Monday, April 1, 2019
An Architecture for Source Code Protection
An Architecture for beginning enter Protection swindle collectable to great competition in package industry the seminal fluid calculate and binaries have to be protected. kickoff cipher available in plain form could be easily stolen and casted on all computer apply IDE. We entrust discuss a protocol that will be used in both (single substance ab drug user and teaming environment) in order to contribute microbe encrypt security measures. This would be achieved though authentication, authorization, encryption/decryption and hashing.Keywordsencryption Authentication Authorization Hashing Source legislation SC Binaries Integrated maturement environment (IDE) Authentication server Ticket Granting Server (ATGS)INTRODUCTIONIn computer package industry, the most important asset of the industry is the acknowledgment law of the software which is being developed. There is a lot of fake that has been through in the serious communication, secure databases, and other secur ity services in applications but the arising edict itself is not being protected which talent result in a great financial and data outrage for an organization. Due to great competition in software Industry companion coming up with new and unique ideas and launches it in the marketplace will in return generate great revenue. So in software industry its just almost the idea that matters.Most of the software companies dont leak out their upcoming proceedss until they are lay to be released in the market. Due to the importance of the idea and cite code, source code theft is the biggest threat in software industry. Source code theft could be animal(prenominal) or via many botnet. In physical source code theft a person office unhorse feeler to your governing body and copies the source files and takes it to his own dodge to recompile with the IDE. He got gravel to all of your realize without each difficulty. The other case could be a Lab environment where many users ha ve admission fee to a commonplace machine. In this situation any person logging on the system can view history in the IDE he could also access those source files if they are made available. In the second type where your competitors make do the importance of your system might launch a botnet on your machine. In this ways all your important files (including source files etc) could be stolen and sent to a remote machine. The person lineting access to these source files might draw a bead on a great benefit from it.Our work is to encrypt these source files and binaries generated by the IDE using cryptographic technique. Because if we dont protect the binaries, the binary could be reversed engineered to duplicatect source code using just about decompiler 1. JAD could be used to launch a reverse engineering fervency on binaries 2. Some softwares are available in the market that encrypts your files (including source files etc) but these files have to be encrypted manually every time . Due to this extra effort people just skip it. In our mock up source files and binaries would be automatically encrypted whenever the user behaves the Save, Save As and be given operation. In this way thedeveloper could pay his full attention on software development without caring about its protection. Our technique will provide confidentiality to source code and binaries, tempering of source code and idea leaking.RELATED accomplishmentThe idea of protecting source code and its binaries was influenced from some of its related workGuy-Armand Yandji, Lui Lian Hao, Amir-Eddine Youssouf, Jules Ehoussou 3 presented a posture for normal file encryption and decryption. The paper describes a methodology using AES and MD5 for encrypting files. The outcome file that will as a result be hashed and strongly encrypted through the software.Xiufeng Zhang and Qiaoyan Wen 4 described the flexibility of Java language, which makes the protection become very difficult. Using decompiler 5 such as Jad we can easily extract the source code from the binary file. Therefore, any malicious users can use the anti-compiler tools to make reverse-engineering attacks. The paper presented an AOP-Based J2EE Source Code Protection technique in they gave solution to the problem that arises when encrypting J2EE applications.ByungRae Cha 6 presented a CRYPTEX model for protecting software source code. The model presented safe protection and access throw of software source codes. The access control to the source code was achieved using digital certificate. The CRYPTEX consisted of software source codes and an algorithm to control access.A White Paper sponsored by CA Technologies 7 for Protecting APIs against attack and hijack presented a secure API architecture. APIs are windows into applications and as with any window an API can easily be vilifyd. APIs put applications chthonian the hacker mi croscope and increase attack surface on lymph gland application. So a solution was presented us ing SecureSpan API proxy.SVN 8 and CVS 9 are used to control versions.A version control system keeps track of all work and all changes in a set of files, and allows several developers to access them. onset to these files is controls using authentication and authorization if the files are not dissonant source. putrescence can operate on network which will allow unhomogeneous people to modify and manage the same set of data.RISK FACTORSSource code is the main asset of any product, if somehow the source code is compromised the whole product get compromised. It should be necessary to become certain of the threats that are caused when source code or the binaries are compromisedSource code can be used to steal the idea behind that product and can be used to make a similar product.Source code can give attackers information about the working of your application and it will also provide him the loopholes in your application which would help him to launch attacks.Binary files can be rev ered engineered to generate source files using a decompiler and possible attacks could be launched by those source files.By having the source code or binaries the attacker can add some unsought feature to that product and make that malicious product available to the frequentBypass license checks (patching) in your product and make a unaffectionate copy available to public.MANUALLY ENCRYPTING AND DECRYPTINGYou can encrypt and decrypt the source files and binaries manually using some software but in our approach the source files and binaries would be encrypted and decrypted automatically without any extra effort.Time downBecause we have to do encryption and decryption manually with the help of some software so existing approach might be more(prenominal) time consuming then ours.Purchase of extra SoftwareWe might need to purchase extra software in order to perform this encryption and decryption of source files and binaries. In our approach no extra software is required to perform this task. This would be a feature inside(a) the IDE.More SecureOur approach is more secure than the existing angiotensin-converting enzyme because the developer might forget to do this operation and leave the source files and binaries unencrypted. plot of land in our approach whenever you exit the IDE the source files and binaries would be encrypted before end IDE.In our approach developer wont need to care about the protection of source files and binaries these would be secured automatically at backend.SOURCE enter PROTECTION ENVIRONMENTSOur focus is on two types of source code protection environmentsSingle User EnvironmentTeaming EnvironmentSingle User EnvirnomentIn a single user environment a single user using IDE on his system would face all the challenges to the source code that we have discussed above. The Source code is stored on the local drive onto the system in plain form. Anyone getting access to that drive can misuse the source code. We have to protect this source code by providing some kind of security measures.Proposed SolutionFirst the user will be authenticated. So when the user launches the IDE a login screen will appear he would enter his username and password if his logging for the first time he has to get registered and the hash of the password would be taken and stored with username at some secure place (i.e. database ). If his already registered the entered password has to be hashed and is compared with the hash that is already stored with a particular username. Now if the both hash match then the user would be logged in to the IDE with a particular ID as shown in interpret 1. If there is some kind of error the user would be asked to get in again, Skip and run IDE normally or exit.Fig. 1. Authentication sequence drawOur main emphasis would be on Save, Save As, Open and coif operations because these operations require security enforcement. Say the user tries to open an existing
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment