JP5689472B2 - 悪意ある実行環境内での静的および動的攻撃からJavaバイトコードを保護するシステムおよび方法 - Google Patents

悪意ある実行環境内での静的および動的攻撃からJavaバイトコードを保護するシステムおよび方法 Download PDF

Info

Publication number
JP5689472B2
JP5689472B2 JP2012538154A JP2012538154A JP5689472B2 JP 5689472 B2 JP5689472 B2 JP 5689472B2 JP 2012538154 A JP2012538154 A JP 2012538154A JP 2012538154 A JP2012538154 A JP 2012538154A JP 5689472 B2 JP5689472 B2 JP 5689472B2
Authority
JP
Japan
Prior art keywords
bytecode
java
protection
security module
protected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2012538154A
Other languages
English (en)
Japanese (ja)
Other versions
JP2013511077A (ja
Inventor
ユエン シャン グ
ユエン シャン グ
アダムス ガーネイ
アダムス ガーネイ
ロン ジャック
ロン ジャック
Original Assignee
イルデト カナダ コーポレーション
イルデト カナダ コーポレーション
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by イルデト カナダ コーポレーション, イルデト カナダ コーポレーション filed Critical イルデト カナダ コーポレーション
Publication of JP2013511077A publication Critical patent/JP2013511077A/ja
Application granted granted Critical
Publication of JP5689472B2 publication Critical patent/JP5689472B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Devices For Executing Special Programs (AREA)
  • Storage Device Security (AREA)
JP2012538154A 2009-11-13 2010-11-12 悪意ある実行環境内での静的および動的攻撃からJavaバイトコードを保護するシステムおよび方法 Expired - Fee Related JP5689472B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US26088709P 2009-11-13 2009-11-13
US61/260,887 2009-11-13
PCT/CA2010/001761 WO2011057393A1 (en) 2009-11-13 2010-11-12 System and method to protect java bytecode code against static and dynamic attacks within hostile execution environments

Publications (2)

Publication Number Publication Date
JP2013511077A JP2013511077A (ja) 2013-03-28
JP5689472B2 true JP5689472B2 (ja) 2015-03-25

Family

ID=43991129

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2012538154A Expired - Fee Related JP5689472B2 (ja) 2009-11-13 2010-11-12 悪意ある実行環境内での静的および動的攻撃からJavaバイトコードを保護するシステムおよび方法

Country Status (8)

Country Link
US (1) US9213826B2 (enExample)
EP (2) EP2467800B1 (enExample)
JP (1) JP5689472B2 (enExample)
KR (1) KR20130018642A (enExample)
CN (1) CN102598017B (enExample)
CA (1) CA2774728C (enExample)
IN (1) IN2012DN02458A (enExample)
WO (1) WO2011057393A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210094300A (ko) * 2020-01-21 2021-07-29 주식회사 행복소프트 응용프로그램의 동적 변조 탐지 방법 및 장치

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8424082B2 (en) * 2008-05-08 2013-04-16 Google Inc. Safely executing an untrusted native code module on a computing device
EP2402880A1 (en) * 2010-07-01 2012-01-04 Aladdin Europe GmbH Method and device for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language
FR2967275B1 (fr) * 2010-11-10 2012-12-28 Oberthur Technologies Procede, programme d'ordinateur et dispositif de securisation de code intermediaire de programmation pour son execution par une machine virtuelle
US8812868B2 (en) 2011-03-21 2014-08-19 Mocana Corporation Secure execution of unsecured apps on a device
US9396325B2 (en) 2011-03-21 2016-07-19 Mocana Corporation Provisioning an app on a device and implementing a keystore
US8955142B2 (en) * 2011-03-21 2015-02-10 Mocana Corporation Secure execution of unsecured apps on a device
US9473485B2 (en) 2011-03-21 2016-10-18 Blue Cedar Networks, Inc. Secure single sign-on for a group of wrapped applications on a computing device and runtime credential sharing
WO2012129639A2 (en) * 2011-03-31 2012-10-04 Irdeto Canada Corporation Method of securing non-native code
EP2761463A1 (en) * 2011-09-30 2014-08-06 Newman Infinite, Inc. Apparatus, method and computer-readable storage medium for securing javascript
US9021271B1 (en) * 2011-12-27 2015-04-28 Emc Corporation Injecting code decrypted by a hardware decryption module into Java applications
KR101944010B1 (ko) * 2012-02-24 2019-01-30 삼성전자 주식회사 애플리케이션의 변조 감지 방법 및 장치
EP2831790B1 (en) * 2012-03-30 2020-09-23 Irdeto B.V. Secured execution of a web application
WO2014133528A1 (en) * 2013-02-28 2014-09-04 Hewlett-Packard Development Company, L.P. Determining coverage of dynamic security scans using runtime and static code analyses
US9141823B2 (en) * 2013-03-15 2015-09-22 Veridicom, Sa De Cv Abstraction layer for default encryption with orthogonal encryption logic session object; and automated authentication, with a method for online litigation
KR101500512B1 (ko) * 2013-05-15 2015-03-18 소프트캠프(주) 데이터 프로세싱 시스템 보안 장치와 보안방법
US9378034B2 (en) 2013-05-16 2016-06-28 Sap Se Dynamic bytecode modification of classes and class hierarchies
US8943592B1 (en) 2013-07-15 2015-01-27 Eset, Spol. S.R.O. Methods of detection of software exploitation
KR101350390B1 (ko) * 2013-08-14 2014-01-16 숭실대학교산학협력단 코드 난독화 장치 및 그 방법
KR101471589B1 (ko) * 2013-08-22 2014-12-10 (주)잉카엔트웍스 공통중간언어 기반 프로그램을 위한 보안 제공 방법
KR101490047B1 (ko) * 2013-09-27 2015-02-04 숭실대학교산학협력단 자가변환 기반 애플리케이션 코드 난독화 장치 및 그 방법
US9792354B2 (en) 2013-09-30 2017-10-17 Microsoft Technology Licensing, Llc Context aware user interface parts
US9740854B2 (en) * 2013-10-25 2017-08-22 Red Hat, Inc. System and method for code protection
KR101556908B1 (ko) * 2013-11-14 2015-10-02 (주)잉카엔트웍스 프로그램 보호 장치
GB201405754D0 (en) * 2014-03-31 2014-05-14 Irdeto Bv Protecting an item of software comprising conditional code
KR101566142B1 (ko) * 2014-10-21 2015-11-06 숭실대학교산학협력단 사용자 단말기 및 그것을 이용한 응용 프로그램의 핵심코드 보호 방법
CN104375938B (zh) * 2014-11-20 2017-09-05 工业和信息化部电信研究院 安卓应用程序的动态行为监测方法及系统
EP3026559A1 (en) * 2014-11-28 2016-06-01 Thomson Licensing Method and device for providing verifying application integrity
WO2016112338A1 (en) * 2015-01-08 2016-07-14 Intertrust Technologies Corporation Cryptographic systems and methods
CN107430650B (zh) * 2015-03-02 2020-10-09 因温特奥股份公司 保护计算机程序以抵御逆向工程
US9460284B1 (en) * 2015-06-12 2016-10-04 Bitdefender IPR Management Ltd. Behavioral malware detection using an interpreter virtual machine
KR101740133B1 (ko) * 2015-08-10 2017-05-26 라인 가부시키가이샤 어플리케이션의 코드를 보호하기 위한 시스템 및 방법
KR101740134B1 (ko) * 2015-08-10 2017-05-26 라인 가부시키가이샤 어플리케이션의 코드 난독화를 위한 시스템 및 방법
WO2017056194A1 (ja) * 2015-09-29 2017-04-06 株式会社 東芝 情報機器または情報通信端末および、情報処理方法
EP3391583B1 (en) * 2015-12-15 2019-07-24 Koninklijke Philips N.V. A computation device and method
EP3188063A1 (en) * 2015-12-29 2017-07-05 GuardSquare NV A build system
MA44905A (fr) * 2016-04-05 2018-05-09 Mi Group B V Système et procédé d'informations de vol
US10073975B2 (en) 2016-08-11 2018-09-11 International Business Machines Corporation Application integrity verification in multi-tier architectures
US10394554B1 (en) * 2016-09-09 2019-08-27 Stripe, Inc. Source code extraction via monitoring processing of obfuscated byte code
US11423140B1 (en) * 2017-03-27 2022-08-23 Melih Abdulhayoglu Auto-containment of guest user applications
US10951644B1 (en) 2017-04-07 2021-03-16 Comodo Security Solutions, Inc. Auto-containment of potentially vulnerable applications
CN107294702B (zh) * 2017-07-17 2020-04-28 四川长虹电器股份有限公司 基于Hybrid APP自身特征的前端代码加密方法
EP3665566A4 (en) 2017-08-08 2021-04-21 Crypto4A Technologies Inc. Secure machine executable code deployment and execution method and system
CN107480478B (zh) * 2017-08-14 2019-08-13 钟尚亮 一种java应用程序的加密方法及运行方法
EP3861469B1 (en) 2018-10-23 2023-05-31 Huawei Technologies Co., Ltd. Device and method for validation of virtual function pointers
EP3709560A1 (en) * 2019-03-14 2020-09-16 Thales Dis France SA Method for provisioning white-box assets and corresponding device, server and system
US11468881B2 (en) * 2019-03-29 2022-10-11 Samsung Electronics Co., Ltd. Method and system for semantic intelligent task learning and adaptive execution
KR102243378B1 (ko) * 2019-04-02 2021-04-22 (주)드림시큐리티 자바 라이브러리의 무결성을 보장하기 위한 방법 및 장치
US11150915B2 (en) 2019-09-13 2021-10-19 International Business Machines Corporation Deferred bytecode class verification in managed runtime environments
US10963275B1 (en) 2019-10-31 2021-03-30 Red Hat, Inc. Implementing dependency injection via direct bytecode generation
CN110826031B (zh) * 2019-10-31 2022-08-02 望海康信(北京)科技股份公司 加密方法、装置、计算机设备及存储介质
JP7079502B2 (ja) * 2019-11-14 2022-06-02 株式会社アクセル 推論システム
US11403075B2 (en) 2019-11-25 2022-08-02 International Business Machines Corporation Bytecode verification using class relationship caching
CN111143029B (zh) * 2019-12-19 2024-03-22 浪潮软件股份有限公司 基于Gitlab-CI回调集成实现虚拟机一致、自动伸缩的持续构建环境的方法
KR20210112923A (ko) 2020-03-06 2021-09-15 삼성전자주식회사 시스템 온 칩 및 이의 동작 방법
US11550883B2 (en) * 2020-09-08 2023-01-10 Assured Information Security, Inc. Code protection
CN113239330A (zh) * 2021-06-10 2021-08-10 杭州安恒信息技术股份有限公司 一种基于散列算法的反调试方法及相关装置
CN114036524B (zh) * 2021-10-29 2025-11-21 中国银联股份有限公司 一种电子设备
CN114928550B (zh) * 2022-04-29 2024-05-03 杭州默安科技有限公司 一种数据库交互账户安全检测方法及系统
CN116020127A (zh) * 2022-12-23 2023-04-28 安天科技集团股份有限公司 一种运行游戏的方法、装置及发送游戏的方法、装置
CN117932648B (zh) * 2024-03-20 2024-06-04 厦门星纵数字科技有限公司 一种字节码保护方法、终端设备及存储介质
CN118260750B (zh) * 2024-05-27 2024-09-17 北京升鑫网络科技有限公司 攻击行为检测方法和装置、攻击行为阻断方法和装置

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5692047A (en) 1995-12-08 1997-11-25 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
JP4739465B2 (ja) 1997-06-09 2011-08-03 インタートラスト テクノロジーズ コーポレイション ソフトウェアセキュリティを増強するための混乱化技術
US6594761B1 (en) 1999-06-09 2003-07-15 Cloakware Corporation Tamper resistant software encoding
US6779114B1 (en) 1999-08-19 2004-08-17 Cloakware Corporation Tamper resistant software-control flow encoding
CA2304433A1 (en) 2000-04-05 2001-10-05 Cloakware Corporation General purpose access recovery scheme
CA2305078A1 (en) 2000-04-12 2001-10-12 Cloakware Corporation Tamper resistant software - mass data encoding
US7020882B1 (en) * 2000-09-14 2006-03-28 International Business Machines Corporation Method, system, and program for remotely manipulating a user interface over a network
GB0024918D0 (en) * 2000-10-11 2000-11-22 Sealedmedia Ltd Method of providing java tamperproofing
CA2327911A1 (en) 2000-12-08 2002-06-08 Cloakware Corporation Obscuring functions in computer software
US7039814B2 (en) * 2001-03-07 2006-05-02 Sony Corporation Method for securing software via late stage processor instruction decryption
CA2348355A1 (en) 2001-05-24 2002-11-24 Cloakware Corporation General scheme of using encodings in computations
CA2350029A1 (en) 2001-06-08 2002-12-08 Cloakware Corporation Sustainable digital watermarking via tamper-resistant software
CA2354470A1 (en) 2001-07-30 2003-01-30 Cloakware Corporation Active content for secure digital media
US7516331B2 (en) * 2003-11-26 2009-04-07 International Business Machines Corporation Tamper-resistant trusted java virtual machine and method of using the same
JP2005293109A (ja) 2004-03-31 2005-10-20 Canon Inc ソフトウェア実行管理装置、ソフトウェア実行管理方法、及び制御プログラム
WO2007011001A1 (ja) * 2005-07-22 2007-01-25 Matsushita Electric Industrial Co., Ltd. 実行装置
US7788730B2 (en) * 2006-01-17 2010-08-31 International Business Machines Corporation Secure bytecode instrumentation facility
WO2007147495A2 (en) 2006-06-21 2007-12-27 Wibu-Systems Ag Method and system for intrusion detection
JP2009258772A (ja) 2006-08-09 2009-11-05 Panasonic Corp アプリケーション実行装置
DE102007045743A1 (de) * 2007-09-25 2009-04-02 Siemens Ag Verfahren und System zum Schutz gegen einen Zugriff auf einen Maschinencode eines Gerätes
US20110035601A1 (en) 2007-12-21 2011-02-10 University Of Virginia Patent Foundation System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms
US20110083020A1 (en) 2008-01-31 2011-04-07 Irdeto Access B.V. Securing a smart card
EP2196934A1 (en) * 2008-12-09 2010-06-16 Gemalto SA Method for securing java bytecode

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20210094300A (ko) * 2020-01-21 2021-07-29 주식회사 행복소프트 응용프로그램의 동적 변조 탐지 방법 및 장치
KR102338885B1 (ko) 2020-01-21 2021-12-14 주식회사 행복소프트 응용프로그램의 동적 변조 탐지 방법 및 장치

Also Published As

Publication number Publication date
CA2774728A1 (en) 2011-05-19
CN102598017A (zh) 2012-07-18
CN102598017B (zh) 2016-03-09
EP2467800A1 (en) 2012-06-27
EP3923165A1 (en) 2021-12-15
IN2012DN02458A (enExample) 2015-08-21
EP2467800B1 (en) 2021-06-30
CA2774728C (en) 2019-02-12
WO2011057393A1 (en) 2011-05-19
KR20130018642A (ko) 2013-02-25
US20120246487A1 (en) 2012-09-27
EP2467800A4 (en) 2016-03-16
US9213826B2 (en) 2015-12-15
JP2013511077A (ja) 2013-03-28

Similar Documents

Publication Publication Date Title
JP5689472B2 (ja) 悪意ある実行環境内での静的および動的攻撃からJavaバイトコードを保護するシステムおよび方法
Hu et al. Data-oriented programming: On the expressiveness of non-control data attacks
US10255414B2 (en) Software self-defense systems and methods
US20170024230A1 (en) Method, apparatus, and computer-readable medium for ofuscating execution of an application on a virtual machine
US20020144153A1 (en) Systems and methods for preventing unauthorized use of digital content
JP2004038966A (ja) セキュアな変数データ保護を提供するセキュアで不明瞭なタイプライブラリ
WO2013170724A1 (zh) 安卓系统中java应用程序的保护方法
Shioji et al. Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks
Götzfried et al. Soteria: Offline software protection within low-cost embedded devices
US20050198516A1 (en) Intentional cascade failure
Cappaert et al. Self-encrypting code to protect against analysis and tampering
Gelbart et al. CODESSEAL: Compiler/FPGA approach to secure applications
Buckwell et al. Execution at RISC: Stealth JOP Attacks on RISC-V Applications
AU2002219852B2 (en) Systems and methods for preventing unauthorized use of digital content
Pizzolotto et al. Mitigating Debugger-based Attacks to Java Applications with Self-debugging
AU2002219852A1 (en) Systems and methods for preventing unauthorized use of digital content
Epifani Control-Flow Integrity for Embedded Systems: Study Case of an FPGA-Based Solution
Cloosters et al. Salsa: SGX Attestation for Live Streaming Applications
Togan et al. Virtual machine for encrypted code execution
Aelterman Exploitation of synergies between software protections
Pérez et al. Execution at RISC: Stealth JOP Attacks on RISC-V Applications
Shonia et al. ANALYSIS OF WINDOWS PORTABLE EXECUTABLE SOFTWARE PROTECTION SYSTEMS
AU2010202883A1 (en) Systems and Methods for Preventing Unauthorized Use of Digital Content

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20131025

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20140716

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20140805

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20141104

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20141111

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20141201

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20141208

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20150105

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20150127

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20150128

R150 Certificate of patent or registration of utility model

Ref document number: 5689472

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R371 Transfer withdrawn

Free format text: JAPANESE INTERMEDIATE CODE: R371

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

LAPS Cancellation because of no payment of annual fees