Program codes are valuable resources to a software company. The version control software is used and program codes and relevant data are stored on the server and the function of comparing version histories cannot be realized until such data are stored in the plaintext format and such data cannot be stored in an encrypted manner. In addition, in the development and compiling process plaintexts need to be maintained for compiling and modification. However, program codes in the plaintext format can be easily leaked and stolen by the user and this will cause huge losses to the company. Therefore, the above mentioned cases are the problem which troubles the software company most.
In the Internet era, the compiling environment is gradually launched and the Internet needs to be frequently connected to download the latest library. If the computer is restricted from connection to the Internet for realization of the protection, development of software products cannot be done! However, if no protection is provided, there will be a concern that an intentional person leverages a leakage channel to steal important program code to cause huge losses.
[Fig.1] Program code development scenario under general circumstances
From the above figure, it can be clearly seen that the user can make duplication via a cloud hard disk drive, E-mail and external hard drive if programs are developed on a computer on which no restriction is set. Besides, to master different projects and different versions on the client, usually the version control software for program codes, such as SVN Version Management Sever, is used. When the program version needs to be changed, the version of the current project on the client can be quickly mastered. Although the client version information is rapidly obtained, program codes of the entire project can be easily downloaded as long as one server with right to connect to the program code version control software is provided.
With double protection from the SVS (Secure Virtual Storage) module and SVT (Secure Virtual Tunnel) module of X-FORT, there is no need to worry about the problem of leaking program codes by an external computer or external Internet channel not protected. By leveraging the SVT limited Internet connection, connection to a trusted server is permitted during the development to control the program, query data and download libraries. The following shows the schematic diagram for the scenario for the development of the program after control:
[Fig.2] Scenario for program development after control
The SVS module provides the virtual disk mechanism. After the virtual disk is mounted, a security zone is automatically formed and data in such zone cannot be transmitted out from the disk. After the application software is started up in the secure mode, it can normally run on the disk, provided that access to data is restricted to be done in the security zone. If data in the security zone need to be transmitted out from the zone, a permit must be obtained. After the virtual disk is uninstalled, a common (.svs) file is formed and data on the virtual disk are always kept in the secure status. As the SVS module is equivalent to a small size HDD, the entire project may be implemented within the disk to carry out development and debugging.
By leveraging the SVS module, we can centralize program codes on the planned virtual disk. In such security zone, authentication needs to be done and the right for reading needs to be determined depending on the role. Additionally, this further increases the setting for the use of restricted software so that other software cannot use program codes on the disk. Even the program version control software can be restricted and only program codes can be downloaded in a forced manner onto the disk. After the SVS virtual disk is uninstalled, such virtual disk becomes an encrypted file so that it is a meaningless unreadable code file even though it is stolen by others.
The SVT module controls the connection for the computer to the outside and restricts the Internet channel for the user to the scope permitted by the company. For example, the restriction can be minimized during the development by realizing the version management with SVN Server and it can be ensured that program codes cannot be transmitted to other places by leveraging the Internet.
The above contents indicate that program codes can be placed into the SVS module for protection during compiling and restricted Internet connections can leverage the SVT module to achieve network control. This can provide double protection of program codes which are the most important assets of the company.