当前位置:网站首页>Sharing of source code anti disclosure scheme under burning scenario
Sharing of source code anti disclosure scheme under burning scenario
2022-07-06 07:25:00 【Cnsidna. No.1】
How to prevent disclosure of source code
Various embedded R & D and platform software R & D industries , Each has its own core data and core documents , User data and other sensitive information , These information data have the following commonalities :
It belongs to the core confidential information , In case of leakage, it will have a bad impact on
There are many types of core data , Source code data , Employees have high computer skills
A lot of data is in the business system , It's not a document
If you don't control , Designers and users can easily copy the data through various ways , Cause leakage .
Common secret related ways for R & D personnel
Because R & D personnel are more proficient in computers than ordinary office personnel , In addition to the common network , mail ,U disc ,QQ And other data diffusion methods , There are many other methods that are very easy for developers ( Not listed completely ):
Physical method :
Network cable direct connection , Unplug the network cable from the wall , Then connect directly to an uncontrolled computer ;
winPE start-up , Via CD or U Discoid winPE start-up , Even directly ISO The image starts .
virtual machine , Through installation VMWare virtual machine , Use peripherals in the virtual machine U disc , The Internet .
Other uncontrolled computers , That is, copy the data to other uncontrolled computers in the network , transit
Upload online , By building an upload server on the public network , Bypass Internet Behavior Management
Data distortion :
Write a console program , Print the code to DOS On the console, and then save the screen information as ;
Write the code to Log Log file , Or write code to shared memory , Then another program reads away .
Write interprocess communication program , Pass the code through socket, news ,LPC,COM,mutex, Shear plate , Pipeline and other interprocess communication methods , Transfer to send the data ;
adopt IIS/Tomcat etc. web The parser transfers , Publish the code data as a web page , Then browse the browser and save as , Or just write txt box , Copy all the code during initialization ;
Peripheral transfer
For embedded development scenarios , You can use the serial port ,U mouth , The network port burns the code to the equipment and leaks the secret
SDC Sandbox anti disclosure software
Developed by shenxinda SDC Sandbox leak proof products , Adopt kernel defense in depth , It is a driver level anti disclosure Software . Do not encrypt files , A sandbox is like a container , The container contains our confidential information . The documents we work on are all in sandboxes . The sandbox is completely isolated from ordinary computers . You might ask , What if I want to access the Internet , All programs to access the Internet are launched from the tray , Such as browser , Chat software, etc .SDC The sandbox is divided into the following parts : The management end , Confidential end , Documents are sent out , client .
The management end : Sandbox Control Center , Control all clients . The control of the client covers all aspects . Let me give you a few control functions : Reverse screenshot When someone wants to view some confidential information of the company remotely to the employee's computer ,SDC The client will control the remote software , Remote people see a black screen . But the computers on the staff side are in normal use . If you can control, you can let go . clipboard In sandbox mode, employees want to copy and paste company data such as files to the Internet through the clipboard ,SDC Sandbox is controlled , You can control the maximum number of clipping words .
Confidential end : Escort the server , Ordinary computers do not have access to confidential servers . Only sandbox computers can access , Do not encrypt the company's data , Protect data to the greatest extent .
client : Normal mode and sandbox mode . All software installation should be in sandbox mode . Work must be in sandbox mode , Because all the working data are on the encrypted disk , Sandbox can only be accessed in encrypted mode . In sandbox mode, it is isolated from the outside world . To access the Internet, only programs launched from the tray can , And follow the principle of only getting in and not getting out , Can get files from the Internet to the sandbox computer , However, to send documents from this machine to the Internet, you have to go through document approval .
Documents are sent out : A file distribution system is installed on a computer . The of this computer ip That is, the address where the document is sent out . Each sandbox employee matches an account number for sending out files . The specific approval method is not cumbersome here .
边栏推荐
- Internal and external troubles of "boring ape" bayc
- chrome查看页面fps
- Jerry needs to modify the profile definition of GATT [chapter]
- Detailed explanation | detailed explanation of internal mechanism of industrial robot
- First knowledge of OpenGL es learning (1)
- Typescript void base type
- leetcode1020. Number of enclaves (medium)
- 【线上问题处理】因代码造成mysql表死锁的问题,如何杀掉对应的进程
- C - Inheritance - polymorphism - virtual function member (lower)
- [online problem processing] how to kill the corresponding process when the MySQL table deadlock is caused by the code
猜你喜欢
navicat如何导入MySQL脚本
[MySQL learning notes 30] lock (non tutorial)
Set picture annotation in markdown
Wechat official account infinite callback authorization system source code, launched in the whole network
SEO学习的最好方式:搜索引擎
The first Baidu push plug-in of dream weaving fully automatic collection Optimization SEO collection module
软件测试界的三无简历,企业拿什么来招聘你,石沉大海的简历
变量的命名规则十二条
杰理之AD 系列 MIDI 功能说明【篇】
杰理之BLE【篇】
随机推荐
Lesson 12 study notes 2022.02.11
(4) Web security | penetration testing | network security web site source code and related analysis
C - Inheritance - hidden method
2022年Instagram运营小技巧简单讲解
Twelve rules for naming variables
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
Relevant introduction of clip image
Simple and understandable high-precision addition in C language
Oracle database 11gr2 uses TDE transparent data encryption to report an error ora28353. If you run to close the wallet, you will report an error ora28365. If you run to open the wallet, you will repor
Fundamentals of C language 9: Functions
杰理之如若需要大包发送,需要手机端修改 MTU【篇】
[MySQL learning notes 30] lock (non tutorial)
Cookie技术&Session技术&ServletContext对象
How are the open source Netease cloud music API projects implemented?
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
Ble of Jerry [chapter]
Idea console color log
杰理之普通透传测试---做数传搭配 APP 通信【篇】
How can word delete English only and keep Chinese or delete Chinese and keep English
The author is dead? AI is conquering mankind with art