitored by the monitoring unit is provided. It is possible to dynamically control and operate a virtual machine in a range according to the application.

It is a block diagram which shows the structure of the virtual machine control apparatus by one Embodiment of this invention. It is a figure which shows the example of data of the condition table by one Embodiment of this invention. It is a figure which shows the example of data of the control table by one Embodiment of this invention. It is a figure which shows the example of data of the order table by one Embodiment of this invention. It is a flowchart which shows the operation example of the virtual machine control apparatus by one Embodiment of this invention. It is a conceptual diagram which shows the Example of the virtual machine control apparatus by one Embodiment of this invention. It is a figure which shows the example of data of the condition table by one Embodiment of this invention. It is a figure which shows the example of data of the control table by one Embodiment of this invention. It is a 1st figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 2nd figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 3rd figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 4th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 5th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 6th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is a 7th figure explaining operation | movement of the smart phone by one Embodiment of this invention. It is an 8th figure explaining operation | movement of the smart phone by one Embodiment of this invention.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the configuration of the virtual machine control device 100 according to this embodiment. The virtual machine control device 100 is a computer device such as a PC (Personal computer), a tablet PC, or a smartphone, and is a physical machine. In the present embodiment, the virtual machine control device 100 will be described as a smartphone. The virtual machine control device 100 includes a device 110-1, a device 110-2, a device 110-3, a device 110-4,..., A virtualization unit 120, a management OS 130, a virtual machine 140-1, and a virtual machine. 140-2,... Is a function use control device that controls the use of external functions from the virtual machine 140-1, the virtual machine 140-2,.

  The device 110-1, the device 110-2, the device 110-3, the device 110-4,... Have the same configuration and will be described as the device 110 unless otherwise distinguished. The device 110 is a hardware device included in the virtual machine control apparatus 100 that is a physical machine, and includes, for example, a wireless LAN device, a communication device with a mobile communication network, an infrared communication device, an IC communication device, and an NFC (near field communication) device. An internal storage device, a memory device, a touch panel device, a microphone device, a camera device, a speaker device, a USB (Universal Serial Bus) device, and the like are conceivable.

The virtualization unit 120 is a hypervisor that virtualizes the hardware of the various devices 110 of the virtual machine control apparatus 100 that is a physical machine and operates the virtual machine on the virtualized hardware. In the present embodiment, the virtualization unit 120 displays a management OS 130 that is a first virtual machine, a virtual machine 140-1 that is a second virtual machine, a virtual machine 140-2,... On a physical machine. To work. The virtualization unit 120 includes a native device driver that is a device driver that operates various devices 110 in response to requests for using various devices from the management OS 130 that operates on the virtual machine control apparatus 100. In addition, the virtualization unit 120 controls a connection state of a virtual LAN that allows communication between a plurality of virtual machines 140 operating on the same virtual machine control apparatus 100.
The management OS 130 is one of the virtual machines that operate on the hardware virtualized by the virtualization unit 120, and has a function for managing other virtual machines.

  The virtual machine 140-1, the virtual machine 140-2,... Are virtual machines that operate on the hardware virtualized by the virtualization unit 120. Although two virtual machines are illustrated and described here, one or three or more virtual machines may operate in the virtualization unit 120. Since the virtual machine 140-1, the virtual machine 140-2,... Have the same configuration, they will be described as the virtual machine 140 unless otherwise distinguished. For example, the virtual machine 140 starts and executes various applications used by the user. Each of the virtual machine 140-1 and the virtual machine 140-2 includes an external function use request unit 141-1 and an external function use request unit 141-2. Since the external function use request unit 141-1 and the external function use request unit 141-2 have the same configuration, the external function use request unit 141 will be described unless otherwise distinguished.

  The external function use request unit 141 outputs a request for the virtual machine 140 to use the external function of the virtual machine 140. The external function of the virtual machine 140 is a virtual function for connecting to various devices 110 that are functional units external to the virtual machine 140 and other virtual machines 140 operating on the same virtual machine control apparatus 100. The term “LAN” means that an external function is used means that these functions are used. The external function use request unit 141 is a virtual device driver provided in the virtual machine. The external function use request output by the external function use request unit 141 includes, for example, a command (function call) for the virtual machine 140 to access a file to the storage device that is the device 110, other physical machines, and the like. Commands for communicating with the virtual machine 140 are included. Here, the external function use request unit 141 always outputs an external function use request to the external function use control unit 136 of the management OS 130 described later. That is, if it is determined that the use request for the external function output to the management OS 130 is not usable, the external function cannot be used from the virtual machine 140.

The management OS 130 includes a condition table storage unit 131, a control table storage unit 132, an order table storage unit 133, a monitoring unit 134, an availability control unit 135, and an external function usage control unit 136.
The condition table storage unit 131 stores a condition table in which availability of an external function corresponding to a predetermined operation situation is associated with each of a plurality of external functions. FIG. 2 is a diagram illustrating a data example of the condition table stored in the condition table storage unit 131. “Permitted” indicates that it can be used, and “No” indicates that it cannot be used. “-” Indicates that the external function is not controlled, and indicates that the availability of the corresponding external function is not changed even if the operation status changes. Here, for example, when mobile communication network communication is not possible (mobile communication network communication is not possible), it is indicated that the external functions of device A and device C can be used.

  The control table storage unit 132 stores a control table in which the availability of the external function is associated with each of the plurality of external functions. FIG. 3 is a diagram illustrating an example of control table data stored in the control table storage unit 132. Here, for example, device A is available, device B is unavailable (not), and device C is unavailable (not). Based on the information shown in such a control table, use of an external function from the virtual machine 140 is controlled by the availability control unit 135 described later.

  The order table storage unit 133 stores, for each external function, an order table indicating the application order of availability of the external function. The application order refers to the actual order of availability when the availability control unit 135 controls the use of external functions from the virtual machine 140 based on the control table stored in the control table storage unit 132. Information indicating whether to apply. When the information in the control table stored in the control table storage unit 132 is updated, it is only necessary to start the control after updating by reflecting all the updated information. It is difficult to reflect all updates. Therefore, the order of performing the control reflecting the update is defined, and the update is reflected along this order. Thereby, it is possible to prevent the virtual machine 140 from performing an unintended operation. FIG. 4 is a diagram illustrating an example of data in the order table stored in the order table storage unit 133. Here, it is shown that the application order of device A is 1, the application order of device B is 2, and the application order of device C is 3.

  Returning to FIG. 1, the monitoring unit 134 monitors a predetermined operation status of at least one of the virtual machine control device 100 that is a physical machine and the virtual machine 140. In the present embodiment, it is assumed that both predetermined operating conditions are monitored. The predetermined operation status is, for example, a state such as whether or not mobile communication network communication is possible, whether or not the virtual machine 140 has been routed. The rooting of the virtual machine 140 means enabling the system operation with the administrator authority to the virtual machine 140. The monitoring unit 134 detects such an operation state by monitoring each device 110 or the like. Whether or not the rooting has been performed is, for example, whether or not a SU command has been input, or SuperUser. It can be detected by whether or not apk is installed.

  The availability control unit 135 controls the availability of external functions by the virtual machine 140 according to a predetermined operation status monitored by the monitoring unit 134. Specifically, when a use request is output from the external function use request unit 141 of the virtual machine 140, the use availability control unit 135 determines whether the use request is available. Here, the availability control unit 135 controls the availability of external functions by the virtual machine 140 based on the condition table stored in the condition table storage unit 131. That is, the availability control unit 135 reads from the condition table whether or not the external function corresponding to the predetermined operation situation monitored by the monitoring unit 134 is read, and the control table stored in the control table storage unit 132 according to the read availability. Update. Further, the availability control unit 135 controls the availability of the external function based on the updated control table. To control availability, the usage request output from the external function usage requesting unit 141 is received, the control table is referenced, the availability of the external function according to the received usage request is determined, and if available, This means that an external function is used and control is performed so that the external function is not used if it cannot be used. Specifically, for example, when the external function is used, the use request is output as it is to the external function use control unit 136 described later, and when the external function is not used, the use request is output to the external function. An error is returned to the external function usage requesting unit 141 that is the output source of the usage request without outputting the usage control unit 136. In this way, the availability control unit 135 controls the connection between the external function usage request unit 141 of the virtual machine 140 and the external function usage control unit 136 of the management OS 130. Further, the availability control unit 135 controls availability of the external function based on the application order shown in the order table.

  The external function usage control unit 136 uses the external function in response to the external function usage request output from the external function usage request unit 141. The external function use control unit 136 is a virtual device driver provided in the management OS, and causes the virtual machine 140 to use the external function by outputting a use request for the external function to the virtualization unit 120. That is, all virtual machines 140 operating on the virtual machine control device 100 by the virtualization unit 120 access the virtual machine control device 100 of the virtual machine control device 100 unless the external function use control unit 136 of the management OS 130 is passed. It is configured so that it cannot. If the usage request output from the external function usage request unit 141 of the virtual machine 140 is determined to be usable by the availability control unit 135, the external function usage control unit 136 sends the usage request to the virtualization unit 120. Output. When it is determined by the availability control unit 135 that the usage is not possible, the usage request is not output to the virtualization unit 120.

  Next, an operation example of the virtual machine control device 100 according to the present embodiment will be described with reference to the drawings. FIG. 5 is a flowchart illustrating an operation example of the virtual machine control apparatus 100 according to the present embodiment. When the management OS 130, the virtual machine 140-1, and the virtual machine 140-2 are activated in the virtual machine control apparatus 100, the management OS 130 causes the virtual machine control apparatus 100 to start the virtual machine 140-1 and the virtual machine. The operation status with 140-2 is monitored (step S1).

  When the monitoring unit 134 detects a change in the operation status, the availability control unit 135 reads the availability of the external function according to the changed operation status from the condition table storage unit 131 and stores it in the control table storage unit 132. The existing control table is updated (step S2). The availability control unit 135 reads the order table stored in the order table storage unit 133, and applies the updated availability in the control table in the read order (step S3).

  As described above, according to the present embodiment, the availability of the external function for each of the plurality of virtual machines 140 can be dynamically changed and controlled according to the operation status. As a result, the virtual machine 140 operating on the virtual machine control device 100 can be restricted from using an external function that is not necessary for the virtual machine 140 or performing an unexpected behavior. As a result, the virtual machine 140 can be operated in a range corresponding to the application.

<Example>
Next, an example of the above-described virtual machine control apparatus 100 will be described. FIG. 6 is a conceptual diagram illustrating an example of the virtual machine control device 100 according to the present embodiment. Here, an example in which a management OS 230, a virtual machine 240-1, and a virtual machine 240-2 are operating on the hardware of a smartphone 200 to which the virtual machine control device 100 is applied will be described.

  In this embodiment, the virtual machine 240-1 operating on the smartphone 200 communicates with a server 300 connected via a network such as a mobile communication network, and uses a service provided by the server 300. An OS (user OS 1) that operates an application (AP), and has a function as a service use terminal that is a client for the server 300. The virtual machine 240-1 receives input of data to be transmitted to the server 300 such as a user ID and a password from the user, and performs processing such as transmitting the input data to the server 300. As the service use application, for example, an application for performing some kind of settlement can be applied. As described above, when the virtual machine 240-1 and the server 300 communicate with each other via the mobile communication network, it is considered that the case where communication is possible and the case where communication is impossible are frequently switched depending on the communication status. At this time, for example, after the user inputs information to the virtual machine 240-1, the communication status between the virtual machine 240-1 and the server 300 deteriorates and cannot be transmitted due to an error, and the user inputs the same information again. If it becomes, it will be troublesome for the user.

  Therefore, for such a case, the virtual machine 240-2, which is a pseudo server of the server 300, is caused to operate on the smartphone 200. When the management OS 230 detects that communication is impossible due to reasons such as being unable to receive radio waves from the mobile communication network, it disables the communication device with the mobile communication network and disables communication with the server 300. Instead, communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled. Then, the virtual machine 240-1 transmits information to be sent to the server 300 to the virtual machine 240-2. The virtual machine 240-2 stores information transmitted from the virtual machine 240-1. When the mobile communication network communication by the smartphone 200 is possible, the virtual machine 240-2 transmits the stored information to the server 300 instead of the virtual machine 240-1. In this way, the user can complete the input process regardless of the communication status.

  The management OS 230 corresponds to the management OS 130 of the virtual machine control device 100. The management OS 230 includes a policy 232, a monitoring function 234, a driver control function 235, an M-VDD (Management Virtual Device Driver) 236, a native device driver 237, and an external input IF (interface).

  The policy 232, the monitoring function 234, the driver control function 235, and the M-VDD 236 are transmitted from the condition table storage unit 131 provided in the virtual machine control device 100 to the order table storage unit 133, the monitoring unit 134, the availability control unit 135, and the external function usage control. Corresponds to the portion 136. The virtual machine 240-1 corresponds to the virtual machine 140-1. A U-VDD (User Virtual Device Driver) 241-1 included in the virtual machine 240-1 corresponds to the external function use request unit 141-1 included in the virtual machine 140-1. The U-VDD 241-1 is a driver group for using an external function such as an LCD, an external input IF, an SD access, an external NW, and an OS communication.

  Here, for example, if SD access from the virtual machine 240-1 is prohibited in the first place regardless of the operation status, the use of SD access can be prohibited and the virtual machine 240-1 can be started. Alternatively, the SD access driver may not be installed when the virtual machine 240-1 is activated. In the present embodiment, controlling the availability of the external function by the control at the time of starting the virtual machine 240-1 is referred to as static control. On the other hand, controlling the availability of an external function according to the operation status is called dynamic control. The virtual machine 240-2 corresponds to the virtual machine 140-2. The U-VDD 241-2 included in the virtual machine 240-2 corresponds to the external function use request unit 141-2 included in the virtual machine 140-2.

  FIG. 7 is a diagram illustrating a data example of the condition table in the present embodiment. Here, for each predetermined operation status of the external function to be monitored, a predetermined action for updating the control table according to the operation status is associated. For example, if the 3G network (mobile communication network) cannot communicate (if Disable), the control policy of device A is set to ON (1) (available) for both OS1 and OS2. Here, only an example of the operation status of a plurality of AND conditions is shown, but a predetermined action can be associated with the operation status of the OR condition.

  FIG. 8 is a diagram illustrating an example of data in the control table in the present embodiment. Here, each device that is an external function is associated with information indicating whether or not the device can be used. 0 indicates that it cannot be used. 1 indicates availability. Here, only 0 and 1 will be described, but a numerical value of 2 or more may be determined. For example, if it is 2, it is possible to use only communication with a specific communication destination in the communication function. Or if it is 3, for example, it can be considered that only a specific time zone can be used.

  FIG. 9 is a first diagram illustrating the operation of the smartphone 200 in the present embodiment. In the initial state, it is assumed that the external NW of the virtual machine 240-1 can be used and communication between OSs cannot be used. When the service use AP is activated in the virtual machine 240-1, the service use AP uses the external input IF 238 that is an external function via the U-VDD 241-1, the M-VDD 236, and the native device driver 237. The input data is received and acquired (step S11).

  FIG. 10 is a second diagram illustrating the operation of the smartphone 200 in the present embodiment. When predetermined processing is performed on the input data acquired by the service use AP in step S11, the service use AP transmits the input data to the server 300 as a destination via the U-VDD 241-1. At this time, the monitoring function 234 detects whether or not communication via the mobile communication network is possible (step S12).

  FIG. 11 is a third diagram illustrating the operation of the smartphone 200 in the present embodiment. When the monitoring function 234 determines in step S12 that communication via the mobile communication network is possible, the management OS 230 uses the M-VDD 236, the native device driver 237, and the input data transmitted from the service use AP in step S12. Is transmitted to the server 300 (step S13).

  FIG. 12 is a fourth diagram illustrating the operation of the smartphone 200 in the present embodiment. On the other hand, if the monitoring function 234 determines in step S 12 that communication via the mobile communication network is not possible, the driver control function 235 updates the control table based on the condition table stored in the policy 232. As a result, access from the external NW to the virtual machine 240-1 is disabled, and communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled (step S14).

  FIG. 13 is a fifth diagram illustrating the operation of the smartphone 200 in the present embodiment. When the communication between the virtual machine 240-1 and the virtual machine 240-2 is enabled in step S14, the driver control function 235 receives the input data transmitted from the service use AP to the server 300 in step S12. The data is transmitted to the virtual machine 240-2 via the M-VDD 236. The pseudo server AP of the virtual machine 240-2 receives the transmitted input data and stores it in its own storage area (step S15).

  FIG. 14 is a sixth diagram illustrating the operation of the smartphone 200 in the present embodiment. The monitoring function 234 monitors the communication status of the smartphone 200 via the M-VDD 236. If communication using the mobile communication network is not possible, communication using the mobile communication network is disabled, and a state where communication between OSs is enabled is maintained (step S16).

  FIG. 15 is a seventh diagram illustrating the operation of the smartphone 200 in the present embodiment. When the monitoring function 234 detects that the mobile communication network is ready for communication, the pseudo server AP reads the input data stored in step S15, and transmits the input data via the M-VDD 236 and the native device driver 237. It transmits to the server 300 (step S17).

  FIG. 16 is an eighth diagram illustrating the operation of the smartphone 200 in the present embodiment. In step S 17, when the input data is transmitted to the server 300, the driver control function 235 updates the control table based on the condition table stored in the policy 232. As a result, access from the external NW to the virtual machine 240-1 is enabled, and communication between the virtual machine 240-1 and the virtual machine 240-2 is disabled (step S18).

  Moreover, as an example of the present embodiment, for example, it is preferable to use a smartphone as a dedicated terminal on which only a specific application operates. For example, when one terminal is used as a dedicated terminal for a certain application and is also used as a dedicated terminal for another application, each application is operated on a different virtual machine 140 to be configured in different domains. I can keep it. As a result, a virtual machine on which an application operates can be isolated and hidden from a virtual machine on which another application operates in the same terminal. At this time, when switching the use of the virtual machine (application), the external function to be used can be changed for each virtual machine.

  Further, according to the present embodiment, for example, when a virtual machine is rooted, all external functions from the virtual machine can be disabled. As a result, when a specific virtual machine is rooted on a physical machine on which a plurality of virtual machines are operating, it is possible to prevent information on other virtual machines from being read from the virtual machine. Further, for example, it is possible to prevent a program such as an OS stored in a USB memory or the like from being connected to the virtual machine control apparatus 100 and starting the OS in the USB memory.

The application order stored in the order table storage unit 133 is, for example, the case where the mobile communication network is disabled and the inter-OS communication is enabled, and the case where the mobile communication network is enabled and the inter-OS communication cannot be used. The order of application can also be reversed.
In addition, the condition table stored in the condition table storage unit 131 and the control table stored in the control table storage unit 132 may be applied to the entire plurality of virtual machines 140, or may be a table for each virtual machine 140. May be prepared and stored.
In this embodiment, the example in which the management OS 130 is activated on the virtualization unit 120 has been described. However, the virtualization unit 120 itself may include processing units similar to the units included in the management OS 130.

  Note that a program for realizing the function of the processing unit in the present invention is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by a computer system and executed to control the virtual machine. May be performed. Here, the “computer system” includes an OS and hardware such as peripheral devices. The “computer system” may include a plurality of computer devices connected via a network including a communication line such as the Internet, WAN, LAN, and dedicated line. The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Furthermore, the “computer-readable recording medium” holds a program for a certain period of time, such as a volatile memory (RAM) inside a computer system that becomes a server or a client when the program is transmitted via a network. Including things. The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.

  In addition, some or all of the functions described above may be realized as an integrated circuit such as an LSI (Large Scale Integration). Each function described above may be individually made into a processor, or a part or all of them may be integrated into a processor. Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. In addition, when an integrated circuit technology that replaces LSI appears due to the advancement of semiconductor technology, an integrated circuit based on the technology may be used.

100 Virtual Machine Control Device 110 Device 120 Virtualization Unit 130 Management OS
131 Condition table storage unit 132 Control table storage unit 133 Order table storage unit 134 Monitoring unit 135 Usability control unit 136 External function use control unit 140 Virtual machine 141 External function use request unit 200 Smartphone 232 Policy 234 Monitoring function 235 Driver control function 236 M-VDD
237 Native device driver 238 External input IF
241 U-VDD
300 servers

Claims (6)

  1. A virtualization unit that virtualizes the physical machine and operates the first virtual machine, the second virtual machine, and the third virtual machine on the physical machine;
    Each of the second virtual machine and the third virtual machine is
    An external function use request unit that outputs a use request to communicate with an external server to the first virtual machine;
    The first virtual machine is
    A monitoring unit for determining a communicable state with the external server;
    In response to the use request from the external function use request unit of each of the second virtual machine and the third virtual machine, a use request for communicating with the external server is output to the virtualization unit. An external function use control unit;
    If the monitoring unit determines that communication with the external server is not possible, communication between the external server and the second virtual machine is disabled, and the monitoring unit communicates with the external server. An availability control unit that allows communication between the external server and the second virtual machine,
    The external function use controller is
    When communication between the external server and the second virtual machine is disabled, data to be transmitted from the second virtual machine to the external server is transmitted to the third virtual machine,
    The external function use request unit of the third virtual machine is
    Data received from the external function usage control unit is stored in an internal storage area, and when communication between the external server and the second virtual machine is enabled, the data is stored in the internal storage area. The function use control device, wherein the data is transmitted to the external server.
  2. For each of the plurality of external servers, a condition table storage unit that stores a condition table associated with whether or not communication with the external server according to a predetermined operation situation is associated,
    The said availability control part controls the availability of communication with the said external server, the said 2nd virtual machine, and the said 3rd virtual machine based on the said condition table. Function utilization control device.
  3. For each of the plurality of external servers, a control table storage unit that stores a control table associated with whether or not communication with the external server is possible is provided.
    The availability control unit reads the availability of communication with the external server corresponding to the predetermined operation status monitored by the monitoring unit from the condition table, updates the control table, and updates the updated control table. The function use control device according to claim 2, wherein whether or not communication with the external server is possible is controlled based on.
  4. For each of the external servers, an order table storage unit that stores an order table that indicates the application order of the availability of communication with the external server,
    The availability control unit controls availability of communication with the external server based on an application order indicated in the order table. 4. The function use control device described.
  5. A function usage control method by a computer,
    A virtualization unit virtualizing a physical machine and operating a first virtual machine, a second virtual machine, and a third virtual machine on the physical machine;
    The external function use request unit of the second virtual machine outputting a use request to communicate with an external server to the first virtual machine;
    An external function use request unit of the third virtual machine outputting a use request for communicating with an external server to the first virtual machine;
    A step in which the monitoring unit of the first virtual machine determines whether or not communication with the external server is possible;
    The external function use control unit of the first virtual machine receives the use request from the external function use request unit of each of the second virtual machine and the third virtual machine, and sends it to the virtualization unit. Outputting a usage request to communicate with the external server,
    When the availability control unit of the first virtual machine determines that communication with the external server is not possible by the monitoring unit, communication between the external server and the second virtual machine is disabled. Allowing the communication between the external server and the second virtual machine when the monitoring unit determines that communication with the external server is possible;
    When the communication between the external server and the second virtual machine is disabled, the external function use control unit of the first virtual machine transmits the second virtual machine to the external server. Sending data to the third virtual machine;
    The external function use request unit of the third virtual machine stores the data received from the external function use control unit in an internal storage area, and communication between the external server and the second virtual machine is possible. If it is, the step of transmitting the data stored in the internal storage area to the external server;
    A function use control method comprising:
  6. On the computer,
    Virtualizing a physical machine and operating a first virtual machine, a second virtual machine, and a third virtual machine on the physical machine;
    Outputting a usage request to communicate with an external server by the second virtual machine to the first virtual machine;
    Outputting a usage request to communicate with an external server to the first virtual machine by the third virtual machine;
    Determining a communicable state with the external server by the first virtual machine;
    Receiving the usage request from the second virtual machine and the third virtual machine by the first virtual machine and outputting a usage request to communicate with the external server;
    If it is determined that communication with the external server is not possible, communication between the external server and the second virtual machine is disabled by the first virtual machine, and communication with the external server is disabled. If it is determined that it is possible, the first virtual machine allows communication between the external server and the second virtual machine;
    When the communication between the external server and the second virtual machine is disabled by the first virtual machine, data to be transmitted from the second virtual machine to the external server is transmitted to the third virtual machine. Sending to the machine;
    The received data is stored in an internal storage area by the third virtual machine, and if communication between the external server and the second virtual machine is enabled, the received data is stored in the internal storage area. Transmitting the data to the external server;
    Function usage control program for executing
JP2012272213A 2012-12-13 2012-12-13 Function use control device, function use control method, function use control program Active JP6043615B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012272213A JP6043615B2 (en) 2012-12-13 2012-12-13 Function use control device, function use control method, function use control program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2012272213A JP6043615B2 (en) 2012-12-13 2012-12-13 Function use control device, function use control method, function use control program

Publications (2)

Publication Number Publication Date
JP2014119789A JP2014119789A (en) 2014-06-30
JP6043615B2 true JP6043615B2 (en) 2016-12-14

Family

ID=51174606

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2012272213A Active JP6043615B2 (en) 2012-12-13 2012-12-13 Function use control device, function use control method, function use control program

Country Status (1)

Country Link
JP (1) JP6043615B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6623656B2 (en) * 2015-10-02 2019-12-25 富士通株式会社 Communication control device, communication control method, and communication control program

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07225694A (en) * 1994-02-09 1995-08-22 Hitachi Ltd Virtual computer system
JP4735331B2 (en) * 2006-03-01 2011-07-27 日本電気株式会社 Information processing apparatus and information processing system using virtual machine, and access control method
KR101624868B1 (en) * 2008-08-06 2016-06-07 삼성전자주식회사 Method for controlling of virtualization apparatus and virtualization apparatus
JP5477047B2 (en) * 2010-02-25 2014-04-23 富士通株式会社 Information processing apparatus, virtual machine connection method, program, and recording medium

Also Published As

Publication number Publication date
JP2014119789A (en) 2014-06-30

Similar Documents

Publication Publication Date Title
JP6171245B2 (en) Trusted security zone for accessing peripherals
US9990220B2 (en) Hypervisor remedial action for a virtual machine in response to an error message from the virtual machine
US9213572B2 (en) Interdependent virtual machine management
WO2017031954A1 (en) Data communication method, user equipment, and server
US10437631B2 (en) Operating system hot-switching method and apparatus and mobile terminal
US9208339B1 (en) Verifying Applications in Virtual Environments Using a Trusted Security Zone
EP2911457B1 (en) Communication system, communication device, and computer program for information processing device
KR102048111B1 (en) Secure firmware updates
EP2729897B1 (en) Secure input via a touchscreen
EP2668572B1 (en) Method and apparatus for locking and unlocking multiple operating system environments with a single gesture input
US8302094B2 (en) Routing a physical device request using transformer stack to an equivalent physical device in a virtualized mobile device
US20200142570A1 (en) Bound Based Contextual Zoom
US20190220306A1 (en) Client live migration for a virtual machine
JP5620482B2 (en) Control usage of virtual mobile devices
US9230085B1 (en) Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9389877B2 (en) Multi-environment operating system
US8973098B2 (en) System and method for virtualized resource configuration
US9367331B2 (en) Multi-environment operating system
US8868899B2 (en) System and method for switching between environments in a multi-environment operating system
US9372711B2 (en) System and method for initiating a multi-environment operating system
EP2862065B1 (en) Intermediary virtual machine task management
JP4233585B2 (en) Peripheral switching device and peripheral switching control device
JP5655677B2 (en) Hypervisor replacement method and information processing apparatus
US9348633B2 (en) Multi-environment operating system
US20160295394A1 (en) System, method and computer program product for connecting roaming mobile devices to a virtual device platform

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20150324

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20160119

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20160223

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160422

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20160802

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160929

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20161018

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20161114

R150 Certificate of patent or registration of utility model

Ref document number: 6043615

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250