Java Protection
来源:互联网 发布:淘宝网直通车关键词 编辑:程序博客网 时间:2024/05/08 11:09
Java Class files contain lots of symbolic information stored in constant pool sector, including all variable names and method names. This symbolic information allows Java decompilers to reconstruct the source code easily. Without protection, anyone could use a Java decompiler to get the Java source code. According to its special characters and threats, there are the following available protection mechanisms in the market to prevent from tamper or piracy.
• Hardware-based protection
Use smart card or other chip types to embed the Java virtual machine engine in the hardware. The Java Class file will be downloaded into the hardware, and the protected application will call the token to retrieve the output parameters via sending the input parameters, and the Class file will be interpreted and executed internally. The performance and functions of this method will be restricted and impacted by the hardware configuration such as memory space, RAM, CPU, and so on.
• Class Isolation (HTTP, Web Service, and RPC)
Developer can place the Class files in the remote server machine to prevent the hacker to analyze the Class file. This method is ideal solution; however its cost and internet speed will impact developer’s decisions.
• Convert Java Class to Native Local Code
JNI allows developer to write sensitive native methods to enhance the difficulty of analysis by hackers because JNI file is machine code format. It needs developer to write the native local code by other languages.
• Java Class File Obfuscation
It allows developers to obfuscate (protect) their Java Class files. All symbolic information can be removed or modified. Traditionally it includes the following types: Lexical Obfuscation, Data Obfuscation, Control Obfuscation, and Prevent Transformation. Although there are many tools available in the market to adopting this method, the security of this method cannot be very high because handled Class file can be analyzed also.
• Class Loader Encryption
The Java Class loader is a part of the Java runtime environment that dynamically loads Java Classes into the Java virtual machine. It is implemented by Java language itself, and can be replaced by customized Class loader. This kind of protection will decrypt the encrypted Class file when loading the Class by customized Class loader. And the decryption method can be programmed by in Class or JNI library. The security of this method cannot be very high also because the whole Class file can be dumped after decryption.
• JVM Hook
This method will use some binary tools (Shell or Envelope) to add Shell code in JRE runtime executive file to hook Class file operation. Shell code will decrypt the encrypted Class file before reading file operation occurred. The security of this method cannot be high also because the whole Class file can be dumped after decryption. And also other limitation is the decrypted Class files will depend on specific JRE.
- Java Protection
- protection money
- Database Protection
- Protection 1
- Clickjacking Protection
- Protection 6 ---- Page-Level Protection
- YEAR OF SECURITY FOR JAVA – WEEK 11 – X-XSS-PROTECTION
- PROTECTiON iD V5.1
- 禁止 Symantec Protection Agent
- Office Software Protection Platform
- System File Protection
- Virtual Machine Protection
- sudo protection bypass exploit
- oracle dataguard protection level
- Remove Cloud Protection
- Remove System Protection 2012
- SSH Host Key Protection
- SSIS Package Protection Level
- sql 数据库置疑,或者只有一个MDF文件的恢复方法
- Spring Bean 的创建方式
- 【转】如何学习经济学与入门和经典书籍
- 游戏工委正式在京起诉GDC China主办方
- 化繁为简 选定好OA的四项基本原则
- Java Protection
- 用shell写的一个电话簿
- PHP环境搭建过程
- XML轻松学习手册(2)XML概念
- 【转】一生必看的成功学书(转载)
- oracle运维之--dataguard 主备库迁移
- 九.外包/采购/合同
- Bug分析:为bug预防奠定基础
- 集合的重点 总体解说