主权项 |
1. A security policy enforcement system comprising:
at least one central processing unit (CPU) configured to execute a plurality of sections, comprising: a plurality of policy enforcement sections, each policy enforcement section being configured to execute a security measure on user information, the user information being transmitted from a client to a server along with a service identifier identifying one of a plurality of services; a policy storing section configured to store policy information indicating the security measure to be executed on the user information, each piece of the policy information including the service identifier and information on the security measure to be executed on the user information; a measure-arrangement storing section configured to store measure arrangement information indicating the security measure executable in each of the policy enforcement sections; a policy determining section configured to select, on the basis of, the service identifier transmitted from the client to the server along with the user information, the policy information and the measure arrangement information, one or more of the policy enforcement sections that execute the security measure on the user information among the plurality of policy enforcement sections; and a load-state storing section configured to store load information indicating load states of the policy enforcement sections, wherein each of the one or more policy enforcement sections executes the security measure on the user information and outputs, on the basis of a selection result of the policy determining section, the user information, on which the security measure has been executed, to the other policy enforcement sections among the one or more policy enforcement sections or to the server, along with the service identifier; and the policy determining section selects as a transfer destination of the user information, on the basis of the load information, a policy enforcement section having a smallest load state among the policy enforcement sections that can execute the security measure corresponding to the policy information. |