TY - GEN
T1 - System for executing encrypted Java programs
AU - Kiperberg, Michael
AU - Resh, Amit
AU - Algawi, Asaf
AU - Zaidenberg, Nezer J.
N1 - Publisher Copyright:
Copyright © 2017 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved.
PY - 2017
Y1 - 2017
N2 - An important aspect of protecting software from attack, theft of algorithms, or illegal software use, is eliminating the possibility of performing reverse engineering. One common method to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more effective means of defying reverse engineering, but it requires managing a secret key available to none but the permissible users. Adequate systems for managing secret keys in a protected trust-zone and supporting execution of encrypted native code have been proposed in the past. Nevertheless, these systems are not suitable as is for protecting managed code. In this paper we propose enhancements to these systems so they support execution of encrypted Java programs that are resistant to reverse engineering. The main difficulty underlying Java protection with encryption is the interpretation that is performed by the JVM. The JVM will require the key to decrypt the encrypted portions of Java code and there is no feasible way of securing the key inside the JVM. To solve this, the authors propose implementing a Java bytecode interpreter inside a trust-zone, governed by a thin hypervisor. This interpreter will run in parallel to the standard JVM, both cooperating to execute encrypted Java programs.
AB - An important aspect of protecting software from attack, theft of algorithms, or illegal software use, is eliminating the possibility of performing reverse engineering. One common method to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more effective means of defying reverse engineering, but it requires managing a secret key available to none but the permissible users. Adequate systems for managing secret keys in a protected trust-zone and supporting execution of encrypted native code have been proposed in the past. Nevertheless, these systems are not suitable as is for protecting managed code. In this paper we propose enhancements to these systems so they support execution of encrypted Java programs that are resistant to reverse engineering. The main difficulty underlying Java protection with encryption is the interpretation that is performed by the JVM. The JVM will require the key to decrypt the encrypted portions of Java code and there is no feasible way of securing the key inside the JVM. To solve this, the authors propose implementing a Java bytecode interpreter inside a trust-zone, governed by a thin hypervisor. This interpreter will run in parallel to the standard JVM, both cooperating to execute encrypted Java programs.
KW - Hypervisor
KW - Java
KW - Remote Attestation
KW - Trusted Computing
KW - Virtualization
UR - http://www.scopus.com/inward/record.url?scp=85049228815&partnerID=8YFLogxK
U2 - 10.5220/0006078902450252
DO - 10.5220/0006078902450252
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85049228815
T3 - ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy
SP - 245
EP - 252
BT - ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy
A2 - Mori, Paolo
A2 - Furnell, Steven
A2 - Camp, Olivier
T2 - 3rd International Conference on Information Systems Security and Privacy, ICISSP 2017
Y2 - 19 February 2017 through 21 February 2017
ER -