-3

I have a very important C program I need to protect in my website. This program is called once per minute and the reply is not time sensitive (e.g. if the reply is late by a few seconds it's ok). The input and output data are a few KBs and due to the small size and no latency limitations can be transferred via network. Is there any other way to prevent my web host from stealing this program (this can happen, rarely but still it's possible), other than hosting the C program separately from my website, in a server in my house, which has the following disadvantages:

a) Reliability #1: You can't even match the uptime a great hosting company can provide (unreliable ADSL lines, power losses).
b) Reliability #2: The maintenance of the server is not easy unless you are a pro and have spare parts.
c) Performance: The upload speed of the consumer ADSL lines is veeeeeery slow.
d) Cost: You have to buy the server and depending on the location, electricity can cost no little money.

Any help is really appreciated!

Blaziken-100
  • 1
  • Not sure, but why my question is bad? – Blaziken-100 Jul 17 '14 at 15:35
  • 5
    If you can't trust your host, get a new one. There's very little you can do against a malicious actor with direct physical access to the hardware. Host somewhere like AWS, where there are extensive internal controls, user trust is critical, and you're one of millions of servers. – ceejayoz Jul 17 '14 at 15:38
  • @ceejayoz: Thanks, I am well aware of this but for example, if an employer of the hosting company steals my data my website will be destroyed and I believe there is not way to be 100% sure this won't happen. Is there any way to secure this, can you point me to the right direction? – Blaziken-100 Jul 17 '14 at 15:40
  • 4
    If your program is that valuable what stops someone from breaking into your house and stealing your computer(s)? – Chris S Jul 17 '14 at 15:56
  • @Chris S♦: The fact they don't know where my house is. – Blaziken-100 Jul 17 '14 at 16:11
  • 1
    @Blaziken-100 Yet. – EEAA Jul 17 '14 at 16:24
  • How much do you want to spend on this? – Michael Hampton Jul 17 '14 at 16:30
  • @ Michael Hampton: No idea how much those things cost, but I expect it to be pricier than a high end dedicated server by a reputable provider. – Blaziken-100 Jul 17 '14 at 16:32

1 Answers1

1

If you can't trust your provider, then you're really left with one option: colocation.

  1. Purchase a 1U server.
  2. Configure it as desired.
  3. Rent a locked partial rack in a colocation facility and deploy your server there.

Be prepared to pay through the nose for this, but it's as "secure" as you can get short of opening your own hosting facility.

One remaining option is to use FDE on your hosted server. Whether or not that's an option depends on your provider. Regardless, this will require you to enter a password to decrypt the filesystem on each boot, but it would offer a fair amount of protection from data theft.

But really, if you don't trust your provider, don't give them your money. Use a reputable provider that you can trust. They deserve your money more than whomever you're currently using does.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Good point, but I am trying to avoid all of the hassle of this, is there really no other way? – Blaziken-100 Jul 17 '14 at 15:42
  • @Blaziken-100 see my update. – EEAA Jul 17 '14 at 15:44
  • Thanks and the idea of FDE is a good one. Its not a matter of trust, I trust the company, but I don't trust all the employers there. Bad employers can be found everywhere. If in the end I host this in my house, because I can't find a collocation close to me, do you have any advice? – Blaziken-100 Jul 17 '14 at 15:52
  • My advice is above. That's the only professional advice for this situation. – EEAA Jul 17 '14 at 15:53