Method and system for generating and employing a secure integrated development environment

US 8,032,940 B1
Filed: 10/23/2007
Issued: 10/04/2011
Est. Priority Date: 10/25/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying one or more modules associated with a conventional integrated development environment (IDE) that are to be modified to transform the conventional IDE into a secure IDE, wherein each of the one or more modules corresponds to an IDE component;

determining one or more security extensions to be associated with the one or more modules that are chosen to be modified based on their corresponding one or more IDE components; and

generating the secure IDE by modifying the one or more modules by associating a security extension to each IDE component corresponding to each of the one or more modules to transform each IDE component into a secure IDE component to transform the conventional IDE into the secure IDE, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided to generate a secure integrated development environment (IDE). In one embodiment, a plurality of modules in a source code associated with a conventional IDE is detected. One or more modules of the plurality of modules that are to be modified are identified. One or more modifying components are identified and are to be associated with the one or more modules that are to be modified. A secure IDE is generated by updating the conventional IDE by modifying the one or more modules in the source code associated with the conventional IDE, wherein the one or more modules are modified by associating the one or more modifying components to the corresponding one or more modules.

28 Citations

View as Search Results

25 Claims

1. A computer-implemented method comprising:
- identifying one or more modules associated with a conventional integrated development environment (IDE) that are to be modified to transform the conventional IDE into a secure IDE, wherein each of the one or more modules corresponds to an IDE component;
  
  determining one or more security extensions to be associated with the one or more modules that are chosen to be modified based on their corresponding one or more IDE components; and
  
  generating the secure IDE by modifying the one or more modules by associating a security extension to each IDE component corresponding to each of the one or more modules to transform each IDE component into a secure IDE component to transform the conventional IDE into the secure IDE, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20)
- - 2. The computer-implemented method of claim 1, wherein the one or more security extensions comprise at least one of a secure cut/copy/paste security extension, a secure keystore interface security extension, a secure startup/certificate based expiry security extension, a secure build security extension, a secure file encryption/decryption security extension, or a secure intrusion detection security extension.
  - 3. The computer-implemented method of claim 1, further comprising securely transferring a conventional source code associated with the conventional IDE or a secure source code associated with the secure IDE over an unsecured network, wherein securely transferring comprises:
    - generating a public/private key pair at a first location, the public/private key having a public key and a private key;
      
      transmitting the public key to a second location;
      
      generating an encryption key, encrypting the source code via the encryption key, and encrypting the encryption key via the public key at the second location;
      
      transmitting the encrypted encryption key and the encrypted source code to the first location;
      
      receiving the encrypted encryption key and the encrypted source code at the first location; and
      
      decrypting the encrypted encryption key via the private key, and decrypting the encrypted source code via the encryption key at the first location.
  - 4. The computer-implemented method of claim 1, further comprising detecting security intrusion in a programming method that performs one or more of an encryption operation and a decryption operation, the programming method including a Java method, the detecting of the security intrusion in the programming method including generating and analyzing of stack trace information to detect intrusion and generate a security alert event, the detecting of the security intrusion in the programming method further including:
    - receiving an incoming call;
      
      detecting stack trace of the incoming call;
      
      generating the stack trace information associated with the stack trace of the incoming call;
      
      analyzing the stack trace information to determine whether a caller is authorized or unauthorized;
      
      generating the security alert event, if the caller is unauthorized; and
      
      allowing the call to proceed, if the caller is authorized.
  - 5. The computer-implemented method of claim 1, further comprising managing a probability of a security breach associated with performing one or more of a file encryption process and a file decryption process, the managing of the probability including eliminating the probability of the security breach or reducing the probability of the security breach, the managing of the probability further including:
    - preemptively detecting error conditions that are associated with triggering one or more errors;
      
      preemptively detecting exception conditions that are associated with triggering one or more exceptions;
      
      forbidding the file encryption process or the file decryption process from being performed, if one or more of the error conditions and the exception conditions are detected, the forbidding of the encryption and decryption processes from being performed including rolling back sensitive information to be secured; and
      
      allowing the file encryption process or the file decryption process to proceed, if the one or more of the error conditions and the exception conditions are not detected.
  - 6. The computer-implemented method of claim 1, further comprising performing timed product expiry, the performing of the timed product expiry including generating one or more certificates with expiry times to obviate decrypting or re-encrypting of the secure source code of the secure IDE, the performing of the timed product expiry further including:
    - generating the one or more certificates associated with one or more portions of the secure source code of the secure IDE;
      
      assigning an expiry time period to each of the one or more certificates, the assigning of the expiry time period including assigning a password to the one or more certificates, the password including a keystore password;
      
      storing the one or more certificates at a database;
      
      checking the one or more certificates and the corresponding expiry time periods prior to starting the secure IDE;
      
      generating a security alert event, if the one or more certificates have expired, the generating of the security alert event including displaying an error via a display device; and
      
      allowing the starting of the secure IDE to proceed, if the one or more certificates have not expired.
  - 7. The computer-implemented method of claim 1, further comprising securing reuse of sensitive build logic, the securing reuse of the sensitive build logic including separating out ant based targets into a file, the file including an Extensive Markup Language (XML) file, and calling classes containing sensitive encryption/decryption logic, the classes including Java classes, and granting read-only access to the XML file to enable the securing reuse of the sensitive build logic, the securing reuse of the sensitive build logic further including:
    - starting the secure IDE, and selecting a project;
      
      invoking a user level ant based script, the user level ant based script having a secure build script;
      
      invoking a file decryptor to perform decryption;
      
      invoking a compiler, or an encrypter to perform encryption, if an error has not occurred; and
      
      aborting a process for using the secure IDE, if the error has occurred, wherein aborting of the process including rolling back sensitive information to be secured.
  - 16. The computer-implemented method of claim 1, wherein the one or more security extensions are associated with the one or more IDE components to transform the one or more IDE components into one or more secure IDE components, wherein the one or more secure IDE components comprise at least one of a secure cut/copy/paste security component, a secure keystore interface security component, a secure startup/certificate based expiry security component, a secure build security component, a secure file encryption/decryption security component, or a secure intrusion detection security component.
  - 17. The computer-implemented method of claim 1, wherein generating further comprises adding one or more new secure IDE components to the conventional IDE components or the secure IDE components to transform the conventional IDE into the secure IDE.
  - 18. The computer-implemented method of claim 1, wherein the secure IDE provides additional software development security over the conventional IDE without having to change software development methodologies or add to a minimum runtime performance overhead that are associated with the conventional IDE.
  - 19. The computer-implemented method of claim 1, wherein the one or more modules are identified out of the conventional IDE source code.
  - 20. The computer-implemented method of claim 1, wherein providing security comprises securing source code of the one or more software applications against one or more of unintentional editing, intentional or unintentional copying, and outside theft.

8. A system comprising:
- a computer server having a mechanism for transforming a conventional integrated development environment (IDE) into a secure IDE, the computer server further having one or more virtual machines to provide a runtime system for running the mechanism, the conventional IDE, or the secure IDE, the mechanism to;
  
  identify one or more modules associated with the conventional IDE that are to be modified to transform the conventional IDE into a secure IDE, wherein each of the one or more modules corresponds to an IDE component;
  
  determine one or more security extensions to be associated with the one or more modules that are chosen to be modified based on their corresponding one or more IDE components; and
  
  generate the secure IDE by modifying the one or more modules by associating a security extension to each IDE component corresponding to each of the one or more modules to transform each IDE component into a secure IDE component to transform the conventional IDE into the secure IDE, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE.
- View Dependent Claims (9, 21, 22, 23)
- - 9. The system of claim 8, wherein the one or more security extensions comprise at least one of a secure cut/copy/paste security extension, a secure keystore interface security extension, a secure startup/certificate based expiry security extension, a secure build security extension, a secure file encryption/decryption security extension, or a secure intrusion detection security extension.
  - 21. The system of claim 8, wherein the one or more security extensions are associated with the one or more IDE components to transform the one or more IDE components into one or more secure IDE components, wherein the one or more secure IDE components comprise at least one of a secure cut/copy/paste security component, a secure keystore interface security component, a secure startup/certificate based expiry security component, a secure build security component, a secure file encryption/decryption security component, or a secure intrusion detection security component.
  - 22. The system of claim 8, wherein the mechanism is further to add one or more new secure IDE components to the conventional IDE components or the secure IDE components to transform the conventional IDE into the secure IDE.
  - 23. The system of claim 8, wherein providing security comprises securing source code of the one or more software applications against one or more of unintentional editing, intentional or unintentional copying, and outside theft.

10. A non-transitory machine-accessible medium having instructions which, when executed, cause a machine to:
- identify one or more modules associated with a conventional integrated development environment (IDE) that are to be modified to transform the conventional IDE into a secure IDE, wherein each of the one or more modules corresponds to an IDE component;
  
  determine one or more security extensions to be associated with the one or more modules that are chosen to be modified based on their corresponding one or more IDE components; and
  
  generate the secure IDE by modifying the one or more modules by associating a security extension to each IDE component corresponding to each of the one or more modules to transform each IDE component into a secure IDE component to transform the conventional IDE into the secure IDE, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE.
- View Dependent Claims (11, 24, 25)
- - 11. The non-transitory machine-accessible medium of claim 10, wherein the one or more security extensions comprise at least one of a secure cut/copy/paste security extension, a secure keystore interface security extension, a secure startup/certificate based expiry security extension, a secure build security extension, a secure file encryption/decryption security extension, or a secure intrusion detection security extension.
  - 24. The non-transitory machine-readable medium of claim 10, wherein the one or more security extensions are associated with the one or more IDE components to transform the one or more IDE components into one or more secure IDE components, wherein the one or more secure IDE components comprise at least one of a secure cut/copy/paste security component, a secure keystore interface security component, a secure startup/certificate based expiry security component, a secure build security component, a secure file encryption/decryption security component, or a secure intrusion detection security component.
  - 25. The non-transitory machine-readable medium of claim 10, wherein providing security comprises securing source code of the one or more software applications against one or more of unintentional editing, intentional or unintentional copying, and outside theft.

12. A computer-implemented method comprising:
- transforming a conventional intrusion detection component of a conventional integrated development environment (IDE) into a secure intrusion detection component to transform the conventional IDE into a secure IDE, wherein the conventional intrusion detection component is transformed by accepting an intrusion detection exception, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE;
  
  detecting security intrusion in a programming method that performs an encryption operation or a decryption operation, wherein detecting includes generating and analyzing of stack trace information to detect intrusion and generate a security alert event, wherein detecting is performed to prevent an unauthorized access of the secure IDE and further includes;
  
  receiving an incoming call;
  
  detecting stack trace of the incoming call;
  
  generating the stack trace information associated with the stack trace of the incoming call;
  
  analyzing the stack trace information to determine whether a caller is authorized or unauthorized;
  
  generating the security alert event, if the caller is unauthorized; and
  
  allowing the call to proceed, if the caller is authorized, wherein the security alert event based on the secure intrusion detection component is used to determine whether the caller is authorized.
- View Dependent Claims (13)
- - 13. The computer-implemented method of claim 12, wherein detecting includes transforming one or more conventional IDE components associated with one or more modules of a conventional IDE source code into one or more secure IDE components by adding one or more security extensions to the one or more conventional IDE components, wherein the one or more secure IDE components include the secure intrusion detection security component or a secure pattern analyzer, wherein the programming method includes a Java method.

14. A computer-implemented method comprising:
- transforming a conventional build security component of a conventional integrated development environment (IDE) into a secure build security component to transform the conventional IDE into a secure IDE, wherein the conventional build security component is transformed by accepting a build security exception, wherein the secure IDE provides security for one or more software applications that are developed using the secure IDE;
  
  securing reuse of sensitive build logic using the secure build security component, the securing reuse of the sensitive build logic including separating out ant based targets into a file, and calling classes containing sensitive encryption/decryption logic, and granting read-only access to the file to enable the securing reuse of the sensitive build logic, the securing reuse of the sensitive build logic further including;
  
  starting the secure IDE, and selecting a project;
  
  invoking a user level ant based script, the user level ant based script having a secure build script;
  
  invoking a file decryptor to perform decryption;
  
  invoking a compiler, or an encrypter to perform encryption, if an error has not occurred; and
  
  aborting a process for using the secure IDE, if the error has occurred, wherein aborting of the process including rolling back sensitive information to be secured.
- View Dependent Claims (15)
- - 15. The computer-implemented method of claim 14, wherein securing includes transforming one or more conventional IDE components associated with one or more modules of a conventional IDE source code into one or more secure IDE components by adding one or more security extensions to the one or more conventional IDE components, wherein the one or more secure IDE components include the secure build security component, wherein the file includes an Extensive Markup Language (XML) file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chaperon LLC
Original Assignee
Chaperon LLC
Inventors
Dhanani, Ashif A.
Primary Examiner(s)
Dinh; Minh
Assistant Examiner(s)
Le; David

Application Number

US11/977,388
Time in Patent Office

1,442 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Method and system for generating and employing a secure integrated development environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for generating and employing a secure integrated development environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links