18 Apr 2018
Abstract—Due to great competition in software industry the source code and binaries have to be protected. Source code available in plain form could be easily stolen and launched on any computer using IDE. We will discuss a protocol that will be used in both (single user and teaming environment) in order to provide source code protection. This would be achieved though authentication, authorization, encryption/decryption and hashing.
Keywords—Encryption; Authentication; Authorization; Hashing; Source code SC; Binaries; Integrated development environment (IDE); Authentication server & Ticket Granting Server (ATGS)
In software industry, the most important asset of the industry is the source code of the software which is being developed. There is a lot of work that has been done in the secure communication, secure databases, and other security services in applications but the source code itself is not being protected which might result in a great financial and data loss for an organization. Due to great competition in software Industry Company coming up with new and unique ideas and launches it in the market will in return generate great revenue. So in software industry it’s just about the idea that matters.
Most of the software companies don’t leak out their upcoming products until they are ready to be released in the market. Due to the importance of the idea and source code, source code theft is the biggest threat in software industry. Source code theft could be physical or via some botnet. In physical source code theft a person might get access to your system and copies the source files and takes it to his own system to recompile with the IDE. He got access to all of your work without any difficulty. The other case could be a Lab environment where many users have access to a common machine. In this situation any person logging on the system can view history in the IDE he could also access those source files if they are made available. In the second type where your competitors know the importance of your system might launch a botnet on your machine. In this ways all your important files (including source files etc) could be stolen and sent to a remote machine. The person getting access to these source files might get a great benefit from it.
Our work is to encrypt these source files and binaries generated by the IDE using cryptographic technique. Because if we don’t protect the binaries, the binary could be reversed engineered to extract source code using some decompiler [1]. JAD could be used to launch a reverse engineering attack on binaries [2]. Some software’s are available in the market that encrypts your files (including source files etc) but these files have to be encrypted manually every time. Due to this extra effort people just skip it. In our model source files and binaries would be automatically encrypted whenever the user performs the Save, Save As and Execute operation. In this way the
developer could pay his full attention on software development without caring about its protection. Our technique will provide confidentiality to source code and binaries, tempering of source code and idea leaking.
The idea of protecting source code and its binaries was influenced from some of its related work
A version control system keeps track of all work and all changes in a set of files, and allows several developers to access them. Access to these files is controls using authentication and authorization if the files are not open source. Subversion can operate on network which will allow various people to modify and manage the same set of data.
Source code is the main asset of any product, if somehow the source code is compromised the whole product get compromised. It should be necessary to become aware of the threats that are caused when source code or the binaries are compromised:
You can encrypt and decrypt the source files and binaries manually using some software but in our approach the source files and binaries would be encrypted and decrypted automatically without any extra effort.
Because we have to do encryption and decryption manually with the help of some software so existing approach might be more time consuming then ours.
We might need to purchase extra software in order to perform this encryption and decryption of source files and binaries. In our approach no extra software is required to perform this task. This would be a feature inside the IDE.
Our approach is more secure than the existing one because the developer might forget to do this operation and leave the source files and binaries unencrypted. While in our approach whenever you exit the IDE the source files and binaries would be encrypted before closing IDE.
In our approach developer won’t need to care about the protection of source files and binaries these would be secured automatically at backend.
Our focus is on two types of source code protection environments
In a single user environment a single user using IDE on his system would face all the challenges to the source code that we have discussed above. The Source code is stored on the local drive onto the system in plain form. Anyone getting access to that drive can misuse the source code. We have to protect this source code by providing some kind of security measures.
First the user will be authenticated. So when the user launches the IDE a login screen will appear he would enter his username and password if his logging for the first time he has to get registered and the hash of the password would be taken and stored with username at some secure place (i.e. database ). If his already registered the entered password has to be hashed and is compared with the hash that is already stored with a particular username. Now if the both hash match then the user would be logged in to the IDE with a particular ID as shown in figure 1. If there is some kind of error the user would be asked to re-enter again, Skip and run IDE normally or exit.
Fig. 1. Authentication sequence diagram
Our main emphasis would be on Save, Save As, Open and execute operations because these operations require security enforcement. Say the user tries to open an existing
If you are the real writer of this essay and no longer want to have the essay published on the our website then please click on the link below to send us request removal:
Request the removal of this essayGet in touch with our dedicated team to discuss about your requirements in detail. We are here to help you our best in any way. If you are unsure about what you exactly need, please complete the short enquiry form below and we will get back to you with quote as soon as possible.