Research On Java Web Source Code Protection Based On Dynamic Decryption Technique

As the most popular programming language on the internet,Java is independent on platform,Object-oriented,easy to learn,efficient on execution and it also has other excellent features,which made it be widely applied in telecom,financial,medical and other large-scale enterpise project.In a word,Java has been the leader in enterprise application.In order to achieve cross-platform,Java source code will turn into bytecode file after it is compiled.Bytecode file is a kind of in-between code which is easy to be decompiled and the decompiled file has no defference with original.As a result,the developer's intellectual achievements will be plagiarized.Thus,we can't ensure the security of Java applications.So far there are some technologies to protect Java source code,but they all have their own limitations when it comes to Web applications.Based on deep research of the traditional Java code protection technology,this thesis proposed a Java Web source code protection scheme based on dynamic decryption technology.This sheme uses Advanced Encryption Standard(AES)algorithm supposed by JCE,JVMTI callback function,etc.It is of high security,performance optimization and has flexible deployment features.This schemecontains two modules:encryption and dynamic decryption module,include Encryption Module and Decryption Module.Encryption Module:select Java class files that need to be encrypted with an automatic selection algorithm,then encrypt these files on the basis of JCE and AES encryption algorithm.Encryption key generated this process will be transformed and hided in the decryption module.Decryption Module:decryption algorithm realized by native programing language will create a dynamic link library(DLL)file after it is compiled.The encryption key is hided in the DLL file,and in this way the serurity of the system will be improved because the DLL file can not be decompiled.The callbacks function provided by JVM Tools Interface will monitor the events of class file loading.And it also decide whether to call the decrypted DLL file to perform the decryption operation according to the loaded class file is encrypted or not.In this way,this scheme need not modifi JVM and the whole system is more flexible and secure.In the last part of this paper,the whole scheme was deployed on actual Web application in order to test and anylize the result of this scheme.