CN112241516B - Source code protection method and storage medium for project development process - Google Patents
Source code protection method and storage medium for project development process Download PDFInfo
- Publication number
- CN112241516B CN112241516B CN201910638648.4A CN201910638648A CN112241516B CN 112241516 B CN112241516 B CN 112241516B CN 201910638648 A CN201910638648 A CN 201910638648A CN 112241516 B CN112241516 B CN 112241516B
- Authority
- CN
- China
- Prior art keywords
- task
- file data
- source code
- acquiring
- data stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004590 computer program Methods 0.000 claims description 5
- 230000010354 integration Effects 0.000 description 9
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention provides a source code protection method and a storage medium in a project development process, wherein the method comprises the following steps: generating a key corresponding to each task one by one corresponding to the identity information of each task in a project and the identity information of a responsible person; acquiring a file data stream of an accessed task by intercepting an application of an operation task; acquiring a key corresponding to the accessed task, and encrypting the file data stream by using the acquired key; generating an encryption identifier uniquely corresponding to the accessed task, and writing the encryption identifier into the encrypted file data stream; and storing the relation between the key corresponding to each task in an item and the corresponding encryption identifier. Not only can source code leakage and hacker attack be effectively prevented, but also the safety of the source code is improved; but also can efficiently and accurately follow the responsibility after the source code is leaked; furthermore, the method also has the functions of supervising the completion condition of the project and preventing misoperation, and better protects the safety of the source code.
Description
Technical Field
The invention relates to the field of data security, in particular to a source code protection method and a storage medium in a project development process.
Background
With the development of the internet, the development and expansion demands of projects are increasing. Meanwhile, more and more projects enter into the process and are specialized. Such as: project manager- > issue project- > order- > programmer/artist- > resource arrangement (resource tube) - > test- > project manager.
In the prior art, a git community (which is an open source community) or svn intranet synchronization tool is generally used for developing projects, but these tools cannot prevent the following situations from happening:
1. accident of false uploading
Such as recently applied source code mistransmission events; the database forgets the annotation, resulting in background database address leakage, etc.
2. Report type uploading
The company source code is directly revealed due to complaints with the company.
3. Hacking.
Aiming at the problems, the existing protection mode mainly comprises source code encryption, and the accidents of the type 1 and the type 3 can be effectively solved through layer-by-layer management, but the occurrence of the type 2 accidents cannot be prevented; for this type of incident, a special cloud server is required for easy management, but at the same time, storage on the GIT/SVN is not possible, and thus, it is not convenient enough.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the source code protection method and the storage medium for the project development process can effectively prevent source code leakage and hacker attack, so that the source code security is improved; meanwhile, the device has a function of following the leaked responsibility.
In order to solve the technical problems, the invention adopts the following technical scheme:
a source code protection method for a project development process comprises the following steps:
generating a key corresponding to each task one by one corresponding to the identity information of each task in a project and the identity information of a responsible person;
acquiring a file data stream of an accessed task by intercepting an application of an operation task;
acquiring a key corresponding to the accessed task, and encrypting the file data stream by using the acquired key;
generating an encryption identifier uniquely corresponding to the accessed task, and writing the encryption identifier into the encrypted file data stream;
and storing the relation between the key corresponding to each task in an item and the corresponding encryption identifier.
The other technical scheme provided by the invention is as follows:
a computer readable storage medium having stored thereon a computer program which, when executed by a processor, is capable of implementing the steps involved in the source code protection method of the project development process described above.
The invention has the beneficial effects that: aiming at each task in one project, a secret key associated with the personal identity information of the task responsible is generated; when a task is accessed, the corresponding key is used for carrying out encryption protection on the file data stream, and an encryption identifier is written in; and unifying the relation between each task in the storage project and the key and the encryption identifier. Therefore, the hook for specific tasks and responsible personnel identity information is realized. If a task is required to be accessed, the task can be correctly decrypted according to legal corresponding identity information, so that illegal attacks are effectively prevented; after the task source code (file data stream) is illegally leaked, the identity information of the responsible person can be accurately locked according to the encryption identification and the relationship, so that the leaked party can be quickly and accurately tracked, and a role-following function is played.
Drawings
FIG. 1 is a schematic flow chart of a source code protection method in a project development process according to an embodiment of the invention;
fig. 2 is a schematic connection diagram of functional modules corresponding to a method according to a first embodiment of the present invention;
fig. 3 is a flow chart of a method according to a second embodiment of the invention.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
The most critical concept of the invention is as follows: a hook for realizing specific tasks and responsible person identification information is realized; encrypting the file data stream of the task by using a key corresponding to the task; and storing the relation between each task in the project and the key and the encryption identification.
Technical term explanation related to the invention:
referring to fig. 1, the present invention provides a source code protection method in a project development process, which includes:
generating a key corresponding to each task one by one corresponding to the identity information of each task in a project and the identity information of a responsible person;
acquiring a file data stream of an accessed task by intercepting an application of an operation task;
acquiring a key corresponding to the accessed task, and encrypting the file data stream by using the acquired key;
generating an encryption identifier uniquely corresponding to the accessed task, and writing the encryption identifier into the encrypted file data stream;
and storing the relation between the key corresponding to each task in an item and the corresponding encryption identifier.
From the above description, the beneficial effects of the invention are as follows: the specific task and the hook responsible for the personal identity information are realized, and illegal attacks can be effectively prevented; the leakage party can be quickly and accurately tracked, and a role-following function is played; completion of the project can also be monitored. The application of the invention can effectively protect the safety of enterprise codes and avoid unnecessary direct economic loss caused by accidents.
Further, the method further comprises the following steps:
acquiring an encryption identifier in the leaked file data stream;
acquiring corresponding tasks according to the relation; and acquiring identity information of a responsible person of the task.
From the above description, since each task corresponds to the responsible person and is encrypted in the operation process, the identities other than the responsible person cannot access the task. Therefore, once the source code is leaked, the identity of the leaked person can be quickly and accurately locked only according to the encryption identification of the source code.
Further, the method further comprises the following steps:
logging in by using the identity information;
confirming the consistency of the identity information of the responsible person corresponding to the task to be accessed and the identity information of the current login;
if the data streams are consistent, acquiring an encryption identifier in the file data stream of the task to be accessed;
and acquiring the corresponding key according to the relation, and decrypting the file data stream of the task to be accessed by using the acquired key.
As can be seen from the above description, since each task corresponds to the responsible person and is encrypted in the operation process, identities other than legal responsible persons cannot access the task, thereby realizing the responsibility hooking of the task and the responsible person.
Further, the method further comprises the following steps:
acquiring an encryption identifier in a file data stream of the submitted task;
judging whether the submitted task belongs to the item according to the relation;
if not, refusing to submit.
From the above description, the task submitted is corresponded to the project, and the possibility of submitting the wrong task is effectively eliminated.
Further, the method further comprises the following steps:
acquiring encryption identifiers in file data streams corresponding to various tasks in the item;
obtaining keys corresponding to the encryption identifications by traversing the relation;
invoking the obtained keys one by one to decrypt the file data stream corresponding to the obtained keys;
and merging the decrypted file data streams of each task to obtain the developed project.
From the description, after all tasks of the project are completed, the unified decryption is combined, and finally the development of the project is completed, and the code is effectively protected in the whole development process.
The other technical scheme provided by the invention is as follows:
a computer readable storage medium having stored thereon a computer program which, when executed by a processor, is capable of implementing the steps involved in the source code protection method of the project development process described above.
From the foregoing description, it will be appreciated by those skilled in the art that the foregoing embodiments may be implemented, in whole or in part, by hardware, by a computer program, where the program may be stored on a computer readable storage medium, where the program, when executed, may include the steps of the methods described above. After the program is executed, the beneficial effects achieved by the corresponding method can be achieved.
The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
Example 1
The embodiment provides a source code protection method in a project development process, which can effectively protect codes in a development stage aiming at various tasks in a large project and has a function of overtaking responsibility after source code leakage.
In a specific example, the composition and connection relationship of the functional modules corresponding to the method in this embodiment are shown in fig. 2, where the master control module, the task module, the key module, the encryption module and the execution module are sequentially connected, and the integration module is respectively connected with the execution module and the task module. The task allocation (the allocation of specific tasks and corresponding responsible persons) is realized through the master control module, and the task module performs the task release (the release to the specific responsible persons); generating keys of all tasks through a key module; the encryption module is used for encrypting, the execution module is used for ensuring the safety of the work content of each task and informing the integration module after the task is finally completed, and the integration module is used for recording the work (content) of each encryption module in the key module and integrating resources to obtain the developed project.
Referring to fig. 1, the method of the present embodiment includes:
s1: and generating a key corresponding to each task one by one according to the identity information of each task in one project and the identity information of the responsible person.
Specifically, an item generally includes more than two specific tasks, each of which is generally submitted to a different person. In this embodiment, a key will be generated for each task according to the identity information of the task itself and the responsible person of the task, so that the keys of each task will be associated with the specific task and the responsible person of the task at the same time.
In a specific example, the task number and the corresponding identity information of the responsible person under the project can be directly used as encryption rules.
S2: and acquiring the file data stream of the accessed task by intercepting the application running the task.
In a specific example, whether the currently running device is provided with the software (application) designated by the task to be accessed is judged, if the currently running device corresponds to a programming task, a programming tool similar to Microsoft Visual Studio is required to be installed, and a mapping task similar to Photoshop is required to be installed; if not, ending the flow; if yes, acquiring and intercepting the running flow of the task according to software (application), and acquiring the file data stream of the accessed task.
In another embodiment, the step is specifically: the method comprises the steps that a designated item is opened by using software, a designated task file in the item is read/opened/accessed, and an encryption module firstly obtains a file data stream corresponding to the currently read/opened/accessed task file, namely a source code, by intercepting running software; and temporarily stores it in a space designated by the encryption module.
S3: and acquiring a key corresponding to the accessed task, and encrypting the file data stream by using the acquired key.
In a specific example, the encryption module obtains a key corresponding to the accessed task from the key module, and then encrypts the file data stream corresponding to the task by using the key.
S4: and generating an encryption identifier uniquely corresponding to the accessed task, and writing the encryption identifier into the encrypted file data stream.
Corresponding to the specific example of the step S3, after encryption, a unique encryption identifier corresponding to the encrypted task is generated and used for identifying that the task is encrypted. Preferably, the encryption identifies a 256 byte HASH value generated for the task corresponding to the item.
S5: and storing the relation between the key corresponding to each task in an item and the corresponding encryption identifier.
Since the encrypted identifier corresponds to the task, which in turn corresponds to the key and the identity information of the responsible person of the task, the relationship actually describes the association of "project-specific task-responsible person-key-encrypted identifier".
In a specific example, the relationship is stored in an integration module.
As can be seen from the above, since each task has been encrypted and protected in association with the responsible person in the first operation, only the identity of the legal responsible person can legally read/open/access the corresponding task, thereby effectively protecting the task from illegal attacks and illegal leakage; meanwhile, due to the limitation, once the task source codes are illegally leaked, corresponding responsible persons can be traced efficiently, and the function of tracing the responsibilities is achieved.
Example two
Referring to fig. 3, the present embodiment is further supplemented on the basis of the first embodiment, and provides a specific operation procedure after each task under the project is completed:
s6: acquiring encryption identifiers in file data streams corresponding to various tasks under a specific project;
s7: obtaining the key corresponding to each encryption identifier by traversing the prestored relation corresponding to the item, namely the relation stored in the step S5;
s8: invoking the obtained keys one by one to decrypt the file data stream corresponding to the obtained keys;
s9: and merging the decrypted file data streams of each task to obtain the developed project.
In a specific example, the integration module is used for integrating tasks under the project, and the integration module is respectively connected with the task module and the execution module.
Specifically, the integration module invokes an item, and through all HASH values recorded in a corresponding relation of the item in the item traversal task module, the integration module compares all HASH values with the encryption identifications of all tasks under the current item, so as to further judge whether the submitted task belongs to the item or not, so as to exclude the task content of the submitted error.
After the integration module judges through the encryption identification, the decryption operation is started, and the file data streams of all tasks in the corresponding project are decrypted one by acquiring all keys in the relation. The file data streams to be decrypted are copied into a space temporarily created by the integrating module, keys in the 'relation' of the item are obtained through traversal according to the corresponding task (such as task name/number), the file data streams to be decrypted are decrypted one by one, the decrypted task is stored, and another HASH value is generated again to mark that the task is completed. After all tasks are decrypted, the master control module is informed that the task corresponding to the project is completed, and the 'relation' stored in the master control module is added with the original project identification of the project, the task identifications of the tasks under the project, the keys and the encryption identifications of the tasks, and the decryption identifications corresponding to the completed tasks, so that the completion condition and the state of the project/task can be known through any one of the identifications/keys, and the functions of protecting and supervising the project are achieved.
Example III
The first embodiment corresponds to the first embodiment or the second embodiment, and the task source code protection and the responsibility tracing function development are respectively described in detail:
task source code protection
(1) Operation protection
SS1: logging in by using the identity information, and designating a task to be accessed;
SS2: confirming the consistency of the identity information of the responsible person corresponding to the task to be accessed and the identity information of the current login according to the relation;
if the access is inconsistent, refusing the access, and ending the flow;
if yes, judging whether the task to be accessed is encrypted; if not, acquiring a key corresponding to the task, encrypting a file data stream corresponding to the task by using the acquired key, and generating a corresponding encryption key; if the task is encrypted, acquiring an encrypted identifier in a file data stream of the task to be accessed; and then acquiring a key corresponding to the encryption identifier according to the relation, decrypting the file data stream of the task to be accessed by using the acquired key, thereby realizing the access to the appointed task, and opening and reading the appointed task similarly.
Therefore, only the responsible person corresponding to the task is guaranteed to have the right to read/open/access the task, and other persons are limited to operate due to illegal identities, so that the source code of the task is effectively prevented from being attacked and stolen in sequence.
(II) protection against misoperations
SS1: acquiring an encryption identifier in a file data stream of a task to be submitted to a certain project of a system;
SS2: judging whether the submitted task belongs to the project according to the relation; if not, refusing to submit; if yes, the submission is completed.
Therefore, the correspondence between the submitted task and the project is ensured, and the error that the task source code is disclosed due to misoperation is avoided.
(III) task source code post-leakage responsibility following
When the source code is found to be illegally leaked, the following steps are performed:
SS1: acquiring an encryption identifier in a leaked file data stream (source code);
SS2: acquiring corresponding tasks according to the relation; and acquiring identity information of a responsible person of the task.
Of course, under the condition that which task corresponds to the leaked file data stream is known, the identity information of the responsible person corresponding to the task can be directly searched through the task module to determine the leaked person.
Example IV
The present embodiment corresponds to the first to third embodiments, and provides a computer readable storage medium having a computer program stored thereon, where the program, when executed by a processor, is capable of implementing the steps included in the source code protection method for a project development process according to any one of the first to third embodiments. The specific steps will not be repeated here, and the details will be described in embodiments one to three.
In summary, the source code protection method and the storage medium in the project development process provided by the invention can not only effectively prevent source code leakage and hacking attack, but also improve the source code security; but also can efficiently and accurately follow the responsibility after the source code is leaked; furthermore, the method also has the functions of supervising the completion condition of the project and preventing misoperation, and better protects the safety of the source code.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.
Claims (4)
1. The source code protection method for the project development process is characterized by comprising the following steps:
generating a key corresponding to each task one by one corresponding to the identity information of each task in a project and the identity information of a responsible person;
acquiring a file data stream of an accessed task by intercepting an application of an operation task;
acquiring a key corresponding to the accessed task, and encrypting the file data stream by using the acquired key;
generating an encryption identifier uniquely corresponding to the accessed task, and writing the encryption identifier into the encrypted file data stream;
storing the relation between the corresponding secret key of each task in an item and the corresponding encryption identifier;
further comprises:
acquiring encryption identifiers in file data streams corresponding to various tasks in the item;
obtaining keys corresponding to the encryption identifications by traversing the relation;
invoking the obtained keys one by one to decrypt the file data stream corresponding to the obtained keys;
merging the decrypted file data streams of each task to obtain the developed project;
further comprises:
logging in by using the identity information;
confirming the consistency of the identity information of the responsible person corresponding to the task to be accessed and the identity information of the current login;
and if the data streams are consistent, acquiring the encryption identification in the file data stream of the task to be accessed.
2. The method of source code protection for a project development process of claim 1, further comprising:
acquiring an encryption identifier in the leaked file data stream;
acquiring corresponding tasks according to the relation; and acquiring identity information of a responsible person of the task.
3. The method of source code protection for a project development process of claim 1, further comprising:
acquiring an encryption identifier in a file data stream of the submitted task;
judging whether the submitted task belongs to the item according to the relation;
if not, refusing to submit.
4. A computer readable storage medium having stored thereon a computer program, wherein the program, when executed by a processor, is capable of performing the steps comprised in a source code protection method of a project development process according to any of the preceding claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910638648.4A CN112241516B (en) | 2019-07-16 | 2019-07-16 | Source code protection method and storage medium for project development process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910638648.4A CN112241516B (en) | 2019-07-16 | 2019-07-16 | Source code protection method and storage medium for project development process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112241516A CN112241516A (en) | 2021-01-19 |
| CN112241516B true CN112241516B (en) | 2023-11-10 |
Family
ID=74166672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910638648.4A Active CN112241516B (en) | 2019-07-16 | 2019-07-16 | Source code protection method and storage medium for project development process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112241516B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2015004743A (en) * | 2013-06-19 | 2015-01-08 | 大日本印刷株式会社 | Encryption processing device and information processing apparatus |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
| CN108390759A (en) * | 2018-03-21 | 2018-08-10 | 平安普惠企业管理有限公司 | Code encryption, decryption method, device, computer equipment and storage medium |
| CN109543366A (en) * | 2017-09-22 | 2019-03-29 | 中国移动通信集团浙江有限公司 | A kind of source code encryption method and its device and system |
-
2019
- 2019-07-16 CN CN201910638648.4A patent/CN112241516B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2015004743A (en) * | 2013-06-19 | 2015-01-08 | 大日本印刷株式会社 | Encryption processing device and information processing apparatus |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
| CN109543366A (en) * | 2017-09-22 | 2019-03-29 | 中国移动通信集团浙江有限公司 | A kind of source code encryption method and its device and system |
| CN108390759A (en) * | 2018-03-21 | 2018-08-10 | 平安普惠企业管理有限公司 | Code encryption, decryption method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112241516A (en) | 2021-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7330981B2 (en) | File locker and mechanisms for providing and using same | |
| JP4702957B2 (en) | Tamper resistant virtual machine | |
| US5870467A (en) | Method and apparatus for data input/output management suitable for protection of electronic writing data | |
| US6067640A (en) | System for management of software employing memory for processing unit with regulatory information, for limiting amount of use and number of backup copies of software | |
| CN110889130B (en) | Database-based fine-grained data encryption method, system and device | |
| CN109643356B (en) | Method and system for preventing phishing or extorting software attacks | |
| EP3887979A1 (en) | Personalized and cryptographically secure access control in operating systems | |
| WO2007125911A1 (en) | Data processing device, method, program, integrated circuit, and program generating device | |
| JPH0812645B2 (en) | Method and system for protecting system files in a data processing system | |
| CN107508801B (en) | Method and device for preventing file from being tampered | |
| CN115329389B (en) | File protection system and method based on data sandbox | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| US8132261B1 (en) | Distributed dynamic security capabilities with access controls | |
| CN103970540A (en) | Method and device for safely calling key function | |
| US10089463B1 (en) | Managing security of source code | |
| EP3563548B1 (en) | Historic data breach detection | |
| CN116595573B (en) | Data security reinforcement method and device for traffic management information system | |
| CN112632476A (en) | Algorithm authorization protection method and device, integrated circuit chip and electronic equipment | |
| CN112241516B (en) | Source code protection method and storage medium for project development process | |
| CN112328975A (en) | Product software authorization management method, terminal device and medium | |
| Lee et al. | Classification and analysis of security techniques for the user terminal area in the internet banking service | |
| KR101763184B1 (en) | File recovery method using backup | |
| KR101207434B1 (en) | System and Method for Preventing Collision Between Different Digital Documents Protection System | |
| Laufer et al. | Modelling data protection in fog computing systems using UMLsec and SysML-Sec | |
| US20060129589A1 (en) | System and method of securing computer-readable media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |