Takipi
!
!
! ! ! ! !
!
Application Security! ! October 2014!
! ! ! ! ! ! ! ! ! ! ! !
Copyright © Takipi Inc. 2014 All Rights Reserved! Takipi Inc. 325 9th Street, San Francisco, CA 94103, USA
!
Takipi
Takipi Application Security
1. Overview When viewing an error within Takipi, you can view the source code and the values of the relevant variables which caused it at the moment of occurrence. Takipi uses a combination of JVM-level signal detection and continuous code analysis in the cloud to determine and collect the right source code and variable state for each error.
!
Takipi encrypts all source code and variable data collected at run-time using a strong 256 bit AES key privately generated for you during installation. Code and variable data collected on your machines is only uploaded to and stored by Takipi in the cloud in its encrypted private form. This ensures that it can only be viewed by you and your team using your private encryption key, and that it cannot be accessed by anyone else (including Takipi administrators).
! !
2. Bytecode analysis To offload work from the local JVM in order to efficiently analyze errors, Takipi converts byte code loaded by the application (e.g .jar, .war. class files) into an abstract graph structure which it analyzes in the cloud. The graph structure does not contain symbols, values or operators. This conversion process which runs on your machine includes removing all jar, package, class, field, method, and variable names (both from your code and any Java or 3rd party frameworks), as well as removing all logical and numeric operators, number and string constants, and code attributes. The resulting code graph cannot be executed or reverse engineered.
!
The bytecode graph is sent to the cloud for analysis to help determine which code fragments and variable values are required to analyze each error, and what is the fastest way to collect those in order to maintain a low production performance overhead.
! !
3. Source code encryption To display the source code for target methods that are related to an error using the Takipi user interface, the relevant pieces from the converted bytecode graph are decompiled in the cloud into a source code template which does not contain any symbology, operator values or literals. The code template is in turn sent back to the Takipi agent on your server, where it is mapped and reconstructed into source code (using the original bytecode which resides on your machine).
!
The reconstructed source code is encrypted on your machine using you private 256 bits AES encryption key (known only to you). The encrypted source code is then stored on Takipi’s servers for later viewing by authorized users. Storing the source related to each specific error at the moment of occurrence ensures that even if you deploy new code to Copyright © Takipi Inc. 2014 All Rights Reserved! Takipi Inc. 325 9th Street, San Francisco, CA 94103, USA
Takipi
!
Takipi Application Security
! !
your servers, you will still have access to the exact source code and variable state in the future (pursuant to Takipi’s data retention policy). Note: As the source code viewed within Takipi is a result of a decompilation process, it may look slightly different from your original source code. This would especially be true for non-Java JVM languages such as Scala and Groovy where code is decompiled into Java. Read below on how to attach and view your original source code in Takipi.
! !
4. Source code decryption When you open an error for viewing within the Takipi web interface it retrieves the relevant encrypted code from the cloud to your device. It is only at this point that the source code can be decrypted using your AES encryption key (which is not stored by Takipi), enabling you to privately view and debug your code without compromising its security.
! !
5. Showing original source code for non-Java JVM languages: If you're using Scala, JRuby, Groovy, Clojure, or any non-Java language running on the JVM and want to see your source code in its original form, you can do so by attaching your source code to the Takipi agent. This can also be done if you're writing in Java and want to see source code comments, or are using a code weaver (such as AspectJ) which adds large amounts of synthetic code into your bytecode.
! For step-by-step instructions on how to attached your source code click here. ! ! 6. Variable data encryption
Takipi takes the protection of your variable data very seriously. Takipi uses a private 256 bit AES encryption scheme to protect and ensure the privacy of any data (both source code and variable state) collected on your machine. Any variable data collected on your machines is encrypted by Takipi’s agent with the help of a strongly randomized encryption key that is private to you, before it is sent to the cloud. This means that no one other than you (not even Takipi administrators) can access your data.
! !
7. Variable data decryption Decryption of variable data can only be performed on your device’s web browser where your AES key is stored. This also means that at no point is your AES key transmitted outside your domain. Any other team members within your company must explicitly be provided with access to the key by you in order to access collected data. Copyright © Takipi Inc. 2014 All Rights Reserved! Takipi Inc. 325 9th Street, San Francisco, CA 94103, USA
!
Takipi
Takipi Application Security
! !
8. Generating encryption keys When you first install Takipi, a private encryption is generated for you as part of the installation process. This key (known as the trial key) is stored on Takipi’s servers to simplify the process of trialing the product. It is however highly recommended that you generate your own AES key privately. By generating your own key you can ensure that no one outside your team is able to decrypt your data. Key generation is simple and straightforward using the open-source Key generator utility, available for download here.
!
Once a new key is generated, it needs to be deployed on the machines within your cluster that you would like grouped under the same view within Takipi. Placing the key on a machine can be done by reinstalling the agent using the install scripts (wget / cUrl / Chef) produced by the key generator, or by editing the /opt/takipi/work/secret.key file.
!
Remember, that as the key has been generated privately for you, it can not be retrieved by Takipi in case it is lost.
! ! 9. Architecture diagram ! Please see the page below. ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
Copyright © Takipi Inc. 2014 All Rights Reserved! Takipi Inc. 325 9th Street, San Francisco, CA 94103, USA
Takipi
!
Takipi Application Security
Copyright © Takipi Inc. 2014 All Rights Reserved! Takipi Inc. 325 9th Street, San Francisco, CA 94103, USA