I am a Python / C developer currently working on a extremely important piece of
ID: 661225 • Letter: I
Question
I am a Python / C developer currently working on a extremely important piece of software. The details of the code will not be mentioned, and the only place the code appears is on my own hard drive, in a virtual disk image used by a windows 7 virtual box (a hard drive inside a hard drive I guess). The algorithm represented in the code is extremely important, and I cant have ANYBODY get to it except me. I was curious if one could completely protect a single virtual folder from any unwanted access whatsoever. I want to give a level of protection so deep (for this one folder) that even if a CIA agent was assigned to tracking down this source code on my hard drive, they could not do it. I need this folder to be completely cut off from the rest of the world, and make sure no internet based attack, nor any virus could get to it. Is this possible? Any suggestions to lead me in the right direction?
P.S. As you can probably tell, I really don't know much about security, but I would appreciate any suggestions. A 'no this is not possible' answer is completely acceptable.
Explanation / Answer
Yes, it's possible, but you need to protect the entire computer, rather than a single folder. It's also a lot harder than you think, and probably not necessary.
Network attacks: Do your development on a system that is not, has never, and will never be directly connected to a network. Remove any wireless or bluetooth adapters from the system to prevent accidental connection; plug USB, FireWire, and Ethernet ports with epoxy. Do not use a wireless keyboard or mouse.
"Black bag" attacks: Purchase the system anonymously, preferably using cash, from a random retailer. Encrypt the hard drive using full-disk encryption to prevent offline attacks; shut the computer down whenever it leaves your sight to prevent memory dumping and other online attacks. Whenever you are not using the computer, store it in a high-quality safe to prevent an attacker from modifying the hardware (eg. installing a hardware keylogger).
Tempest attacks: Only use the computer inside an electromagnetically shielded, windowless room (a Faraday cage) to prevent eavesdropping on your computer's electronic emissions. Consider soundproofing to prevent possible keylogging by monitoring the sound of the keystrokes. Use a line-interactive power conditioner to reduce information leakage on the power line, or better, get a laptop and only ever use it while disconnected from mains power.
Backups: Encrypt your backups, and protect them to the same degree you protect the computer system.
Personal protection: Hire bodyguards to protect against "rubber hose cryptanalysis" and related techniques. If possible, get the backing of a state-level actor, such as the Russian intelligence service.
If you really need protection from a CIA-level attacker, you should probably spend a year or two researching the techniques that the CIA uses to protect its own networks. But odds are you don't actually need this level of protection, and a computer with full-disk encryption that's never connected to the Internet and stored in a safe when not in use is sufficient.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.