BAR Architecture

A comprehensive overview of the BAR system's modular and secure design philosophy, showcasing our layered approach to building a robust, extensible backup solution

Security-First
Modular
Layered
Extensible
Explore Architecture

System Overview

BAR follows a layered architecture pattern with clear separation of concerns. The diagram below illustrates the main components and their interactions, highlighting our security-first approach to temporary data management.

100%
Drag to move
flowchart TD %% Layers subgraph "Presentation Layer" direction TB LD["LoginDialog"]:::gui RD["RegisterDialog"]:::gui TF["TwoFactorDialog"]:::gui MW["MainWindow"]:::gui FV["FileViewer"]:::gui FD["FileDialog"]:::gui SD["SettingsDialog"]:::gui ST["Styles"]:::gui end subgraph "Application Core / Orchestration" direction TB MP["main.py"]:::core BS["build.py"]:::core SP["setup.py"]:::core end subgraph "Domain Services" direction TB subgraph "Configuration" CM["config_manager.py"]:::services end subgraph "User Management" UM["user_manager.py"]:::services end subgraph "File Management" FM["file_manager.py"]:::services FS["file_scanner.py"]:::services end subgraph "Cryptography" CR["encryption.py"]:::services end subgraph "Security" SM["session_manager.py"]:::services TFA["two_factor_auth.py"]:::services AL["audit_log.py"]:::services SDT["secure_delete.py"]:::services HIc["hardware_id.c"]:::services HIpy["hardware_id.py"]:::services HIpx["hardware_id.pyx"]:::services HIB["hardware_id_bridge.py"]:::services HIP["hardware_id_cy.pyi"]:::services SPROT["screen_protection.py"]:::services WSP["win_screenshot_prevention.py"]:::services end end subgraph "Persistence (Local Filesystem under ~/.bar)" direction TB FSYS["Filesystem Storage"]:::persistence LOGS["Audit Logs"]:::persistence end %% Interactions LD -->|auth event| MP RD -->|registration event| MP TF -->|2FA event| MP MW -->|UI action| MP FV --> MP FD --> MP SD --> MP ST --> MW MP -->|loads settings| CM MP -->|init session| SM MP -->|init user manager| UM MP -->|init file manager| FM MP -->|init security| SM FM -->|Encrypt/Decrypt calls| CR CR -->|returns ciphertext/plain| FM SM -->|policy check| FM SM -->|session validation| CR TFA -->|TOTP verify| UM UM -->|2FA setup| TFA FS -->|scan drives| FM FS -->|integrity check| CR FS -->|results| MW FM -->|writes files| FSYS FM -->|audit event| AL FM -->|secure delete originals| SDT MP -->|audit startup| AL SM -->|audit session| AL UM -->|audit auth| AL AL -->|writes log| LOGS %% Background enforcement classDef dashed stroke-dasharray: 5 5 Deadman["Deadman Switch"]:::services BruteForce["Anti-Brute Force"]:::services Deadman -.->|monitor| SM BruteForce -.->|monitor| SM Deadman -.->|trigger delete| SDT BruteForce -.->|trigger delete| SDT %% Styles classDef gui fill:#cce5ff,stroke:#004085,color:#004085 classDef core fill:#d4edda,stroke:#155724,color:#155724 classDef services fill:#ffe5b4,stroke:#856404,color:#856404 classDef persistence fill:#e2e3e5,stroke:#383d41,color:#383d41 class Deadman,BruteForce dashed

Legend

GUI Layer

GUI Layer

User interface components that provide access to BAR functionality.

  • CLI Interface (Future Scope)
  • Web Interface (Future Scope)
  • Desktop App
Core Layer

Core Layer

Central components that handle the main backup and restore operations.

  • Backup Engine
  • Restore Engine
  • Scheduler
Services Layer

Services Layer

Specialized services that support core functionality with specific features.

  • Compression
  • Deduplication
  • File Handling
Persistence Layer

Persistence Layer

Components responsible for data storage and retrieval operations.

  • Version Control
  • Storage Manager
Security Layer

Security Layer

Components that ensure data protection and secure operations.

  • Encryption
  • Authentication

Key Components

GUI Layer

Provides the user interface for interacting with the BAR system:

  • Desktop App: Secure interface for encrypted file access and settings

Core Layer

Contains the main business logic and coordinates system operations:

  • Session Controller: Orchestrates startup, authentication, and session control
  • File Controller: Interfaces between GUI and file services

Services Layer

Implements specific functionalities for data processing:

  • Encryption: Protects files with AES encryption
  • Secure Delete: Overwrites and removes sensitive files
  • Audit Logging: Tracks critical actions and access
  • Hardware Lock: Ties access to device ID

Persistence Layer

Manages data storage and retrieval operations:

  • Filesystem Vault: Encrypted file storage under ~/.bar
  • Audit Log Store: Local logs for tamper auditing

Security Layer

Ensures data protection throughout the system:

  • Two-Factor Authentication: TOTP-based verification
  • Deadman Switch: Triggers file deletion on certain events
  • Anti-Brute Force Monitor: Locks access on repeated failures

Architecture Principles

This layered architecture ensures separation of concerns, making the system more maintainable and extensible. Each layer has a specific responsibility and communicates with adjacent layers through well-defined interfaces.

Modularity

Components can be replaced or upgraded independently

Layering

Clear separation of concerns between system components

Extensibility

New features can be added without modifying existing code

Security-First

Security is built into every layer, not added as an afterthought

Security Features

End-to-End Encryption

All data is encrypted before leaving the client and remains encrypted throughout the entire process, ensuring that even if intercepted, it cannot be read.

Zero-Knowledge Design

The system is designed so that only the user has access to their encryption keys, meaning that not even the service provider can access the protected data.

Multi-Factor Authentication

Multiple authentication methods ensure that only authorized users can access backups, adding an extra layer of protection beyond passwords.