| With the continuous development of the software industry, especially the rapid development of network application, software security has become a problem which should be concerned mostly in computer security. The new breakthrough and development have emerged continually in computer security, which not only bring great convenience to people but also bring new threats to software security, so the software protection mechanism is forced to improve continually. With good platform-independent, Java language have been widely used in academic research and commercial development. However, because of java byte code contains most of the source structure information, so reverse engineering has become easier than ever and extracted to source code easily.How to protect application program from malicious host is a new issue that cannot be dealt by traditional technologies. Reverse engineering has become possible or distorted wilfully for software system in malicious host surroundings, the security, integrity and availability of software system are threatened. Therefore convenient and effective methods are needed to protect software and software intellectual property. Then the code obfuscation as a technology to prevent reverse engineering emerged. In practical application, the absolute security protection for software is impossible and also unnecessary. As long as the attacker is forced to pay a higher price, the code obfuscation technology can be considered reaching the effect of security protection. Currently, people pay more and more attention to code obfuscation which as a new protection software security technology.This paper took protecting software and improving the cost of reverse engineering as target, and deeply researched on reverse engineering and code obfuscation about defense and attack separately. Main contributions in the paper are:Firstly, the issues of application security and software protection are analysed. Against three software threatening models in software security currently, this paper emphase the threat of malicious hosts, as well as give the detailed introduction for several software protection technologies, such as:software watermark, software tamper-proofing, packers protection, software encryption, code obfuscation techniques and so on.Secondly, a detailed description is given for the structure and operation mechanism of Java vitual machine and a deep analysis is made for the format of Java class files. Meanwhile, we study the code obfuscation technology which including the concepts, definition. Currently, the code obfuscation technology consists of Layout Obfuscation, Control Obfuscation, Data Obfuscation and Preventive Obfuscation.Finally, the related concepts, classification, application and development direction of the reverse engineering are studied. Based on the understanding of the reverse engineering, against the protection of critical data of program, the paper design an obfuscation system, the basic idea is that through homomorphism encryption scheme and homomorphism data obfuscation to achieve dynamic data hiding, as well as the effectiveness, correctness and performance overload of obfuscation transformation are analysed from theoretical and practical. |
PDF Full Text Request