Java软件保护技术研究及实现
|
摘要
随着计算机技术的不断发展和进步,计算机软件在各行业、领域发挥着日益重要的作用,已经深刻地改变了人们传统的工作和生活方式。计算机软件是凝结开发人员智慧的技术密集型产品,具有极高的价值,一旦被盗版者或者竞争对手通过不正当的手段得到,将给软件开发商和开发人员带来巨大的损失。
Java以其简单性、跨平台性等各种优秀特性赢得许多著名公司的青睐,彻底改变了应用软件的开发模式,带来了软件开发的一次革命,在软件开发的各个领域得到了大量的应用。Java跨平台的灵活性源于独特的编译方式,Java源代码经编译后,生成的不是面向处理器的二进制文件而是面向虚拟机的Java类文件。类文件是一种有格式的中间代码,其中保留了源代码文件中的大多数信息,为反编译Java类文件提供了条件。反编译得出的代码具有很高的质量,基本上可以完全反映编写者的思路,因此,Java软件在知识产权的保护上面临着很大的安全风险。
近年来,许多公司和Java开发人员在深入研究Jaya类文件和虚拟机的基础上,研究开发了多种方法来保护Java类文件,这些方法包括:本地化技术、代码隔离技术、数字水印技术以及代码混淆技术。这些保护方法,在一定的程度上可以起到保护Java软件的作用,但是它们各自都存在明显的局限性和缺陷。
针对这种情况,本文从研究Java虚拟机的类加载机制入手,结合密码学中的加密体制、密钥分存、信息隐藏等技术,提出了一种新的Java软件保护方案——类文件加密保护方案,并将其实现为一款简单易用的工具。本方案设计的核心思想如下:
(1)用加密的方法来保护Java类文件,加密可以有效地对抗反编译,
加密系统的关键问题是如何安全有效地管理密钥,本方案创新性
地将密钥分存技术和信息隐藏技术结合起来实现密钥的保护。
(2)如何加载加密的类文件是本方案的另一个重要问题。Java技术在设计之初就考虑到应用环境的复杂性,因此允许用户根据Java规范定制类加载器,使用这些定制的Classloader可以完成特定的操作,比如从网络上下载类文件,验证类文件来源等,本文定制了一个Classloader来完成加密类文件的加载。
(3)负责密钥提取和解密的具体算法不能被加密,否则又需要先将它们解密,由此将形成一个循环,而它们又是必须要加以保护的核心内容,本方案中,将它们用C++实现并编译为本地的动态链接库文件,这样可以有效地抵抗反编译,结合其他的可执行文件保护技术将获得更高的安全性。
本方案具有很高的安全性,同时具有很好的通用性,不仅可以应用在单机应用软件上,也可以应用在网络应用软件上。与其它的保护方法相比,本方案可以在最大程度上保持软件的跨平台性。最后,本文将类文件加密保护方案实现为一款加密工具,使用非常简单方便,对测试数据的分析说明本系统具有较高效率。综上,本文为Java软件保护技术提出了一种新的思路,是一次非常有意义的探索和实践。
With the rapid development and progress of computer technology, software has been widely used in every vocation and domain, and has changed the working and living ways deeply. Software is the agglomeration of software engineers' intelligence and has a great value. If the pirates and competitors get the core technologies of software, it will be a great loss to software company and software engineers.
Java language has been welcomed by many famous companies, it takes a revolution and has changed the mode of software development. Nowadays, Java has been widely used in every domain of software development. Java has the agility that can be used in different running environment and it comes from the particular compile mode. Compiling the Java source code will generate Java class file that oriented Java virtual machine not binary file that oriented processor. Class file is a kind of formatted mid-code that saves a lot of messages of source code. With these messages, it is easy to decompile class file to get the source code. The source codes that decompile from Java class file have good qualities that reveal the software engineers' thoughts. Therefore, the software that developed with Java language orients a great risk of knowledge right protection.
These years, many companies and Java developers have researched the structure of Java class file and the Java virtual machine. Many protection methods have been developed to protect Java software including native technology, source code separate technology, digital watermark technology, code confusion technology. These methods can protect Java software in some degree, but they all have some localizations and disadvantages.
Based on these conditions, this paper focuses on the Java class load system and combine it with the cipher technology, secret sharing scheme and information hide technology. This paper brings forward a new method to protect the Java software, that called encrypting class file protection scheme. The encrypting class file protection scheme is designed by the following thought:
(1) Encrypt the class file to protect Java software, the decompiler can't decompile the encrypted class files. The key management is the core problem of this scheme, this paper combines secret sharing scheme and information hide technology to protect key.
(2) How to load the encrypted class file is the other important problem. Considering the complexity of software application, Java language was designed allowing user to customize classloader. Customized classloader can perform some special operations, for example, downloading class file from Internet, validating the class file. This paper customizes a classloader called DecryptClassloader by which the encrypted class files can be decrypted.
(3) The decrypt arithmetic and the key resume arithmetic can't be encrypted, otherwise it will need some other arithmetics to decrypt them. These two arithmetics should be protected because they are the core content of this scheme. These two arithmetics are developed with C++ and compiled to dynamic link library. The decompiler can't decompile the dll file and the dll file can be reinforced with executive file protection methods.
This scheme has good security and can be generally used in all Java software, not only native application but also web application software. This scheme can reserve the agility of Java software. This scheme has been developed to a tool and the test data indicate this tool has a high efficiency. In conclusion, this paper gives a new thought of Java software protection.
Java以其简单性、跨平台性等各种优秀特性赢得许多著名公司的青睐,彻底改变了应用软件的开发模式,带来了软件开发的一次革命,在软件开发的各个领域得到了大量的应用。Java跨平台的灵活性源于独特的编译方式,Java源代码经编译后,生成的不是面向处理器的二进制文件而是面向虚拟机的Java类文件。类文件是一种有格式的中间代码,其中保留了源代码文件中的大多数信息,为反编译Java类文件提供了条件。反编译得出的代码具有很高的质量,基本上可以完全反映编写者的思路,因此,Java软件在知识产权的保护上面临着很大的安全风险。
近年来,许多公司和Java开发人员在深入研究Jaya类文件和虚拟机的基础上,研究开发了多种方法来保护Java类文件,这些方法包括:本地化技术、代码隔离技术、数字水印技术以及代码混淆技术。这些保护方法,在一定的程度上可以起到保护Java软件的作用,但是它们各自都存在明显的局限性和缺陷。
针对这种情况,本文从研究Java虚拟机的类加载机制入手,结合密码学中的加密体制、密钥分存、信息隐藏等技术,提出了一种新的Java软件保护方案——类文件加密保护方案,并将其实现为一款简单易用的工具。本方案设计的核心思想如下:
(1)用加密的方法来保护Java类文件,加密可以有效地对抗反编译,
加密系统的关键问题是如何安全有效地管理密钥,本方案创新性
地将密钥分存技术和信息隐藏技术结合起来实现密钥的保护。
(2)如何加载加密的类文件是本方案的另一个重要问题。Java技术在设计之初就考虑到应用环境的复杂性,因此允许用户根据Java规范定制类加载器,使用这些定制的Classloader可以完成特定的操作,比如从网络上下载类文件,验证类文件来源等,本文定制了一个Classloader来完成加密类文件的加载。
(3)负责密钥提取和解密的具体算法不能被加密,否则又需要先将它们解密,由此将形成一个循环,而它们又是必须要加以保护的核心内容,本方案中,将它们用C++实现并编译为本地的动态链接库文件,这样可以有效地抵抗反编译,结合其他的可执行文件保护技术将获得更高的安全性。
本方案具有很高的安全性,同时具有很好的通用性,不仅可以应用在单机应用软件上,也可以应用在网络应用软件上。与其它的保护方法相比,本方案可以在最大程度上保持软件的跨平台性。最后,本文将类文件加密保护方案实现为一款加密工具,使用非常简单方便,对测试数据的分析说明本系统具有较高效率。综上,本文为Java软件保护技术提出了一种新的思路,是一次非常有意义的探索和实践。
With the rapid development and progress of computer technology, software has been widely used in every vocation and domain, and has changed the working and living ways deeply. Software is the agglomeration of software engineers' intelligence and has a great value. If the pirates and competitors get the core technologies of software, it will be a great loss to software company and software engineers.
Java language has been welcomed by many famous companies, it takes a revolution and has changed the mode of software development. Nowadays, Java has been widely used in every domain of software development. Java has the agility that can be used in different running environment and it comes from the particular compile mode. Compiling the Java source code will generate Java class file that oriented Java virtual machine not binary file that oriented processor. Class file is a kind of formatted mid-code that saves a lot of messages of source code. With these messages, it is easy to decompile class file to get the source code. The source codes that decompile from Java class file have good qualities that reveal the software engineers' thoughts. Therefore, the software that developed with Java language orients a great risk of knowledge right protection.
These years, many companies and Java developers have researched the structure of Java class file and the Java virtual machine. Many protection methods have been developed to protect Java software including native technology, source code separate technology, digital watermark technology, code confusion technology. These methods can protect Java software in some degree, but they all have some localizations and disadvantages.
Based on these conditions, this paper focuses on the Java class load system and combine it with the cipher technology, secret sharing scheme and information hide technology. This paper brings forward a new method to protect the Java software, that called encrypting class file protection scheme. The encrypting class file protection scheme is designed by the following thought:
(1) Encrypt the class file to protect Java software, the decompiler can't decompile the encrypted class files. The key management is the core problem of this scheme, this paper combines secret sharing scheme and information hide technology to protect key.
(2) How to load the encrypted class file is the other important problem. Considering the complexity of software application, Java language was designed allowing user to customize classloader. Customized classloader can perform some special operations, for example, downloading class file from Internet, validating the class file. This paper customizes a classloader called DecryptClassloader by which the encrypted class files can be decrypted.
(3) The decrypt arithmetic and the key resume arithmetic can't be encrypted, otherwise it will need some other arithmetics to decrypt them. These two arithmetics should be protected because they are the core content of this scheme. These two arithmetics are developed with C++ and compiled to dynamic link library. The decompiler can't decompile the dll file and the dll file can be reinforced with executive file protection methods.
This scheme has good security and can be generally used in all Java software, not only native application but also web application software. This scheme can reserve the agility of Java software. This scheme has been developed to a tool and the test data indicate this tool has a high efficiency. In conclusion, this paper gives a new thought of Java software protection.
引文
[1] 胡德平,Java传说之风云再起,中国Java阵线同盟,http://bbs.csu.edu.cn/bbscon.php?board=Java&id=66。
[2] 何桥,李肃义,Java程序设计教程,中国水利水电出版社,2-3。
[3] Bacon. David F., Susan L Graham and Oliver J. Sharp. Compiler transformations for high-performance computing. ACM Computing Surveys, vol.26, no.4, December,1994, 345-420.
[4] Cifuentes. Cristina and K. John Gough. Decompilation of binary programs.Software-Practice and Experience,vol.25,no.7,July,1995,811-829.
[5] 董梁,刘艳,Java高级编程,清华大学出版社http://book.csdn.net/bookfiles/173/1001737778.shtml
[6] Martyn Honeyford.衡量Java本机编译http://www-900.ibm.com/developerworks/cn/java-native/index.shtml.
[7] 冀振燕,Java编译程序技术与Java性能,软件学报,2000 Vol.11 No.02.173-178。
[8] 胡守仁,戴葵,李宗伯,在嵌入式Java芯片中使用即时编译技术,计算机研究与发展,2001 Vol.38 No.03,375-379。
[9] 俞建新,孙希,Java虚拟机新技术探讨,计算机应用,2001 Vol.21 No.z1,74-76。
[10] Council for IBM Corporation. Software birthmarks. Talk to BCS Technology of Software Protection Special Interest Group. 1985.
[11] Christian Collberg,Clark Thomborson and Douglas Low. Breaking abstracts and unstructuring data structures. In IEEE International Conference on Computer Languages, ICCL'98 Chicago,IL,May 1998.http://www.cs.auckland.ac.nz/~collberg/ResearchPublications/CollbergThomborsorLow986/.
[12] Christian Collberg, Clark Thomborson and Douglas Low. Manufacturing cheap,resilient and stealthy opaque constructs. In Principals of programming Languages 1998,POPL'98,San Diego, CA,January 1998.http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsorL ow97c/.
[13] Zhao Jian, Luo Chenghui. Digital Watermark Mobile Agents. In 22nd National Information Systems Security Conference Proceedings, NTSSC'99, Hyat Regency Crystal City Virginia, USA, October 1999. http://csrc.ncsl.nist.gov/nissc/1999/proceeding/papers/p10.pdf.
[14] 罗嘉辉,曹斌,一种基于多智体的密钥管理方法,数字贵州http://www.digitalguizhou.org.en/is.asp?id=18。
[15] 刘木兰,周展飞,陈小明,密钥共享体制,科学通报2000 Vol.45 No.9 897-907。
[16] 张敦华,刘建,Java动态类加载机制及其应用,计算机工程与设计,2004 Vol.25 No.3,432-435。
[17] 王银江,凌力,JNI在安全加密系统效率改进中的应用,计算机工程,2004 Vol.30 No.12.99-100.
[18] Sun. Java 2 Plat form API Specification,http://java.sun.com/reference/api/index.html.
[19] 仇文军,孔英会,用加密和数字签名技术解决医药审批中电子文档的安全问题,计算机与信息技术,http://www.ahcit.com/lanmuyd.asp?id=1146。
[20] yuekun,Java虚拟机的动态类加载http://blog.csdn.net/yuekun1172006/archive/2006/09/05/1177791.aspx
[21] J2ME内存占用详解及优化方法,http://hi.baidu.com/shlongli/blog/item/9606a00146746cd6267fb57f.html
[22] Java本地接口规范,http://www.iplab.cs.tsukuba.ac.jp/~liuxj/jdk1.2/zh/docs/guide/jni/spec/jniTOC.doc.html
[23] renyangok,类、对象初始化顺序,http://renyangok.javaeye.com/blog/monthblog?page=5&userid=30304&list=l&month=2006-12
[24] 客户端与服务器端交互,http://www.infhq.net/prog/prweb/20061009/101990.html
[25] 3.3由混淆程序执行的变换,《透视Java——反编译、修补和逆向工程》,http://book.csdn.net/bookfiles/55/100551606.shtml
[2] 何桥,李肃义,Java程序设计教程,中国水利水电出版社,2-3。
[3] Bacon. David F., Susan L Graham and Oliver J. Sharp. Compiler transformations for high-performance computing. ACM Computing Surveys, vol.26, no.4, December,1994, 345-420.
[4] Cifuentes. Cristina and K. John Gough. Decompilation of binary programs.Software-Practice and Experience,vol.25,no.7,July,1995,811-829.
[5] 董梁,刘艳,Java高级编程,清华大学出版社http://book.csdn.net/bookfiles/173/1001737778.shtml
[6] Martyn Honeyford.衡量Java本机编译http://www-900.ibm.com/developerworks/cn/java-native/index.shtml.
[7] 冀振燕,Java编译程序技术与Java性能,软件学报,2000 Vol.11 No.02.173-178。
[8] 胡守仁,戴葵,李宗伯,在嵌入式Java芯片中使用即时编译技术,计算机研究与发展,2001 Vol.38 No.03,375-379。
[9] 俞建新,孙希,Java虚拟机新技术探讨,计算机应用,2001 Vol.21 No.z1,74-76。
[10] Council for IBM Corporation. Software birthmarks. Talk to BCS Technology of Software Protection Special Interest Group. 1985.
[11] Christian Collberg,Clark Thomborson and Douglas Low. Breaking abstracts and unstructuring data structures. In IEEE International Conference on Computer Languages, ICCL'98 Chicago,IL,May 1998.http://www.cs.auckland.ac.nz/~collberg/ResearchPublications/CollbergThomborsorLow986/.
[12] Christian Collberg, Clark Thomborson and Douglas Low. Manufacturing cheap,resilient and stealthy opaque constructs. In Principals of programming Languages 1998,POPL'98,San Diego, CA,January 1998.http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsorL ow97c/.
[13] Zhao Jian, Luo Chenghui. Digital Watermark Mobile Agents. In 22nd National Information Systems Security Conference Proceedings, NTSSC'99, Hyat Regency Crystal City Virginia, USA, October 1999. http://csrc.ncsl.nist.gov/nissc/1999/proceeding/papers/p10.pdf.
[14] 罗嘉辉,曹斌,一种基于多智体的密钥管理方法,数字贵州http://www.digitalguizhou.org.en/is.asp?id=18。
[15] 刘木兰,周展飞,陈小明,密钥共享体制,科学通报2000 Vol.45 No.9 897-907。
[16] 张敦华,刘建,Java动态类加载机制及其应用,计算机工程与设计,2004 Vol.25 No.3,432-435。
[17] 王银江,凌力,JNI在安全加密系统效率改进中的应用,计算机工程,2004 Vol.30 No.12.99-100.
[18] Sun. Java 2 Plat form API Specification,http://java.sun.com/reference/api/index.html.
[19] 仇文军,孔英会,用加密和数字签名技术解决医药审批中电子文档的安全问题,计算机与信息技术,http://www.ahcit.com/lanmuyd.asp?id=1146。
[20] yuekun,Java虚拟机的动态类加载http://blog.csdn.net/yuekun1172006/archive/2006/09/05/1177791.aspx
[21] J2ME内存占用详解及优化方法,http://hi.baidu.com/shlongli/blog/item/9606a00146746cd6267fb57f.html
[22] Java本地接口规范,http://www.iplab.cs.tsukuba.ac.jp/~liuxj/jdk1.2/zh/docs/guide/jni/spec/jniTOC.doc.html
[23] renyangok,类、对象初始化顺序,http://renyangok.javaeye.com/blog/monthblog?page=5&userid=30304&list=l&month=2006-12
[24] 客户端与服务器端交互,http://www.infhq.net/prog/prweb/20061009/101990.html
[25] 3.3由混淆程序执行的变换,《透视Java——反编译、修补和逆向工程》,http://book.csdn.net/bookfiles/55/100551606.shtml