skip to main content
article

Tamper-proofing basis path by using oblivious hashing on Java

Authors Info & Claims
Published:01 February 2007Publication History
Skip Abstract Section

Abstract

Java programs are often downloaded (distributed) to unknown environments, so protect Java code from malicious modification is an important issue. This paper presents a tamper-proofing software technology on basis paths for stack-machine based languages, such as Java, by improving Oblivious Hashing. Our approach is based on a new dynamic stack-tracing approach which inserts hash instructions to monitor the top of the stack to check whether the program running has been tampered with or not. A user can choose one or more methods in a class to tamper-proof program. The protective codes are added to basic blocks at the bytecode level. We developed a new approach to protect constants and variables by alternative hashing functions. The overhead is proportional to the number of Load and Push instructions to be protected.

References

  1. A. B. Konovalov. On the nilpotency class of a multiplicative group of a modular group algebra of a dihedral 2-group. Ukrainian Mathematical Journal, vol. 47, no. 1, January 1995.Google ScholarGoogle ScholarCross RefCross Ref
  2. Christian Collberg and Clark Thomborson. Watermaking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Transactions on Software Engineering, vol. 28, no. 8, pages 735--746, August 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Chung Laung Liu. Elements of Discrete Mathematic. McGraw-Hill, pages 346--349, ISBN:007038133X, 1998.Google ScholarGoogle Scholar
  4. D. Curran, N. J. Hurley, and M. O. Cinneide. Securing Java through Software Watermaking. In Proceedings of the 2nd international conference on Principles and practice of programming in Java, pages 311--324, June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark Horowitz. Architectural Support for Copy and Tamper Resistant Software. ACM SIGPLAN Notices, Vol. 35, Issue 11, Pages 168--177, November 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Geneviève Arboit. A Method for Watermarking Java Programs via Opaque Predicates. In The Fifth International Conference on Electronic Commerce Research (ICECR-5), October 2002Google ScholarGoogle Scholar
  7. Gleb Naumovich and Nasir Memon. Preventing piracy, reverse engineering, and tampering, IEEE Computer, vol. 36, no. 7, pages 64--71, July 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Hoi Chang and Mikhail Atallah. Protecting software code by guards. Proceedings of 1st ACM Workshop on Security and Privacy in Digital Rights Management, Philadelphia, Pennsylvania, USA, November 2001, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 2320, pages 160--175, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jien-Tsai Chan and Wuu Yang. Advanced obfuscation techniques for Java bytecode. The Journal of Systems and Software, vol. 71, pages 1--10, April 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Jon Meyer. Jasmin. http://cat.nyu.edu/~meyer/jvm/, March 1997Google ScholarGoogle Scholar
  11. Joseph Poole. A method to determine a basis set of paths to perform program testing. U.S. Department of Commerce/National Institute of Standards and Technology, NISTIR 5737, November 1995.Google ScholarGoogle Scholar
  12. Markus Jakobsson and Michael K. Reiter. Discouraging Software Piracy Using Software Aging, In Proc. 1st ACM Workshop on Digital Rights Management (DRM 2001), pages 1--12, November 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Rainer Güting. Subtractive abelian groups. Notre Dame Journal of Formal Logic, vol. XVI, no. 3, pages 425--428, July 1975.Google ScholarGoogle Scholar
  14. Raja Vallée-Rai, Laurie Hendren, Vijay Sundaresan, Patrick Lam, Etienne Gagnon and Phong Co. Soot - a Java bytecode optimization framework. Proceedings of CASCON 1999, Mississauga, Ontario, Canada, pages 125--135, 1999, http://www.sable.mcgill.ca/soot/.Google ScholarGoogle Scholar
  15. Stanley Chow, Philip A. Eisen, Harold Johnson and Paul C. van Oorschot. A White-Box DES Implementation for DRM Applications. Digital Rights Management Workshop, Washington, DC, USA, November 2002, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 2696, pages 1--15, October 2003.Google ScholarGoogle Scholar
  16. Thomas J. McCabe. A complexity measure. IEEE Transactions on Software Engineering, vol. 2, no. 4, pages 308--320, December 1976.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Ting-Wei Hou, Hsiang-Yang Chen and Ming-Hsiu Tsai. Three Control Flow Obfuscation methods for Java Software. IEE Proceedings Software, vol. 153, no. 2, pages 80--86, April 2006.Google ScholarGoogle ScholarCross RefCross Ref
  18. Yuqun Chen, Ramrathnam Venkatesan, Matthew Cary, Ruoming Pang, Saurabh Sinha and Mariusz H. Jakubowski. Oblivious hashing: a stealthy software integrity verification primitive. Information Hiding, 5th International Workshop, IH 2002, Noordwijkerhout, The Netherlands, October 2002, Revised Paper. Lecture Notes in Computer Science (LNCS), vol. 2578, pp. 400--414, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Tamper-proofing basis path by using oblivious hashing on Java

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!