In many projects, it is very difficult to handle or maintain the interactional property of particular vendor when we go with scripts like VB, Perl, Python and Java classes. In this case, we are in situation where we need to secure the scripts and at the same it should share the library at run time. Here we considered and experimented some of the scripts like shell, Perl, python, java and visual basic scripts. In this project we were providing two different approaches for UNIX and WINDOWS environment.
In this project proposes a secured way of executing any scripts on Linux (Perl, python and shell scripts) .And for windows platform visual basic library scripts executed on QTP. In contrast windows has a very vulnerable mechanism of executing the scripts in a local host both client and server engine mechanism via secured named pipe channel.
First approach for windows platform, every time the client sends an authentication request to server .And user login transaction is happening with encrypted data exchanges via named pipe with AES algorithm 256 bit. Once authentication was success, the client will send the READY request to server .Server will share the shared location of decrypted library, which the client will upload or share it to the controller. The shared location was generated based on time tick value of the local system. And with in a fraction of seconds the libraries will be cleared from the defined location. To avoid malfunction script execution checksum were tracked in persisted encrypted database. Note – when deploying all the open script will be encrypted and provided in repository.
Second approach for Linux Environment, in this case all the scripts which resides in operating system are encrypted and kept. The single executable will collect the script and execute on the bash shell environment in silent mode and hits on file descriptor. In Linux environment, the bash descriptor access provided only to write and read mode were locked .If any hackers try to attack the Linux bash will not allow to reading the data from descriptor. In run time all the scripts will be decrypted and executed in kernel. To avoid the malfunction same logic of checksum tracking method used in persistent database. In case of Linux, the executable shouldn’t hold any double coated strings in functions of any language to avoid hack decompiling methods, we used unsigned long data type and in run time it will be converted in to string and passed as system calls. [For example, “strings “commands in Linux will decode the strings the binary file.]
Note: Named pipe could be replaced with socket communication.
No comments:
Post a Comment