CN104268444A - Cloud OS Java source code protection method - Google Patents
Cloud OS Java source code protection method Download PDFInfo
- Publication number
- CN104268444A CN104268444A CN201410420197.4A CN201410420197A CN104268444A CN 104268444 A CN104268444 A CN 104268444A CN 201410420197 A CN201410420197 A CN 201410420197A CN 104268444 A CN104268444 A CN 104268444A
- Authority
- CN
- China
- Prior art keywords
- source code
- file
- encryption
- cloud
- classloader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 15
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a cloud OS Java source code protection method and belongs to the field of computer security. The method specifically includes the steps of 1), for source code compiling, using Ant to package the project source codes into a War package and extract the War package into a file mode; 2), for document encryption, encrypting a source code document under the designated file and reducing risks that a source Class document is directly decompiled; 3), for class loader rewriting, decrypting the source code document through a user-defined JVM (java virtual machine)-class loader; 4), for class loader confusion, realizing the purposes of disturbing a logic and concealed decryption algorithm of the loader by confusing the user-defined class loader. The source code document is encrypted through the advanced encryption algorithm, the compiled encrypted document is supplied, and the source codes are protected originally; encryption keys of the documents are different, so that individual keys are prevented from being lost to cause decryption of an entire project.
Description
Technical field
The present invention relates to a kind of source code guard method, belong to computer system security field, specifically a kind of cloud OS Java source code guard method.
Background technology
Along with the development of Information technology, cloud computing progressively becomes the Hot spots for development of industry, and the cloud computing service platform of domestic and international all big enterprises also starts to put into multiple fields such as science, education, culture, health, government, high-performance calculation, ecommerce, Internet of Things one after another and uses.
Tide sea of clouds OS cloud data center's management platform (hereinafter referred to as cloud OS) is cloud data center resource management maintenance software, compatible different virtualization architecture, monitoring, management cloud resource and data center's soft and hardware resource, the service of optimized integration facility.Platform provides abundant functional module and api interface, helps the enterprises service of user's rapid deployment, effectively promotes cloud data center management O&M efficiency.
On coding, cloud OS uses cross-platform Java language to develop.But the use of Java language, decompiling is become be very easy to and effectively.Reason is as follows:
1) due to cross-platform demand, the instruction set of Java is fairly simple and general, is easier to the semantic information drawing program;
2) each class is compiled into an independent file by Java compiler, this also simplifies the work of decompiling;
3), in the Class file of Java, still retain all method names, name variable, and visit variable and method by these titles, these symbols are often with many semantic informations.
At present, market has the decompiling instrument of many Java, have free, also have business to use, also have plenty of open source code, decompiling speed and effect are all very good.Good decompiling software, decompiling can go out the program of closely source code.Therefore, by decompiler, hacker can change these programs, or multiplexing program wherein.How protecting java applet not by decompiling, is a very important problem.
Summary of the invention
The present invention is directed to deficiency and the problem of prior art existence, provide the guard method of a kind of cloud OS Java source code, the concrete scheme of proposition is:
The guard method of a kind of cloud OS Java source code, is characterized in that concrete steps are:
1. compilation of source code, used by project source code Ant to break into War bag, and decompress(ion) is the form of file;
2. file encryption, by the sound code file encryption under specified folder, reduces source Class file by the risk of direct decompiling;
3. Classloader is rewritten, by self-defined JVM Classloader, deciphering sound code file;
4. obscuring Classloader, by obscuring self defined class loader, reaching the object upset Classloader logic, hide decipherment algorithm.
The described step 1. middle Ant of use compiles project source code, only safeguards a build file.
Described step 2. in dynamically generate the encryption key of each sound code file, successively AES and Base64 encryption is carried out to it.
Described passes through rewriting Classloader, makes the self-defined Class file after encrypting be deciphered and be loaded into JVM, only deposits in internal memory by the Class after deciphering, prevent sound code file stolen.
Usefulness of the present invention is: adopt advanced cryptographic algorithm to be encrypted sound code file, only provided away by the encrypt file after compiling, source code protects by root; The encryption key of each file is all different, prevents from losing because of indivedual key causing cracking of whole engineering; Innovatively propose the scheme of rewriting Classloader, when Classloader loads source code file, the file of encryption is decrypted, is all kept in the internal memory of JVM afterwards, ensure that the file after deciphering is not obtained by anyone; Classloader is carried out obscuring process, is converted to code hard to understand, prevent hacker from passing through to crack Classloader and obtain the algorithm deciphering source code; By the heavy protection of above triple protection, guarantee that the intellecture property of cloud OS Java source code is not destroyed.
Accompanying drawing explanation
Fig. 1 schematic flow sheet of the present invention; The encryption flow schematic diagram of Fig. 2 AES encryption algorithm; The encryption and decryption schematic flow sheet of Fig. 3 Base64 algorithm; The deciphering schematic flow sheet of Fig. 4 AES encryption algorithm.
Embodiment
With reference to the accompanying drawings 1, the specific embodiment of the present invention is described.
As described in summary of the invention, architecture of the present invention mainly comprises: compilation of source code (1), file encryption (2), rewrite Classloader (3), obscure Classloader (4).
Wherein, compilation of source code (1) is the optimized integration of the program.Using Ant mode to pack each Web engineering in cloud OS engineering source code, first engineering is broken into War bag, is then the form of file by its decompress(ion).The Class file after compiling is comprised in file.
File encryption (2) is the first heavy safeguard measure of the program, by Class sound code file is encrypted, and protection sound code file.Concrete steps are as follows:
S1 Choice encryption algorithm.The cryptographic algorithm that the security of current industry main flow is higher comprises DES, AES, RSA, MD5 etc.With reference to the encryption flow schematic diagram of accompanying drawing 2, this programme selects AES encryption algorithm.
S2 defines encryption key.For preventing causing cracking of whole engineering because indivedual key loss, it is the encryption key that each Class document definition is different.Adopt the Base64 as accompanying drawing 4 to encrypt (coding) algorithm, Class path and filename are encrypted as character string, generate the key of each file.
Write AES encryption code, compile it as and can perform jar bag; Write shell script, by calling jar bag, reading the Class file under all items, and using S2 to walk the encryption key of trying to achieve, the bytecode of each Class file is carried out AES encryption, replace source document.
Class file after the encryption of S3 step for safety, being carried out Base64 encryption, and by adding flag, distinguishing encryption and unencrypted Class file by S4 again, and when preventing existing encryption Class in engineering from having again a non-encrypted Class, Classloader loading makes mistakes.
Rewrite the second heavy safeguard measure that Classloader (3) is the program, by rewriting each Classloader of JVM, realize the deciphering to encryption Class and loading, concrete steps are as follows:
Byte order upset by Class file after S1 encryption, and under being therefore put into common Tomcat server, operation can report an error.In view of cloud OS is Tomcat6.X+Spring+Struts+Hibernate+Mysql project, Tomcat and Spring all comprises oneself Classloader, therefore needs the Classloader code rewriting Tomcat and Spring respectively.
S2 reads Class file, judges whether to comprise flag, if comprised, use Base64 algorithm to be decrypted, otherwise direct Classloader loads.
The file of S2 step after Base64 deciphering uses AES decipherment algorithm to be decrypted by S3, and is loaded in JVM.
Obscure the triple protection measure that Classloader (4) is the program, by being upset by the code of Classloader, protection decrypted program is not cracked, and concrete steps are as follows:
Tomcat and Spring compiles by S1 respectively, generates jar bag;
S2 use Open Source Code is obscured instrument Proguard and is obscured by the jar bag of S1 step output, generates bag hard to understand, under being put into the corresponding lib catalogue of Tomcat and Spring respectively;
Under project file after encryption is put into Tomcat webapps catalogue by S3, and restart Tomcat, engineering operation is normal.Class file contrast before and after additional encryption.
Claims (4)
1. a cloud OS Java source code guard method, is characterized in that concrete steps are:
1. compilation of source code, used by project source code Ant to break into War bag, and decompress(ion) is the form of file;
2. file encryption, by the sound code file encryption under specified folder, reduces source Class file by the risk of direct decompiling;
3. Classloader is rewritten, by self-defined JVM Classloader, deciphering sound code file;
4. obscuring Classloader, by obscuring self defined class loader, reaching the object upset Classloader logic, hide decipherment algorithm.
2. a kind of cloud OS Java source code according to claim 1 guard method, is characterized in that using Ant to compile project source code, only safeguards a build file.
3. a kind of cloud OS Java source code according to claim 2 guard method, is characterized in that the encryption key dynamically generating each sound code file, successively carries out AES and Base64 encryption to it.
4. a kind of cloud OS Java source code according to claim 2 guard method; it is characterized in that by rewriting Classloader; make the self-defined Class file after encrypting be deciphered and be loaded into JVM, only the Class after deciphering is deposited in internal memory, prevent sound code file stolen.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410420197.4A CN104268444A (en) | 2014-08-25 | 2014-08-25 | Cloud OS Java source code protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410420197.4A CN104268444A (en) | 2014-08-25 | 2014-08-25 | Cloud OS Java source code protection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104268444A true CN104268444A (en) | 2015-01-07 |
Family
ID=52159965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410420197.4A Pending CN104268444A (en) | 2014-08-25 | 2014-08-25 | Cloud OS Java source code protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104268444A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257282A (en) * | 2017-05-18 | 2017-10-17 | 柚子(北京)移动技术有限公司 | A kind of full bag encryption method of code based on RC4 algorithms |
| CN108076050A (en) * | 2017-11-15 | 2018-05-25 | 广州鑫燕网络科技有限公司 | A kind of method and system of ciphertext joint sealing formula protection JavaScript source codes |
| CN108985096A (en) * | 2018-07-13 | 2018-12-11 | 厦门市美亚柏科信息股份有限公司 | A kind of enhancing of Android SQLite database security, method for safely carrying out and device |
| CN109543366A (en) * | 2017-09-22 | 2019-03-29 | 中国移动通信集团浙江有限公司 | A kind of source code encryption method and its device and system |
| CN109598106A (en) * | 2018-12-05 | 2019-04-09 | 国能日新科技股份有限公司 | Enterprise-level BS application guard method, device and electronic equipment |
| CN109815718A (en) * | 2019-01-18 | 2019-05-28 | 国能日新科技股份有限公司 | WAR program source file encryption protecting method and system |
| CN110059455A (en) * | 2019-04-09 | 2019-07-26 | 北京迈格威科技有限公司 | Code encryption method, apparatus, electronic equipment and computer readable storage medium |
| CN110764782A (en) * | 2019-10-31 | 2020-02-07 | 贵阳动视云科技有限公司 | Software protection method and device |
| CN110855433A (en) * | 2019-11-07 | 2020-02-28 | 深圳市信联征信有限公司 | Data encryption method and device based on encryption algorithm and computer equipment |
| CN111159661A (en) * | 2018-11-08 | 2020-05-15 | 迈普通信技术股份有限公司 | Decompilation prevention method and device, electronic equipment and storage medium |
| CN112131536A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Method for preventing Java program from being decompiled |
| CN112764827A (en) * | 2020-12-31 | 2021-05-07 | 重庆广播电视大学重庆工商职业学院 | Java class hot loading method with safety verification |
| CN113032741A (en) * | 2021-04-20 | 2021-06-25 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
-
2014
- 2014-08-25 CN CN201410420197.4A patent/CN104268444A/en active Pending
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107257282A (en) * | 2017-05-18 | 2017-10-17 | 柚子(北京)移动技术有限公司 | A kind of full bag encryption method of code based on RC4 algorithms |
| CN107257282B (en) * | 2017-05-18 | 2021-01-08 | 柚子(北京)移动技术有限公司 | Code full-package encryption method based on RC4 algorithm |
| CN109543366A (en) * | 2017-09-22 | 2019-03-29 | 中国移动通信集团浙江有限公司 | A kind of source code encryption method and its device and system |
| CN109543366B (en) * | 2017-09-22 | 2021-07-06 | 中国移动通信集团浙江有限公司 | Source code encryption method, device and system |
| CN108076050B (en) * | 2017-11-15 | 2020-06-30 | 广州鑫燕网络科技有限公司 | Method and system for protecting JavaScript source code in ciphertext sealing box mode |
| CN108076050A (en) * | 2017-11-15 | 2018-05-25 | 广州鑫燕网络科技有限公司 | A kind of method and system of ciphertext joint sealing formula protection JavaScript source codes |
| CN108985096A (en) * | 2018-07-13 | 2018-12-11 | 厦门市美亚柏科信息股份有限公司 | A kind of enhancing of Android SQLite database security, method for safely carrying out and device |
| CN108985096B (en) * | 2018-07-13 | 2021-11-02 | 厦门市美亚柏科信息股份有限公司 | Security enhancement and security operation method and device for Android SQLite database |
| CN111159661A (en) * | 2018-11-08 | 2020-05-15 | 迈普通信技术股份有限公司 | Decompilation prevention method and device, electronic equipment and storage medium |
| CN109598106A (en) * | 2018-12-05 | 2019-04-09 | 国能日新科技股份有限公司 | Enterprise-level BS application guard method, device and electronic equipment |
| CN109815718A (en) * | 2019-01-18 | 2019-05-28 | 国能日新科技股份有限公司 | WAR program source file encryption protecting method and system |
| CN110059455A (en) * | 2019-04-09 | 2019-07-26 | 北京迈格威科技有限公司 | Code encryption method, apparatus, electronic equipment and computer readable storage medium |
| CN110764782B (en) * | 2019-10-31 | 2021-01-26 | 贵阳动视云科技有限公司 | Software protection method and device |
| CN110764782A (en) * | 2019-10-31 | 2020-02-07 | 贵阳动视云科技有限公司 | Software protection method and device |
| CN110855433A (en) * | 2019-11-07 | 2020-02-28 | 深圳市信联征信有限公司 | Data encryption method and device based on encryption algorithm and computer equipment |
| CN112131536A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Method for preventing Java program from being decompiled |
| CN112764827A (en) * | 2020-12-31 | 2021-05-07 | 重庆广播电视大学重庆工商职业学院 | Java class hot loading method with safety verification |
| CN112764827B (en) * | 2020-12-31 | 2023-04-07 | 重庆广播电视大学重庆工商职业学院 | Java class hot loading method with safety verification |
| CN113032741A (en) * | 2021-04-20 | 2021-06-25 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113032741B (en) * | 2021-04-20 | 2024-01-26 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104268444A (en) | Cloud OS Java source code protection method | |
| CN102760219B (en) | A kind of Android platform software protection system, method and apparatus | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| CN105683990B (en) | Method and apparatus for protecting dynamic base | |
| KR101216995B1 (en) | A code encryption and decryption device against reverse engineering based on indexed table and the method thereof | |
| KR102433011B1 (en) | Method of apk file protection, apk file protection system performing the same, and storage medium storing the same | |
| Bauman et al. | Sgxelide: enabling enclave code secrecy via self-modification | |
| CN102708322A (en) | Method for protecting JAVA application programs in Android system | |
| CN101872404B (en) | Method for protecting Java software program | |
| CN102087605A (en) | Android-based platform application installation control method and system | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| Piao et al. | Server‐based code obfuscation scheme for APK tamper detection | |
| CN103617401A (en) | Method and device for protecting data files | |
| CN101957903A (en) | Method and device for protecting class files | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| Gora et al. | A flexible design flow for software IP binding in FPGA | |
| Demsky | Cross-application data provenance and policy enforcement | |
| CN103853943A (en) | Program protection method and device | |
| CN114547558A (en) | Authorization method, authorization control method and device, equipment and medium | |
| CN109510702A (en) | A method of it key storage based on computer characteristic code and uses | |
| CN107871066B (en) | Code compiling method and device based on android system | |
| Shi et al. | A security-improved scheme for virtual TPM based on KVM | |
| CN107257282A (en) | A kind of full bag encryption method of code based on RC4 algorithms | |
| KR20140139392A (en) | Method for generating application execution file for mobile device, application execution method of mobile device, device for generating application execution file and mobile device | |
| CN103605927A (en) | Encryption and decryption method based on embedded Linux system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150107 |
|
| WD01 | Invention patent application deemed withdrawn after publication |