An Architecture for Source Code Protection

Abstract-Due to great competition in software industry the source code and binaries have to be protected. Source code available in plain form could be easily stolen and launched on any computer using IDE. We will discuss a protocol that will be used in both (single user and teaming environment) in order to provide source code protection. This would be achieved though authentication, authorization, encryption/decryption and hashing.

Keywords-Encryption; Authentication; Authorization; Hashing; Source code SC; Binaries; Integrated development environment (IDE); Authentication server & Ticket Granting Server (ATGS)

  1. INTRODUCTION

In software industry, the most crucial property of the industry is the source code of the program which has been developed. There's a whole lot of work that is done in the secure communication, secure databases, and other security services in applications however the source code itself is not being safeguarded which might bring about a great financial and data reduction for an organization. Due to great competition in software Industry Company discovering new and unique ideas and launches it in the market will in return generate great revenue. So in software industry it's just about the idea that counts.

Most of the software companies don't leak out their upcoming products until they are ready to be released in the market. Due to the importance of the theory and source code, source code robbery is the largest risk in software industry. Source code theft could be physical or via some botnet. In physical source code fraud a person could easily get access to one's body and copies the source files and requires it to his own system to recompile with the IDE. He got access to all of your work without the difficulty. The other circumstance could be a Laboratory environment where many users get access to the machine. In this example any person logging on the system can view record in the IDE he may possibly also access those source data if they're made available. In the second type where your opponents know the value of your system might establish a botnet on your machine. In such a ways your entire important data files (including source files etc) could be taken and delivered to a remote control machine. The individual getting usage of these source documents might get a great benefit from it.

Our work is to encrypt these source files and binaries made by the IDE using cryptographic technique. Because if we don't protect the binaries, the binary could be reversed manufactured to extract source code using some decompiler [1]. JAD could be utilized to unveiling a reverse anatomist attack on binaries [2]. Some software's can be purchased in the market that encrypts your files (including source data etc) but these data need to be encrypted manually each time. For this reason extra work people just miss it. In our model source data files and binaries would be automatically encrypted whenever an individual performs the Save, Save As and Execute operation. In this manner the

developer could pay his full attention on software development without caring about its security. Our technique provides confidentiality to source code and binaries, tempering of source code and idea leaking.

  1. RELATED WORK

The notion of guarding source code and its own binaries was affected from some of its related work

  • Guy-Armand Yandji, Lui Lian Hao, Amir-Eddine Youssouf, Jules Ehoussou [3] presented a model for normal data file encryption and decryption. The paper describes a methodology using AES and MD5 for encrypting files. The outcome record that will as a result be hashed and strongly encrypted through the program.
  • Xiufeng Zhang and Qiaoyan Wen [4] explained the versatility of Java words, which makes the security become very difficult. Using decompiler [5] such as Jad we may easily extract the source code from the binary file. Therefore, any harmful users may use the anti-compiler tools to make reverse-engineering attacks. The paper presented an AOP-Based J2EE Source Code Coverage technique in they gave solution to the situation that develops when encrypting J2EE applications.
  • ByungRae Cha [6] provided a CRYPTEX model for safeguarding software source code. The model presented safe safety and access control of software source rules. The access control to the source code was achieved using digital license. The CRYPTEX contains software source codes and an algorithm to control access.
  • A White Paper sponsored by CA Systems [7] for Protecting API's against episode and hijack offered a secure API structures. APIs are glass windows into applications and much like any windowpane an API can easily be misused. APIs put applications under the hacker mi croscope and increase strike surface on consumer application. So a solution was shown using SecureSpan API proxy.
  • SVN [8] and CVS [9] are being used to control editions.

A version control system monitors all work and all changes in a couple of files, and allows several developers to access them. Access to these data files is settings using authentication and authorization if the files are not open source. Subversion can are powered by network which will allow various people to modify and manage the same group of data.

  1. RISK FACTORS

Source code is the key property of any product, if somehow the foundation code is affected the whole product get affected. It should be necessary to notice the dangers that are brought on when source code or the binaries are compromised:

  • Source code can be used to steal the theory behind that product and can be used to make a similar product.
  • Source code can give attackers information about the working of the application and it will also provide him the loopholes in the application which would help him to kick off attacks.
  • Binary files can be revered engineered to create source files utilizing a decompiler and possible disorders could be launched by those source data files.
  • By having the source code or binaries the attacker can add some unwanted feature to that product and make that harmful product available to the public
  • Bypass license assessments (patching) in your product and make a free copy available to public.
  1. MANUALLY ENCRYPTING AND DECRYPTING

You can encrypt and decrypt the foundation data files and binaries personally using some software however in our approach the source documents and binaries would be encrypted and decrypted automatically without any extra effort.

  1. Time Consuming

Because we have to do encryption and decryption manually with the aid of some software so existing way might be more time consuming then ours.

  1. Purchase of extra Software

We may need to get extra software to be able to execute this encryption and decryption of source data and binaries. Inside our approach no extra software is required to perform this. This would be considered a feature inside the IDE.

  1. More Secure

Our approach is better than the existing one because the developer might forget to get this done operation and leave the foundation data files and binaries unencrypted. While in our approach once you exit the IDE the source data and binaries would be encrypted before closing IDE.

In our methodology developer will never have to value the cover of source documents and binaries these would be guaranteed automatically at backend.

  1. SOURCE CODE PROTECTION ENVIRONMENTS

Our concentration is on two types of source code cover environments

  • Single Individual Environment
  • Teaming Environment
  1. Single End user Envirnoment

In a single user environment an individual user using IDE on his system would face all the issues to the foundation code that we have talked about above. THE FOUNDATION code is stored on the neighborhood drive onto the machine in basic form. Anyone getting usage of that drive can misuse the source code. We have to protect this source code by giving some kind of security steps.

  • Proposed Solution

First the user will be authenticated. So when an individual launches the IDE a login display will appear he'd enter his username and password if his logging for the first time he must get recorded and the hash of the security password would be taken and stored with username at some secure place (i. e. databases ). If his already recorded the entered security password has to be hashed and it is compared with the hash that is already stored with a particular username. Now if the both hash match then the user would be logged in to the IDE with a particular ID as shown in amount 1. If there is some kind of error the user would be asked to re-enter again, Miss and run IDE normally or leave.

 

Fig. 1. Authentication collection diagram

Our main emphasis would be on Save, Save As, Open and execute procedures because these procedures require security enforcement. Say an individual tries to start an existing

  • More than 7,000 students prefer us to work on their projects
  • 90% of customers trust us with more than 5 assignments
Special
price
£5
/page
submit a project

Latest posts

Read more informative topics on our blog
Shiseido Company Limited Is A Japanese Makeup Company Marketing Essay
Marketing Strength: Among the main talents of Shiseido is its high quality products. To be able to satisfy customers, the company invested a great deal...
Fail To Plan You Plan To Fail Management Essay
Management This report will concentrate on two aspects of project management, their importance within the overall project management process. The report...
Role of High-protein Diet in Weight Management
Nursing Structured Representation: Probably one of the most wide-spread and popular problems on earth is the weight problems that people is suffering...
Waste To Prosperity Program Environmental Sciences Essay
Environmental Sciences Urban and rural regions of India produce very much garbage daily and hurting by various kinds of pollutions which are increasing...
Water POLLUTING OF THE ENVIRONMENT | Analysis
Environmental Studies Pollution Introduction Many people across the world can remember having walked on the street and seen smoke cigars in the air or...
Soft System Methodology
Information Technology Andrzej Werner Soft System Methodology can be described as a 7-step process aimed to help provide a solution to true to life...
Strategic and Coherent methods to Recruiting management
Business Traditionally HRM has been regarded as the tactical and coherent method of the management of the organizations most appreciated assets - the...
Religious Healthcare Organisation
Health Religious Health Care Introduction I help the firm of consulting. Spiritual HEALTHCARE of Middleville community have appointed us to identify and...
Enterprise Rent AN AUTOMOBILE Case Analysis Business Essay
Commerce With a massive network of over 6,000 local rental locations and 850,000 automobiles, Organization Rent-A-Car is the greatest rental car company...
Check the price
for your project
we accept
Money back
guarantee
100% quality