System for Executing Encrypted Java Programs

Michael Kiperberg, Amit Resh, Asaf Algawi, Nezer J. Zaidenberg

2017

Abstract

An important aspect of protecting software from attack, theft of algorithms, or illegal software use, is eliminating the possibility of performing reverse engineering. One common method to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more effective means of defying reverse engineering, but it requires managing a secret key available to none but the permissible users. Adequate systems for managing secret keys in a protected trust-zone and supporting execution of encrypted native code have been proposed in the past. Nevertheless, these systems are not suitable as is for protecting managed code. In this paper we propose enhancements to these systems so they support execution of encrypted Java programs that are resistant to reverse engineering. The main difficulty underlying Java protection with encryption is the interpretation that is performed by the JVM. The JVM will require the key to decrypt the encrypted portions of Java code and there is no feasible way of securing the key inside the JVM. To solve this, the authors propose implementing a Java bytecode interpreter inside a trust-zone, governed by a thin hypervisor. This interpreter will run in parallel to the standard JVM, both cooperating to execute encrypted Java programs.

References

  1. Algawi, A., Neittaanmaki, P., Zaidenberg, N. J., and Parisinos, T. (2014). In kernel implementation of rsa routines. In ICCSM, pages 149-153.
  2. Averbuch, A., Kiperberg, M., and Zaidenberg, N. J. (2011). An efficient vm-based software protection. In Network and System Security (NSS), 2011 5th International Conference on, pages 121-128.
  3. Averbuch, A., Kiperberg, M., and Zaidenberg, N. J. (2013). Truly-Protect: An Efficient VM-Based Software Protection. Systems Journal, IEEE, 7(3):455-466.
  4. Binder, W. and Hulaas, J. (2006). Exact and portable profiling for the jvm using bytecode instruction counting. Electronic Notes in Theoretical Computer Science, 164(3):45-64.
  5. Bohne, L. (2008). Pandora's Bochs: Automated Unpacking of Malware. In Pandora's Bochs: Automated Unpacking of Malware.
  6. Chander, A., Mitchell, J. C., and Shin, I. (2001). Mobile code security by Java bytecode instrumentation. In DARPA Information Survivability Conference & Exposition II, 2001. DISCEX'01. Proceedings, volume 2, pages 27-40. IEEE.
  7. Chubachi, Y., Shinagawa, T., and Kato, K. (2010). Hypervisor-based Prevention of Persistent Rootkits. In Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 7810, pages 214-220, New York, NY, USA. ACM.
  8. Collberg, C., Myles, G., and Stepp, M. (2007). An Empirical Study of Java Bytecode Programs. Softw. Pract. Exper., 37(6):581-641.
  9. England, P., Lampson, B., Manferdelli, J., Peinado, M., and Willman, B. (2003). A Trusted Open Platform. Computer, 36(7):55-62.
  10. Harkema, M., Quartel, D., Gijsen, B., and van der Mei, R. D. (2002). Performance monitoring of Java applications. In Proceedings of the 3rd international workshop on Software and performance, pages 114-127. ACM.
  11. Kiperberg, M., Resh, A., and Zaidenberg, N. J. (2015). Remote Attestation of Software and ExecutionEnvironment in Modern Machines. In CSCloud.
  12. Kiperberg, M. and Zaidenberg, N. J. (2013). Efficient Remote Authentication. In The Journal of Information Warfare, volume 12.
  13. Lee, H. B. and Zorn, B. G. (1997). BIT: A Tool for Instrumenting Java Bytecodes. In USENIX Symposium on Internet technologies and Systems, pages 73-82.
  14. Lindholm, T., Yellin, F., Bracha, G., and Buckley, A. (2013). The Java Virtual Machine Specification . Oracle Corporation.
  15. Luedde, M. (2012). Low impact debugging protocol. US Patent 8,312,438.
  16. Pearson, S. (2002). Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River, NJ, USA.
  17. Popek, G. J. and Goldberg, R. P. (1974). Formal Requirements for Virtualizable Third Generation Architectures. Commun. ACM, 17(7):412-421.
  18. Resh, A. and Zaidenberg, N. (2013). Can keys be hidden inside the cpu on modern windows host. In European Conference on Information Warfare, pages 231-235.
  19. Rolles, R. (2009). Unpacking Virtualization Obfuscators. In Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT'09, pages 1-1, Berkeley, CA, USA. USENIX Association.
  20. Schellekens, D., Wyseur, B., and Preneel, B. (2008). Remote Attestation on Legacy Operating Systems with Trusted Platform Modules. Sci. Comput. Program., 74(1-2):13-22.
  21. Seshadri, A., Perrig, A., van Doorn, L., and Khosla, P. (2004). SWATT: softWare-based attestation for embedded devices. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pages 272-282.
  22. Tarnovsky, C. (2012). Attacking TPM part two. In Defcon.
  23. Zaidenberg, N. and David, A. (2013). Truly protect video delivery. In European Conference on Information Warfare, pages 405-407.
  24. Zaidenberg, N. and David, A. (2014). Maintaining streaming video drm. In ICCSM, pages 149-153.
  25. Zaidenberg, N. J., Neittanmaki, P., Kiperberg, M., and Resh, A. (2015). Trusted computing and drm. In Martti Lehto, P. N., editor, Cyber Security: Analytics, Technology and Automation, chapter 13, pages 205- 214. Springer, Springe.
Download


Paper Citation


in Harvard Style

Kiperberg M., Resh A., Algawi A. and Zaidenberg N. (2017). System for Executing Encrypted Java Programs . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 245-252. DOI: 10.5220/0006078902450252


in Bibtex Style

@conference{icissp17,
author={Michael Kiperberg and Amit Resh and Asaf Algawi and Nezer J. Zaidenberg},
title={System for Executing Encrypted Java Programs},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={245-252},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006078902450252},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - System for Executing Encrypted Java Programs
SN - 978-989-758-209-7
AU - Kiperberg M.
AU - Resh A.
AU - Algawi A.
AU - Zaidenberg N.
PY - 2017
SP - 245
EP - 252
DO - 10.5220/0006078902450252