JP6205013B1 - Application usage system - Google Patents

Abstract

An information leakage and a malicious program such as malware caused by a local terminal connecting directly to the Internet are prevented. An application using system includes a server connected to the Internet and a local terminal connected to the server via a local network. The server 10 newly generates a virtual terminal 14 when the local terminal 20 requests to start the application program 18, starts the application program 18 in the virtual terminal 14, and transfers the screen output of the application program 18 to the local terminal 20. When the local terminal 20 ends the application program 18, the virtual terminal 14 is deleted. [Selection] Figure 3

Description

  The present invention relates to an application use system, and more particularly to a system that renders Internet access harmless through use of an application by a local terminal.

  In recent years, there has been a problem that in-house information leaks due to infection of a malicious terminal such as malware in a company's local terminal. Also, depending on the computer virus, the local terminal may not operate correctly, and security measures are an important issue in each company.

  A thin client system is known as an in-house computer system in consideration of security (for example, see Non-Patent Documents 1 and 2). A thin client system is an architecture that separates functions such as program execution and data storage from a client terminal and concentrates them on a server.

  Thin client implementation methods are roughly classified into two types: “network boot type” and “screen transfer type”. The network boot type is a method that literally uses a network boot mechanism, in which a terminal downloads an image file stored on a server via a network and executes an OS or an application. On the other hand, the screen transfer type is a method in which an OS or application is executed on the server side and screen output is transferred to a terminal. Only the screen information and the operation information are exchanged between the server and the terminal, and the screen information is overwhelmingly smaller in size than the image file, so that remote access from outside is also possible.

  The screen transfer type can be classified into three types: “server-based method”, “blade PC method”, and “VDI (Virtual Desktop Infrastructure) method”. Among these, the server-based method is a method in which an application for multi-user access is installed on a server and shared by a plurality of users, and the blade PC method assigns a physical PC (blade PC) to each user. In this method, a user operates a physical PC associated with the user via a network. The VDI method is a method of assigning a virtual machine instead of a physical PC for each user, and a plurality of virtual machines can be aggregated on one physical server, so that the hardware cost can be reduced.

  Regarding the thin client system, for example, Patent Document 1 describes a system in which a plurality of terminals can be connected to a desktop unit via a session management device. The session management apparatus includes a hypervisor unit having a plurality of virtual machines that are started by the thin client OS, a network unit that connects the terminal and the virtual machine, and a control unit that allocates a communication path in the network unit to the terminal. The terminal can remotely control the desktop unit.

JP 2014-120033 A

Shinsuke Sasaki (Net One Systems), “How is desktop virtualization (VDI) different from thin clients?”, [Online], February 10, 2014, “IT Leaders (IT information specialist site for information system leaders) "[Search May 1, 2016], Internet <URL: http://it.impressbm.co.jp/articles/-/10941> Yoshimasa Yamamoto (Fuji Soft Co., Ltd.), “Desktop Virtualization / VDI Introduction (1/5)” in 5 minutes, [online], August 19, 2014, “atmarkIT”, [May 2016 1 day search], Internet <URL: http://www.atmarkit.co.jp/ait/articles/1408/19/news033.html>

  However, in the conventional thin client system, it cannot be said that the security of the entire corporate system including the local terminal is sufficiently high, and further improvement is desired.

  Accordingly, an object of the present invention is to provide an application utilization system capable of preventing information leakage due to a local terminal directly connecting to the Internet and the influence of malicious programs such as malware.

  In order to solve the above problems, an application utilization system according to the present invention includes a server connected to the Internet and a local terminal connected to the server via a local network, and the server includes a client program that is connected to the local terminal. The virtual terminal is newly generated when the application program is requested to be started through the virtual terminal, the application program is started in the virtual terminal, and the screen output of the application program is transferred to the local terminal. The virtual terminal is deleted when the termination of the application program is requested through the program.

  According to the present invention, the Internet access through the application program by the local terminal is performed via the virtual terminal in the server, and the virtual terminal is created / deleted in conjunction with the activation / termination of the application program on the local terminal side. Therefore, even if a malicious program is executed, the range of the effect remains in the virtual terminal, and a clean environment can be always provided after the next time. Therefore, virus infection of the local terminal can be avoided and Internet security can be improved.

  In the present invention, it is preferable that the server generates a container-type virtual terminal and automatically starts the application program in the container. According to this configuration, it is possible to increase security by separating a plurality of virtual terminals from each other. In addition, since virtual machines and OSs are not emulated, virtual terminals can be easily created and deleted, and server overhead can be greatly reduced by virtualization at the OS level.

  In the present invention, the server includes a master server and a plurality of slave servers, and when the local terminal requests activation of the application program through the client program, the master server uses a user who uses the local terminal. Based on the attribute information and the attribute information and status information of each slave server, the optimum slave server for the local terminal is determined, the virtual server creation command is issued to the slave server, and connection destination information is sent to the local terminal. And the slave server that has received the virtual terminal creation command newly generates the virtual terminal, and the client program of the local terminal transmits the virtual server in the slave server indicated in the connection destination information. It is preferable to connect to a terminal. According to this configuration, even when the scale of the system is large and a large number of virtual terminals are handled, application services can be efficiently provided by effectively using resources.

  In the present invention, the status information includes at least one information selected from a CPU usage rate, a memory usage rate, and the number of activated virtual terminals, and the attribute information is selected from an application type, a business type, and a group name. Preferably, at least one piece of information is included.

  In the present invention, the application program is preferably a web browser. In recent years, opportunities for local terminals to be compromised through access to external sites are increasing, and web browsers are one of the application programs whose security measures should be strengthened the most. According to the present system in which a local terminal browses a website through a virtual terminal, the local terminal can be separated from the Internet, and information leakage through web access can be avoided. In addition, when the user tries to start browsing the browser on the local terminal side, the server newly generates a virtual terminal, and when the browser ends browsing on the local terminal side, the server deletes the virtual terminal. Therefore, the local terminal can always be provided with a clean environment.

  ADVANTAGE OF THE INVENTION According to this invention, the application utilization system which can prevent the influence of malicious programs, such as information leakage by a local terminal connecting directly to the internet, and malware, can be provided.

FIG. 1 is a block diagram schematically showing the configuration of an application utilization system according to the first embodiment of the present invention. FIG. 2 is a block diagram showing the structure of the server 10 in a hierarchical manner. FIG. 3 is a schematic diagram for explaining the operation of the application utilization system 1. FIG. 4 is a block diagram showing the configuration of the application utilization system 2 according to the second embodiment of the present invention.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a block diagram schematically showing the configuration of an application utilization system according to the first embodiment of the present invention.

  As shown in FIG. 1, the application utilization system 1 includes a server 10 connected to both the Internet 30 and the local network 40, and a plurality of local terminals 20 connected to the server 10 via the local network 40. Has been. The local terminal 20 is not directly connected to the Internet 30 but can be connected to the Internet 30 via the server 10.

  The server 10 is an application server that provides application services to each local terminal 20 through an internal virtual terminal, and also serves as a security server that prevents each local terminal 20 from directly accessing the Internet. Various application programs used by the local terminal 20 are prepared in the server 10. A typical example is a web browser.

  In this embodiment, the server 10 provides an application service to the local terminal 20 through a container-type desktop virtualization technology. The control program in the server 10 manages a virtual terminal (user space) called “container”, generates a container in response to a request from the local terminal 20, and executes a user process (application program) in the container. The execution screen is transferred to the local terminal 20. Therefore, the local terminal 20 can use the application service without being aware that the program is being executed on the server 10 side.

  FIG. 2 is a block diagram showing the structure of the server 10 in a hierarchical manner.

  As shown in FIG. 2, the server 10 is, for example, a Linux (registered trademark) server, and includes a host OS 12 operating on the physical machine 11, a container management control program (container management software) 13 operating on the host OS 12, and And the user process 15 operating on the host OS 12 is confined in the corresponding container 14. A typical container management software is DOCKER®.

  The inside of the host OS 12 is divided into a “kernel space” for managing physical resources and a “user space” for executing user processes. In container-type virtualization, a user space is divided into a plurality of user processes. Limit the resources that are visible. Thus, a user space in which a single user process or several user processes are confined together is a “container”.

  In container-type virtualization, all processes operate directly on the host OS 12 installed in the server 10. Since the process in a container is in an isolated space like a container for actual freight transportation, the inside of one container cannot be seen from the inside of another container. It is a function of the kernel of the host OS that creates this isolated space. By isolating the computer resources that can be used through the host OS for each container and creating a space that is independent of processes and other containers that operate directly on the host OS, the resources are divided, distributed, and restricted.

  Since the hypervisor type creates a virtual hardware environment, the container type creates an independent virtual OS environment, and is also referred to as “OS level virtualization”. That is, in the container type virtualization, the kernel directly operates the process to create an isolated space, so there is only one OS that runs on the computer. Compared to a hypervisor type in which at least two OSes (host OS and guest OS) need to operate, even if a large number of containers are created, less resources are consumed, so higher density can be realized. . Moreover, it is only necessary to create an isolated space, and hardware virtualization is unnecessary, so overhead can be greatly reduced.

  Furthermore, since the process is simply activated from the viewpoint of the OS, there is almost no difference from the activation of the normal process, and the container can be activated very quickly. The present invention realizes the new creation / deletion of a container linked with the activation / termination of an application by taking advantage of the characteristics of such a container type virtual terminal.

  In the container type, it is not necessary to start various daemons after starting init first like the hypervisor type, and you can create a container simply by creating an environment that isolates processes, so only the web browser is started, for example An environment in which only one process exists in a container can be created, and only an application can be started. Such an environment is called an “application container”. Of course, it is possible to create an environment similar to that of starting a normal OS by starting init first, and this environment is called a “system container”.

  The system management program 16 provides a management screen for performing general settings of the application using system 1 to the administrator. Various settings such as adding and deleting user accounts can be performed from this management screen. Furthermore, in addition to resource information such as the CPU usage rate, memory usage rate, and the number of activated containers of the server 10, a function for centrally managing and browsing log information indicating whether the container has been normally generated / deleted is provided. This facilitates system management and trouble analysis when a failure occurs.

  FIG. 3 is a schematic diagram for explaining the operation of the application utilization system 1.

  As shown in FIG. 3, a client program 21 is installed in the local terminal 20. When the client program 21 is activated on the local terminal 20 (step S1), processing for activating the web browser is started, and a connection request is transmitted to the server 10 (step S2). The control program 13 of the server 10 performs user authentication based on the account information 17a in the database 17, and when a connection request for the local terminal 20 is permitted (step S3), the template 17b prepared in advance is used as a base. A user-specific container 14 is newly created (step S4). Usually, one container 14 is allocated to one web browser. Further, based on the account information 17a, whether or not to save the user profile of the web browser, whether or not to copy and paste, the start day of the week and the time, etc. are set for each user.

  In the container 14, the web browser 18, which is a designated application program, is automatically activated, and the screen output of the web browser 18 is transferred as drawing information to the client program 21 (step S5). Therefore, the output screen of the web browser 18 is displayed on the display of the local terminal 20, and the user can use the web browser 18 with the same usability as that executed on the local terminal 20, so that the user can browse the website. Is possible (step S6). The container 14 operates according to the operation information from the local terminal 20 (step S7), and accesses the website (web server) instead of the local terminal 20, so that the local terminal 20 can be isolated from the Internet 30. .

  The monitoring program 19 in the container 14 constantly monitors the state of the web browser 18 (step S8). When the client program 21 is terminated on the local terminal 20 side, the web browser 18 in the container 14 is terminated, and the web browser 18 Upon completion, the container 14 itself is deleted (step S9). At this time, information (user profile 17 c) such as bookmarks and extended functions of the web browser 18 is stored in the user profile storage area of the database 17 and used when a new container 14 is generated.

  Thus, every time the web browser 18 is started on the local terminal 20 side, the container 14 in the initial state is created completely. When the web browser 18 is terminated, the container 14 is deleted, so that a malicious program is executed. Even if it happens, the effect remains within the range of the container 14, and a clean environment is always provided after the next time.

  A conventional hypervisor type system is a form in which a virtual desktop (virtual terminal) of each user is prepared in advance on the hypervisor, and the virtual desktop is always activated even if it is not used. Sometimes the virtual terminal is not created / deleted. However, in this embodiment, the virtual terminal is created / deleted in conjunction with the activation / termination of the web browser, so even when a malicious program is executed, the scope of the effect remains within the virtual terminal, and from the next time onwards. A clean environment is always provided. That is, it is possible to reliably avoid the local terminal 20 from being affected by a malicious program, and to improve network security.

  As described above, the application utilization system 1 according to the present embodiment executes the web browser 18 used by the local terminal 20 in the virtual terminal on the server 10 and transfers the screen output of the web browser 18 to the local terminal 20. Thus, the local terminal 20 can be separated from the Internet, and a secure Internet connection environment can be provided. In particular, since a virtual terminal is generated using a container-type virtualization technology, the processing overhead can be reduced as compared with the conventional VDI method, and the initial introduction cost can be suppressed. That is, according to this embodiment, a server-type secure browser that can be used in a secure environment can be provided.

  Further, in the application usage system 1 according to the present embodiment, when the local terminal 20 requests activation of the web browser 18 through the client program, the server 10 newly generates a virtual terminal, and the local terminal 20 terminates the web browser 18. Since the server 10 deletes the virtual terminal when requested, even if a malicious program such as malware is executed, the influence is limited, and the local terminal 20 can always be provided with a clean Internet environment. .

  FIG. 4 is a block diagram showing the configuration of an application utilization system according to the second embodiment of the present invention.

  As shown in FIG. 4, in the application usage system 2, the server 10 in FIG. 1 includes a master server 10A and a plurality of slave servers 10B, and uses the usage status of each slave server 10B and the local terminal 20. The optimum slave server 10B is determined based on user attributes and the like, and the container 14 is created in the slave server 10B.

  When the client program 21 is activated on the local terminal 20, a connection request is first transmitted to the master server 10A (step S11). The master server 10A collects and holds in advance status information (CPU usage rate, memory usage rate, number of activated containers, etc.) and attribute information (application type, business type, group name, etc.) of each slave server 10B. Upon receiving the connection request, the master server 10A determines the optimum slave server 10B under the conditions specified by referring to the information of each slave server 10B as the user attribute information. Then, a container creation command is issued to the slave server 10B, and connection destination information is returned to the client program 21 (steps S12 and S13).

  The “application type” in the attribute information is identification information used when targeting various application programs such as mail software in addition to the web browser, and a criterion for selecting a server suitable for processing of each application It will be. The “business type” is, for example, sales, accounting, design and development, and the “group name” is, for example, a user's department or office. User attribute information can be acquired from the database 17 during user authentication.

  Receiving the container creation command, the slave server 10B newly generates a container and automatically starts a web browser in the container. The client program 21 connects to the container on the slave server 10B indicated by the returned connection destination information (step S14), and receives the screen output of the web browser automatically started in the container 14 as drawing information (step S14). S15). The monitoring program 19 in the container 14 always monitors the state of the web browser, and deletes the container itself when the web browser is terminated.

  As described above, when the application utilization system 2 according to the present embodiment creates a container in response to a request from the local terminal 20, it selects the optimum server for the local terminal 20 from the plurality of servers and selects the container. Therefore, even when the system scale is increased and a very large number of containers are handled, application services can be efficiently provided by effectively using resources.

  The preferred embodiments of the present invention have been described above, but the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the present invention. Needless to say, it is included in the range.

  For example, in the above-described embodiment, the case where the application program executed in the virtual terminal is a web browser has been described as an example. However, other application programs such as e-mail software may be used, such as malware through Internet access. It is possible to target various application programs that may be affected by the above.

1, 2 Application utilization system 10 Server 10A Master server 10B Slave server 11 Physical machine 12 Host OS
13 Control program (container management software)
14 Container (virtual terminal)
15 User process 16 System management program 17 Database 17a Account information 17b Template 17c User profile 18 Web browser (application program)
19 Monitoring program 20 Local terminal 21 Client program 30 Internet 40 Local network

Claims (5)

A server connected to the Internet, and a local terminal connected to the server via a local network,
The server includes a master server and a plurality of slave servers,
The master server, when the local terminal requests activation of an application program , one slave corresponding to the local terminal based on attribute information of the user using the local terminal and attribute information and status information of each slave server Determine the server and return the connection destination information to the local terminal,
The one slave server newly generates a virtual terminal,
The local terminal connects to the virtual terminal in the one slave server indicated in the connection destination information,
The one slave server is
Start the application program in the virtual terminal and transfer the screen output of the application program to the local terminal,
An application utilization system, wherein the virtual terminal is deleted when the local terminal terminates the application program. The status information includes at least one information selected from a CPU usage rate, a memory usage rate, and the number of virtual terminals activated,
The application use system according to claim 1, wherein the attribute information includes at least one information selected from an application type, a business type, and a group name. The master server, after determining the one slave server, performs the virtual terminal creation instruction to the one slave server,
The application use system according to claim 1 or 2, wherein the one slave server that has received the virtual terminal creation command newly generates the virtual terminal.   The application utilization system according to any one of claims 1 to 3, wherein the one slave server starts the application program in a container-type virtual terminal.   The application use system according to any one of claims 1 to 4, wherein the application program includes a web browser.

Images