University of Twente Student Theses


Java Code Virtualization of Industrial-strength Java Code

Laverman, G.J. (2016) Java Code Virtualization of Industrial-strength Java Code.

[img] PDF
Abstract:Background Java is a popular object-oriented general purpose computer programming language that uses an intermediate bytecode format representation of a program to be interpreted by the Java Virtual Machine. The architectureneutral intermediate bytecode design principle is however more susceptible to reverse engineering than computer programs written in a language that compiles source code to machine-specific object code. Additional security measures are necessary if a program’s bytecode contains sensitive code such as intellectual property or trade secrets that must be kept secret. Protecting Java bytecode against reverse engineering attacks is however no trivial task. There are some techniques known such as code obfuscation or code offloading, but the former is not sufficient to stop determined attackers and the latter is not applicable to systems that have to operate standalone in a closed environment. Code virtualization is a technology that could possibly improve the resilience of Java bytecode against reverse engineering attempts. Using code virtualization as a technology to protect Java bytecode from reverse engineering is however relatively new and not much is known yet about its effectiveness and real life performance. This report investigates these unknowns by applying code virtualization to sorting algorithms and a demo application. The sorting algorithms have different space and time complexity classes used to investigate compatibility and the scalability of the virtualization technology while the demo application reflects a more realistic use case with multiple components working together. Results Benchmarks measuring the performance of sorting algorithms and their encrypted and virtualized counterparts show that there is a performance penalty for applying additional protection to a Java program. The performance runtime of an encrypted version of the reference sorting algorithms runs a factor 1 to 1,5 slower depending on the algorithm. This is minimal overhead but the offered protection is not sufficient against determined attackers. Code virtualization offers arguably stronger protection over existing obfuscation techniques and requires a lot more effort to reverse engineer. The protection/performance trade-off is however significant. For virtualized versions of the sorting algorithms the runtimes increased with a factor 100 on average. The protection/performance trade-off can be tweaked by adjusting parameters but the performance penalty remains significant with minimal settings. The knowledge and experience from these experiments have been used to develop the demo application, which reflects a more realistic use case, to determine if virtualization can be applied at a reasonable cost. Conclusions Applying the advanced code virtualization protection technology to a program enhances its protection against reverse engineering. Performance however deteriorates significantly for the virtualized program code. Protecting code in real-time applications requires therefore careful consideration and preferably a thorough comparative protection/performance trade-off assessment.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page