OverOps Security Protocols

Contents

Introduction

How does OverOps Analyze your Code?

Bytecode Analysis

Source Code Encryption

Source Code Decryption

Variable Data Encryption

Variable Data Decryption

Related Articles

 

Introduction

When it comes to your production environment, security is of the utmost concern. OverOps takes security extremely seriously. Your data is fully encrypted any time it heads outside of your environment. You also have the ability to take security further, with personally identifiable information filtering and hybrid on-premises deployment models. 

 

How does OverOps Analyze your Code?

When viewing an error within OverOps , you can see the source code and variables values that caused it at the moment of occurrence. OverOps uses a combination of JVM-level signal detection and continuous code analysis in the cloud to determine and collect the right source code and variable state for each error.

OverOps encrypts all source code and variable data collected at run-time using a strong 256 bit AES key privately generated for you during installation. Code and variable data collected on your machines is only uploaded to and stored by OverOps in the cloud in its encrypted private form. This ensures that it can only be viewed by you and your team using your private encryption key, and that it cannot be accessed by anyone else (including OverOps administrators).

 

Bytecode Analysis

To offload work from the local JVM in order to efficiently analyze errors, OverOps converts byte code loaded by the application (e.g .jar, .war. class files) into an abstract graph structure which it analyzes in the cloud. The graph structure does not contain symbols, values, or operators, and cannot be executed or reverse engineered. This conversion process, which runs on your machine, includes removing all jar, package, class, field, method, and variable names (both from your code and any Java or 3rd party frameworks), as well as removing all logical and numeric operators, number and string constants, and code attributes.

The bytecode graph is sent to the cloud for analysis to help determine which code fragments and variable values are required to analyze each error, and what is the fastest way to collect those in order to maintain a low production performance overhead.

 

Source Code Encryption

To display the source code for target methods that are related to an error using the OverOps user interface, the relevant pieces from the converted bytecode graph are decompiled in the cloud into a source code template which does not contain any symbology, operator values, or literals. The code template is in turn sent back to the OverOps agent on your server, where it is mapped and reconstructed into source code (using the original bytecode that resides on your machine).

The reconstructed source code is encrypted on your machine using your private 256 bits AES encryption key (known only to you). The encrypted source code is then stored on OverOps' servers for later viewing by authorized users. Storing the source related to each specific error at the moment of occurrence ensures that even if you deploy new code to your servers, you will still have access to the exact source code and variable state in the future (pursuant to OverOps' data retention policy).

Note: As the source code viewed within OverOps  is a result of a decompilation process, it may look slightly different from your original source code. This would especially be true for non-Java JVM languages such as Scala and Groovy where code is decompiled into Java. Learn how to connect and view your actual source code in OverOps.

 

Source Code Decryption

When you open an error for viewing within the OverOps web interface it retrieves the relevant encrypted code from the cloud to your device. It is only at this point that the source code can be decrypted using your AES encryption key (which is not stored by OverOps), enabling you to privately view and debug your code without compromising its security.

 

Variable Data Encryption

OverOps takes the protection of your variable data very seriously. OverOps uses a private 256 bit AES encryption scheme to protect and ensure the privacy of any data (both source code and variable state) collected on your machine. Any variable data collected on your machines is encrypted by OverOps' agent with the help of a strongly randomized encryption key that is private to you, before it is sent to the cloud. This means that no one other than you (not even OverOps administrators) can access your data.

 

Variable Data Decryption

Decryption of variable data can only be performed on your device’s web browser where your AES key is stored. This also means that at no point is your AES key transmitted outside your domain. Any other team members within your company must explicitly be provided with access to the key by you in order to access collected data.

 

Related Articles

Hybrid and On-Premises Solutions

Managing Personally Identifiable Information

Have more questions? Submit a request