JP2000194591A - Security system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To relate the security of a file through a process by managing a flow of data and giving the security to the processing. SOLUTION: In the security system, when some process is performed according to a prepared security table (step 1), the authority level of a person who tries to perform the processing is compared with the securecy level of the processing (step 7). Then the authority level of the person who tries to perform the processing is compared with the security level of the data category attached to the processing (steps 10, 11, and 12). Then when the authority level of the person is lower, the processing is disabled (step 14). Thus, management based upon the flow of data and whether or not there is the access right for the processing is performed to strictly prevent information from leaking owing to the flow of the data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data security system in information processing, and more particularly to a security system for managing a data flow.

[0002]

2. Description of the Related Art As a measure for confidentiality in an information processing system, authentication by access control is generally performed. The configuration of the authentication system is L
There are an identification method of inputting an OGON + user ID, an authentication method of inputting a password, and a permission method of inputting an application name to be processed. By the authentication based on such access control, management is performed on what information access and processing are permitted to the user who is permitted to enter the information system. For example, in the personnel system, the content is such that the inquiry is permitted and the update is not permitted. In performing such information management, an “access authority table” that clarifies job authority and job content is used.

As a technique for managing individual security related to processing or data, for example, Japanese Patent Application Laid-Open No. 9-319659 is disclosed. This technology has security information for each group and each file, and performs security management for each group and each file. Also, Japanese Unexamined Patent Publication No.
Japanese Patent Application Laid-Open Publication No. H11-163873 discloses a technique for controlling data flow and managing security individually for groups or data. This technique has security information in each information unit, and controls the flow of data so that a flow to information having lower security information than a higher information level is prohibited.

[0004]

However, in the above-described authentication system based on access control, it is impossible to prevent information leakage in the following cases. For example, it is assumed that Mr. X has authority to access the A file and the B file, and that Mr. Y is not allowed to access the A file and is allowed to access the B file. At this time, it is assumed that Mr. X has intentionally or negligently copied the file A to the file B. Thereafter, when Mr. Y reads the B file, the contents of the A file can be read. In this case, Mr. Y
You can see the contents of file A even though you are not authorized to read the file. This cannot be prevented by ordinary access control, so a separate control method must be considered.

[0005] Also, the technique disclosed in Japanese Patent Application Laid-Open No. 9-319659 also manages individual security related to processing or data, and does not control the flow of data. Is not confidential. In the technique of JP-A-6-244833, data flow is controlled, but security is managed individually for groups or data, and security for processing is not performed. Security is not maintained. That is, in each of the above-described technologies, processing and file are compared individually, and comparison in which processing and files are associated is not performed. In each case, security is individually set for processing, data, and the like, and the security of processing cannot be reflected on the security of data.

The present invention has been made in view of such circumstances, and has as its object to manage the flow of data, provide security for processing, and associate file security with processing. To provide a security system based on data flow control.

[0007]

SUMMARY OF THE INVENTION A security system according to the present invention aims at preventing information leakage due to a data flow, wherein security is set for processing and file security is associated with processing. It is. Therefore, when controlling copying from file to file, it is not a comparison between file security but a comparison between processes to which a file belongs. In other words, since it is a comparison after processing and files are related,
Processing security is automatically reflected in data security.

That is, in order to achieve the above object,
The security system according to claim 1 is a security system for controlling information flow by controlling the flow of data, wherein a data associated with a file associated with a process having a lower security level is compared with a file associated with a process having a lower security level. By managing the flow, security is set for processing, and file security is associated with processing.

[0009] The security system according to claim 2 is:
2. The security system according to claim 1, wherein the authority level of the person who attempted to execute the processing is compared with the confidentiality level of the processing, and the authority level of the person who attempted to execute the processing and a data category associated with the processing. And if the result of the comparison indicates that the authority level of the person who attempted to execute the process is low, the process is not permitted.

[0010] The security system according to claim 3 is:
3. The security system according to claim 2, wherein: means for obtaining an authentication table based on a password obtained from input data; means for obtaining a security table based on information obtained from the authentication table; Means for comparing the authority level and the security level in the acquired authentication table and the acquired security table, and, if the authority level of the authentication table is not smaller than the security level of the target processing in the security table, processing permission is given; Means for terminating the process if the authorization level of the authentication table is lower than the security level of the target process in the security table; and obtaining the authentication table and the obtained security table during the utility process. In Le, means for comparing the authorization level and security level, authority level of the authentication table is finished, the processing is smaller than the security level of a file copy in the security table,
If the authority level of the authentication table is not lower than the security level of the file copy in the security table, the security level of the input category is obtained from the obtained security table using the input file name as a search key. If the specified file name is detected more than once, the means to set the highest security level as the effective level for comparison and comparison in the category output or input / output, and the output file as well as the input file If the authority level of the authentication table is lower than the security level of the input file, the processing is terminated, and if the authority level of the authentication table is not lower than the security level of the input file,
Compare the obtained authorization level of the authentication table with the security level of the output file. If the authorization level of the authentication table is lower than the security level of the output file, terminate the process.The authorization level of the authentication table is lower than the security level of the output file. If not, the security level of the obtained input file is compared with the security level of the obtained output file. If the security level of the output file is lower than the security level of the input file, the process ends, and the security level of the output file is set to the input level. Means for granting processing permission if the security level of the file is not lower than the security level,
It is characterized in that security is given to processing while managing the flow of data so that file security can be associated with processing.

[0011]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The security system of the present invention comprises:
The system is configured to prevent leakage of confidentiality by intention or negligence by an individual. Embodiments will be described below in detail with reference to the drawings. Normally, in data security, management is performed depending on whether or not there is an access right to data or processing. However, there is a possibility that leakage or destruction of confidential information may occur due to the flow of data. For example, in a process of performing strict authority management, there is a case where contents are leaked to processing data of normal management due to intentional or mistake of a person in charge. In order to prevent such a situation, a security level is provided for information, and a security class is configured by combining data categories in addition thereto.

For example, FIG. 2 shows an example of a security table applied to the security system according to the embodiment of the present invention. As shown in FIG. 2, a security level and a security class are set for processing. Set. The security class is represented by a two-dimensional table in which confidentiality levels are set as rows and data categories as columns. The creation of the security table is performed according to the following procedure. 1. Determine the processing level of the created program. 2. Identify used files. 3. Register in the security table. The registration in the security table is performed by the system administrator after the program is created. In utility processing such as file copying, a category (file) is not set. The security levels (L1, L2, L3) are specified in units of processing indicating the level of security, and are not specified for files. For example, L3>L2> L1.
The program divisions in the figure are U: utility, A: application, and the categories are I: input, IO: input / output, and O: output.

When a process is to be executed based on the security table, first, the authority level of the person who executed the process is compared with the confidentiality level of the process. Next, a comparison is made between the authority level of the person who attempted to execute the process and the security level of the data category associated with the process. Then, as a result of the comparison, if the authority level of the person who tried to execute the process is low, the process is not permitted. The feature is that both are associated with each other, rather than the conventional individual security checks on processes or files. Therefore, more strict security management can be performed.

Further, this embodiment will be described in detail with reference to FIGS. 1, 2 and 3. FIG. FIG. 1 is a flowchart showing a flow of the operation of the security system according to the embodiment of the present invention. FIG. 2 is an example of an authentication table applied to the security system according to the embodiment of FIG. Note that this authentication table is created for each individual, and the level of processing that can be accessed is set. Hereinafter, in the description using the flowchart of FIG. 1, FIGS. 2 and 3 will be referred to as needed. Further, the following two are prerequisites for the flow of the process in FIG. That is, (1) a plurality of hits may be found in the search of the security level of the file category in the security table. In this case, the highest security level among the categories set as O: output or IO: input / output is set as the effective level for comparison. (2) It is assumed that reading of a security class is performed by executing a procedure defined in a database by triggering access to a file.

First, in step 1 of FIG.
Input the IN information. By LOGIN, an employee code and a password are obtained. In step 2, authentication is performed using the employee code and password obtained in step 1. At the time of authentication, an authentication table is obtained by an employee code. If the authentication is OK, go to step 3. If the authentication is not possible, the process ends at this point. In step 3, a target process is selected. When a process is selected, a security table is obtained by the program ID specified by the process selection.

In step 4, a processing branch is performed according to the program division. There are two processing branches: application and utility. First, in the case of an application, in step 5, the authorization level and the security level are compared in the authentication table acquired in step 2 and the security table acquired in step 3.

If the authority level of the authentication table is not lower than the security level of the target processing in the security table, processing permission is given in step 6. If the authority level of the authentication table is lower than the security level of the target process in the security table, the process ends at this point.

Next, in the case of a utility, the following description will be made taking as an example the case of copying the file shown in FIG. That is, in the file copy, an input file and an output file are specified. The input file is file C in FIG. 3 and the output file is file E. Also,
The person in charge of copying the file is the employee code in Fig. 2: 87
6453, and its authority level is L3.

First, at step 7, the authorization level and the security level are compared between the authentication table acquired at step 2 and the security table acquired at step 3. If the authority level of the authentication table is not lower than the security level of the file copy in the security table, the process proceeds to step S8. If the authority level of the authentication table is lower than the security level of the file copy in the security table, the process is terminated at this point.

In step 8, the security level of the input category is obtained from the security table obtained in step 3 using the input file name as a search key. When searching for security levels, multiple specified file names may be detected. In this case, the highest security level is compared and compared among O: output or IO: input / output of the category. The effective level of.

In the file C of the input file, the security level of the sales input corresponds to L1 and the security level of the salary input L3. However, since the security level of the salary input is higher, the security of the file C as the input file is higher. The level is L3. In step 9, similarly to the input file, the security class of the output file E is acquired. From FIG. 3, the security level of the file E is L2.

Next, in step 10, step 2
Is compared with the security level of the input file obtained in the authentication table. If the authority level of the authentication table is not lower than the security level of the input file, the process proceeds to step 11. If the authorization level of the authentication table is lower than the security level of the input file, the process is terminated at this point. Next, in step 11, a comparison is made between the authority level of the authentication table acquired in step 2 and the security level of the output file. If the authority level of the authentication table is not lower than the security level of the output file, the process proceeds to step 12. If the authority level of the authentication table is lower than the security level of the output file, the process ends at this point.

Next, in step 12, step 8
Is compared with the security level of the output file obtained in step 9. If the security level of the output file is not lower than the security level of the input file, processing permission is given in step 13. If the security level of the output file is lower than the security level of the input file, the process ends at this point. In the example, since the security class of the file C which is the input file is L3 and the security class of the file E which is the output file is L2, the processing is not permitted. Ends.

In this way, the data flow is managed,
By providing security for a process, file security is more associated with the process. That is, by combining the processing authority and the data attribute, it is possible to prevent data leakage, destruction, and the like due to an inconvenient flow of data. Also, it is not necessary to give the file security rights, and strict security management for the file can be performed by setting processing in the security table.

[0025]

As described above, according to the security system of the present invention, a data flow for a file associated with a process having lower security is managed more than a file associated with a process having higher security. I have. Therefore, it is possible to prevent a person having only a low access right from leaking information from a file which can be accessed only by a person having an access right of a higher level. By defining the confidentiality level and the data category in this way, it is possible to perform more precise security management, and it is possible to prevent the person in charge from referencing, falsifying, or destroying the data intentionally or carelessly. Therefore, the security system of the present invention can be applied to a system requiring stricter security than usual.

[Brief description of the drawings]

FIG. 1 is a flowchart showing a flow of an operation of a security system according to an embodiment of the present invention.

FIG. 2 is an example of an authentication table applied to the security system of FIG. 1;

FIG. 3 is an example of a security table applied to the security system of FIG. 1;

[Explanation of symbols]

L1, L2, L3: security level, U: utility, A: application, I: input, IO: input / output, O: output

Claims (3)

[Claims] In a security system for controlling information flow to secure information, a data flow for a file associated with a process having a lower security level is managed from a file associated with a process having a higher security level. A security system wherein the security is set for processing and file security is associated with the processing. 2. An authority level of a person who attempts to execute a process is compared with a confidentiality level of the process, and further, an authority level of a person who tries to execute the process, and a security level of a data category associated with the process. 2. The security system according to claim 1, wherein if the authority level of a person who attempts to execute the process is low, the process is not permitted. A means for obtaining an authentication table based on a password obtained from the input data; a means for obtaining a security table based on information obtained from the authentication table; Means for comparing an authority level and a security level in the authentication table and the acquired security table; and, if the authority level of the authentication table is not smaller than a security level of a target process in the security table, processing permission is given. Means for terminating the process if the authority level of the authentication table is lower than the security level of the target process in the security table; and obtaining the authentication table and the obtained security table during the utility process. A means for comparing an authority level and a security level; and if the authority level of the authentication table is smaller than the security level of file copy in the security table, the processing is terminated; and the authority level of the authentication table is a file in the security table. If the security level is not smaller than the security level of the copy, the security level of the input category is obtained from the obtained security table by using the input file name as a search key. In the security level search, a plurality of specified file names are obtained. If detected, means to set the highest security level as the effective level for comparison and comparison between the output and input / output of the category. Means for acquiring a certificate, if the authority level of the authentication table is smaller than the security level of the input file, end the process; if the authority level of the authentication table is not smaller than the security level of the input file, the acquired authentication The authority level of the table is compared with the security level of the output file. If the authority level of the authentication table is smaller than the security level of the output file, the process is terminated, and the authority level of the authentication table is the security level of the output file. If not smaller, the security level of the obtained input file is compared with the security level of the obtained output file. If the security level of the output file is smaller than the security level of the input file, the process is terminated. Means for granting processing permission if the security level of the output file is not lower than the security level of the input file. 3. The security system according to claim 2, wherein the security system is linked.