标题: 保护Java程式之研究
A Study of Protecting Java Code
作者: 陈承骏
吴毅成
I-Chen Wu
资讯学院资讯学程
关键字: 混淆器;类别载入器;签章;加密;位元组码;虚拟机器;Obfuscator;ClassLoader;Signature;Encrypt;Byte Code;JVM
公开日期: 2005
摘要: 一个Java程式首先必须经由Java编译器编译成位元码,以类别档的格式存在,才能被Java虚拟机器所执行。由于Java程式采用两段式编译,使中间码反组译的程式码和原始码相当接近,容易被反编译,因此容易被破解。

为了保护类别档不被反编译,我们常用混淆器或者自定类别载入器来达到保护的目的。但混淆器只能增加反编译的困难度,混淆后的类别档还是以位元码的形式存在,并无法保护类别档的执行。自定类别载入器能够载入我们所定义的类别档,譬如只能载入加密过的类别档,但自定的类别载入器依然是以位元码的形式存在,同样有被反编译的风险。

本论文针对此问题,提出另一个方法,那就是将Java所有的类别档,用加密以及签章的方式保护,不但可以保护类别档难以被反编译,而且可以保护类别档的执行。
A Java program must be compiled to byte code first, stored as a class file format, and then executed by a Java Virtual Machine. Since Java programs use 2-phase compilation, the byte code can be deassembled to a Java program that would look very close to the right, so it is easy to be compromised.

To protect class file not to be compromised, we usually use obfuscation or customization classloader. But obfuscation only can increase some difficulty. After obfuscating, hacker still can attack by tracing code from some standard APIs, such as java.net.Scoket. Customization classloader can load the class file which can be identified. For example, let JVM only be able to load the class file which already be encrypted. But customization classloader still is a byte code. There has the risk to be de-compiled.

This thesis focuses on above problems to provide another solution that is using encryption or signature in all class files. Protect class file not only de-compiled but also be executed.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT008967569
http://hdl.handle.net/11536/80091
显示于类别:Thesis