| 摘要 |
A purpose of the invention is to accomplish ensuring security and the like when a user program is executed in a cloud environment. The present system comprises a user terminal 2, a public cloud (CL) 3, and an authentication server 1. The CL 3 comprises a server (31) that executes a user program (UP) and a controller 30. The authentication server 1 comprises an authentication control unit 13 and a library 50. The library 50 stores user information (d2), UP information (d3), CL 3 information (d4), server information (d5), and permission information (d1) that manages an association about execution of the UP with the server. The authentication control section 13 performs processes such as a process for generating UP authentication information (F1), a process for generating server authentication information (F2) and a process for determining execution permission with reference to the authentication information (F1, F2) and the permission information (d1) when the UP is executed by the server of the CL 3. |
| 主权项 |
1. A cloud security management system in which components including a user terminal, a public cloud including a plurality of servers, and an authentication server are connected by a network, wherein a target server for executing a user program and a processing controller for performing a control related to the execution are provided in the public cloud, the authentication server comprises an authentication control unit and a storage unit, the storage unit stores information containing an ID of the user, information containing an ID of the user program, information containing an ID of the public cloud, information containing an ID of the server, and permission information for managing an association about an execution of the user program with a server of the public cloud, and the authentication control unit comprises: a first processing unit that creates first authentication information for authenticating the user program, and includes the first authentication information in the user program; a second processing unit that creates second authentication information for authenticating a server of the public cloud, and provides same to the server of the public cloud; a third processing unit that sets content of the permission information in accordance with an input from the user terminal; and a forth processing unit that, when the user program is executed in the server of the public cloud, in cooperation with the controller, refers to the first authentication information, the second authentication information and the permission information, and determines whether the user program is permitted to be executed in the server of the public cloud, and if permitted, executes the program. |
