Comparing Data Management Infrastructure Security
As we head further into a world of geopolitical instability, security concerns are becoming increasingly prominent. The U.S. government is encouraging companies to be more proactive with the security of their assets and network with a slew of recent formal recommendations, some of which are a requirement for work on government projects.
Cybersecurity issues include bad actors trying to compromise corporate and government infrastructure, IP theft from high value technology companies, and acts of terror taking over control of vehicles and utility services. Therefore, it is critical for those in the semiconductor industry to keep their infrastructure and assets safe.
One particularly important aspect of this is securing IP data during the design and release process. These design blueprints come in various forms including software code, hardware design descriptions, specs and plans, and releases of finished or milestone implementation data, and are usually kept in a version control tool to maintain traceability and provenance.
A weak security layer could mean that an external entity is able to steal IP from these version control systems, or even worse, make undetected changes to the design that can be leveraged by a malicious entity after the design goes into production (integrated into customer systems).
In this blog, we look at today’s most popular version control and data management software and compare their current security. Skip to a data management tool or read on to help you in choosing the most secure data management infrastructure.
Looking to improve chip development?
Explore the Perforce suite for semiconductor design.
FIND A SOLUTION
Data Management Infrastructure Options
Distributed Version Control Systems: Git, Mercurial
Git and Mercurial are popular distributed version control systems (DVCS) maintained by the open-source community that allow users to maintain their own copy of the file repo locally and work independently until ready to merge their changes back into a main branch.
A distributed system, by design, lacks a centralized control model – leading to various security concerns including:
- Copying entire repos to a user's local disk.
- Users mistakenly check-in private authentication keys.
- No real authentication or verification measures.
- System management can only be done by physically logging into the hosting server.
Another concern is that Git and Mercurial make it easy to rewrite change history, which dilutes the provenance of the system. In general, these kinds of open-source systems work off the “honor system” where users are expected to be good citizens; unfortunately, in today’s geopolitical environment this can’t be assumed.
Related Reading 📖 Mercurial vs Git: How Are They Different?
Commercial Distributed Version Control Systems: GitHub/GitLab
GitHub/GitLab are commercial offerings that add a proprietary layer over open-source Git to improve use models and address some of the limitations noted earlier. Unfortunately, corporations still run into security problems stemming from the frequent security breaches that require expedited patches and the overarching problem of maintaining personal and corporate code bases in the same instances. Often best practices are forgotten and/or ignored due to this mix with the resulting threat exposure.
In general, any Git-related solution (including GitHub and GitLab) will suffer from a weak security model. All users get to see everything in a repository when it is cloned. Everything in a repo is readable including all historical versions, which means the the granularity of read access is at the repo level.
To protect sensitive content, admins are required to separate repositories per access level. Given the numerous permutations of security access, this makes it nearly impossible to grant the proper access and will eventually lead to mistakes and leakage. Write access goes no further than the branch level so there is no control over preventing who can change individual files.
Unless the admin implements a “1 file per repository” organization, it becomes very difficult to achieve the required level of security, with organizations eventually trading out proper security in order to make access easier. This leads to an exposed system.
Also, as a cloned repo contains an entire history of revisions, should a user’s desktop get invaded, a bad actor would not only have access to the current state of the source, but also all historical versions. This allows a bad actor to find vulnerabilities in older versions of the code/hardware even if the latest version is patched. Once the old vulnerability is identified, the bad actor can then target the specific versions in the field that are now known to have that vulnerability.
GitHub/GitLab have attempted to add basic authentication in front of Git, but fundamentally, Git has essentially no access controls or adequate built-in security.
Related Reading 📖 How Secure is Git?
Centralized Version Control Systems: Subversion, CVS
Subversion and CVS are two other version control management tools maintained by the open-source community. These are centralized systems that use a single central repo to store versioned files and a client/server model that allows users to checkout files from the central repo to a workspace.
The centralized nature of this model removes the ability of users to clone the entire repo locally which is a major security improvement. However, these tools still have problems with client-side metadata including clear text passwords and URLs saved to disk in the user workspace.
Also, the recommended Apache/SSH transport protocol can have poor performance and users may user the faster but horribly insecure native SVN protocol. Finally, as with the DVCS tools discussed earlier, SVN permissions are configured in a physical file on the SVN server and require login access to the machine.
In general, CVS and SVN are no longer being actively developed and their ability to stay up to date with security vulnerabilities is decaying rapidly. CVS has no built in security or access mechanism. That is done via file/NFS level access which is nearly impossible to manage at the right level of granularity.
Related Reading 📖 Git vs SVN: What Is the Difference?
Perforce Helix Core
Which brings us to a review of Perforce Helix Core. Perforce has been around for over 20 years as a commercial solution and has been deployed in many of the larger corporate software organizations for its scalability and its secure by design nature.
Helix Core by default is a centralized version control system with a highly optimized architecture designed for critical deployments. Some of the security measures built-in to Helix Core include:
- Metadata maintained in its p4d database can only be accessed via TCP/IP client.
- Workspaces contain no local metadata and as such are not prone to IP leakage in the way the other tools discussed here are.
- Multiple security levels that can be deployed based on the target environment, ranging from minimal password requirements (e.g.: during an evaluation or an open-source project) to strict per-user authentication with configurable token and session timeouts, broker/proxy authentication, and multi-factor authentication (MFA).
- The transport mechanism can be set up to use SSL-based encryption for all user interactions, broker, and proxy configurations.
- Access control can be managed at the repo, branch, directory, or all the way down to the individual file level, all within the same depot for both read and write operations.
Related Reading 📖 Git vs Perforce: How to Choose (and When to Use Both)
Improving Data Management Infrastructure Security
In summary, we can see that many of the popular version control systems in use today can have serious security implications. The open source DVCS tools in popular use today offer very little in the way of security controls and the older CVCS tools such as Subversion and CVS are not receiving timely patches for their security vulnerabilities. Helix Core has been designed from the ground up to handle many of these issues and is becoming the industry standard for secure data management in today’s hostile security landscape.
Secure Your IP With Perforce
Perforce semiconductor solutions include Helix Core as one of the leading data management tools, along with Methodics IPLM for IP lifecycle management, and Hansoft for scalable planning. Join the ranks of the world's largest semiconductor companies already using Perforce.