Strict application execution control with hierarchical group management using digital certificates on educational windows PCs

We have developed a system (traditional system) to flexibly provide the requested applications environment on educational Windows PCs. The traditional system dynamically controls the execution of applications installed on each educational PC depending on the rules defined by teachers as well as by administrators. The traditional system, however, has a low tolerance for malicious attacks. If the execution file of a certain application is falsified, the corresponding rules already applied become invalid. In addition, though the traditional system has a function to define groups of controlled applications, it does not support hierarchical groups. This reduces the usability of the traditional system. In order to address these issues, this paper proposes a control method of application execution using digital certificates. The proposed method has a high tolerance for the falsification of execution files by controlling their executions based on the reliability of the corresponding digital certificates. It also improves its usability by introducing hierarchical group management utilizing hierarchical structure for digital certificates.