摘要:
It is an object of the present invention to provide an information processing device that verifies the authorization of an application that has issued an access request to access a device. For the present invention to fulfill the above object, when an application 102 on a universal OS issues a processing request to a secure device driver 105, a secure VMM 100 and an application identification unit 106 on a management dedicated OS 104 lock a page table of the application 102 and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.
摘要:
To improve the responsiveness of a system call process without compromising safety, an information processing device according to the present invention includes: an application identification unit configured to identify a program being executed in the information processing device, by acquiring the application identifier; a caller identification unit configured to identify a caller indicating a portion of the program from which a program code is called when the identified program calls the program code; a checked-application management unit configured to manage a check result which is information including a result of previous check for safety of executing the identified program; and an attack check determination unit configured to determine, based on the identified caller and the check result, whether a check if the identified program is under attack is to be made.
摘要:
An information processing terminal (40) includes: a network control unit (250); an installation control unit (260); a process control unit (200) for starting up an application and establishing cooperation among applications including the application; an access-history map updating unit (290) for updating an access-history map (281) which represents history information on an access relationship among the applications when a request is made to start up the application or to establish cooperation among the applications; and an unauthorized-cooperation-of-applications control unit (220) for (i) determining whether or not an unauthorized cooperation, which is directed at sensitive information kept secret, is established among the applications with reference to information obtained from the access-history map (281) and an application authorizing list (271), and (ii) controlling execution of the application using an application execution control technique in the case where a result of the determination shows that the unauthorized cooperation is established.
摘要:
Techniques for protecting memory locations within a stakeholder's engine according to the Multi-Stakeholder Model, and a protocol for remote attestation to a device supporting the Multi-Stakeholder Model that provides extra evidence of the identity of the three actors.
摘要:
A content display apparatus which processes protected information configured, with an aim to prevent access from any unauthorized program, to include: a process managing unit which manages a plurality of processes operable in the content display apparatus; and an access detecting unit configured to detect access to the protected-information access detecting unit which detects access to the protected information. The process managing unit includes an application execution control unit which temporarily stops the operation of each of at least one process other than a process which accesses the protected information among the plurality of processes when the access to the protected information is detected by the protected-information access detecting unit.
摘要:
A device (110) according to an implementation of the present invention, having a plurality of virtual machines (1002, 1003, 1004, and 1005), includes a virtualization software (1001) which manages the virtual machines. The virtualization software includes an application VM creating unit (1300) which creates a virtual machine for executing a program. A first virtual machine (1002) determines whether a first program is to be executed on the first virtual machine or to be executed on a virtual machine other than the first virtual machine. When the first virtual machine determines that the first program is to be executed on the other virtual machine, the application VM creating unit creates a second virtual machine for executing the first program.
摘要:
In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.
摘要:
A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.
摘要:
An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).
摘要:
A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.