Source code security encryption solution

Keywords: source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption,  
enterprise level The source code encryption software is mainly to solve the source code security problems of software development enterprises in the development process. Now, the problems and solutions in the use of the source code encryption system of a software development enterprise in Suzhou are shared, only for relevant enterprises to consider the source code. Reference when code encryption software.

The source code security protection of development enterprises requires products with security concepts and principles, and its functions should take source code security as the first priority. Software system application has security, applicability and efficiency. SDC (SecretData Cage) confidential data security system is a set of anti-leakage system specially designed to solve the problem of source code, drawings, documents and other confidential data leakage.

The confidentiality design concept of SDC is:

       when employees are working, a virtual isolated encrypted sandbox is created on the employee's computer. The sandbox will actively connect with the server for authentication, and then form a server-client sandbox. In a secret workspace, employees work in a sandbox, so that:

-- Confidential data on the server does not land in the process of use, or is encrypted when it is landed.

--All the development results on the employee's computer can only be stored on the server or in the local encrypted sandbox.

--The sand table is isolated from the outside world, so it will not leak.

SDC is developed and designed using the most advanced kernel-level in-depth encryption technology (disk filter driver, file filter driver, network filter driver, etc.), fully considering scalability and ease of use. The system itself integrates network authentication, file encryption, printing control, program control, Internet access control, server data protection, etc., which can effectively prevent leakage of foreign PCs, mobile storage, CD burning, and screenshots. Its main features are:

- Fully transparent encryption, which does not affect the work efficiency and habits of employees;

- It can protect all file formats, including all document formats, all source code formats, and drawing formats;

- Safe and stable, do not destroy files;

- Only keep confidential data (source code, drawings) without monitoring the Internet that does not leak, respecting employee privacy.

- Outgoing document audit, encryption, anti-leak processing;

- Outgoing email application, audit business flow.

Using Sangxinda SDC sandbox data security system can effectively protect the security of enterprise confidential data.

SDC system introduction

1. SDC system

architecture SDC SDC confidential data security system is divided into four parts: management terminal, confidential terminal, outgoing audit server and client. The management terminal is the control center of the entire system, and there is only one in the system; the confidential terminal is the server that stores confidential data, and multiple confidential servers are allowed in a system; the outgoing audit server is to audit outgoing files; the client is the installation Implementation of the anti-compromise policy on employee PCs. According to the needs, the management side, the confidential side, and the outgoing audit server can be installed on the same computer.

2. Client-side file automatic encryption

SDC adopts kernel-level in-depth encryption technology, and transparently encrypts all confidential files, so that it does not distinguish between file formats and software types. As long as it is classified information, whether it is Office series, PDF and other common documents, or drawing software such as AutoCAD, or software development tools such as Microsoft Visual Studio, Eclipse, etc., it will be automatically encrypted, including not only source code, source drawings, but also compiled intermediate files, etc. All are automatically encrypted, the key is not to affect the local compilation, does not affect the performance. It can also be easily applied to those that need to be submitted to the server for compilation.

3. The inside of the secret-related network is unobstructed, and the foreign PC

secret server and the client entering the secret-related sandbox mode are isolated to form a secret-related and safe cyberspace. Inside the secret-related network, the information transmission is transparent and smooth. . The transmission method includes file sharing, application of C/S, B/S architecture, and it is no different from that before SDC is deployed. In a classified network, internal chat tools such as Feiqiu and IPMSG can be used as usual.

4. Non-confidential restricted whitelist

Under the premise of the policy, the client is allowed to install some programs for non-confidential surfing on the premise that it will not leak secrets while working on secrets. Under the premise of the policy, the behaviors that can be carried out on the Internet include: -Browse

the Internet to inquire about necessary information;

-Use of QQ, MSN, Fetion ; -Use of

non-confidential emails, such as WebMail or OutLook/Foxmail Secret-related sending and receiving emails;

keywords: source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code Security encryption,
5. Outgoing confidential documents

When the business needs to take out confidential documents out of the confidential environment, they must go through the SDC's outgoing review process before they can be declassified. The SDC system provides a way to send plaintext.

6. Print content

log The default policy of the system is to not allow printing. When printing is required, you can specify a printer to print, but the content of the first page printed will be recorded and sent to the server for future auditing

. 7. Offline client

For business trips Or the laptop you bring home can be set as an offline client, and you can continue to use the local confidential data within a specified time. When used offline, all confidential documents are still encrypted, and staff can continue to work normally. However, if the set period is exceeded, all confidential data will be automatically closed, and the entire system will be in a state of protection until it returns to the company to connect to the network and connect to the server before it can work normally.

8. Import and export of confidential documents

When a person travels abroad, he develops and debugs on-site according to the customer's needs. The debugged things need to be submitted to the customer. If you directly decrypt it, you cannot control the person to copy other secret-related documents. Therefore, at this time, the business trip personnel encrypted and exported the files to be given to customers, and then sent them back to the company. After the company reviewed them, they decrypted them, went through the review process, and then sent the plaintext to customers to form effective control.

Keywords: source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption, source code security encryption,