KR20130018642A - 적대적 실행 환경 내에서 정적 및 동적 공격들에 대하여 자바 바이트코드 코드를 보호하는 시스템 및 방법 - Google Patents

적대적 실행 환경 내에서 정적 및 동적 공격들에 대하여 자바 바이트코드 코드를 보호하는 시스템 및 방법 Download PDF

Info

Publication number
KR20130018642A
KR20130018642A KR1020127015162A KR20127015162A KR20130018642A KR 20130018642 A KR20130018642 A KR 20130018642A KR 1020127015162 A KR1020127015162 A KR 1020127015162A KR 20127015162 A KR20127015162 A KR 20127015162A KR 20130018642 A KR20130018642 A KR 20130018642A
Authority
KR
South Korea
Prior art keywords
bytecode
java
security
protection
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
KR1020127015162A
Other languages
English (en)
Korean (ko)
Inventor
유안 시앙 구
가니 아담스
잭 롱
Original Assignee
어데토 캐나다 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 어데토 캐나다 코포레이션 filed Critical 어데토 캐나다 코포레이션
Publication of KR20130018642A publication Critical patent/KR20130018642A/ko
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Devices For Executing Special Programs (AREA)
  • Storage Device Security (AREA)
KR1020127015162A 2009-11-13 2010-11-12 적대적 실행 환경 내에서 정적 및 동적 공격들에 대하여 자바 바이트코드 코드를 보호하는 시스템 및 방법 Abandoned KR20130018642A (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US26088709P 2009-11-13 2009-11-13
US61/260,887 2009-11-13
PCT/CA2010/001761 WO2011057393A1 (en) 2009-11-13 2010-11-12 System and method to protect java bytecode code against static and dynamic attacks within hostile execution environments

Publications (1)

Publication Number Publication Date
KR20130018642A true KR20130018642A (ko) 2013-02-25

Family

ID=43991129

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020127015162A Abandoned KR20130018642A (ko) 2009-11-13 2010-11-12 적대적 실행 환경 내에서 정적 및 동적 공격들에 대하여 자바 바이트코드 코드를 보호하는 시스템 및 방법

Country Status (8)

Country Link
US (1) US9213826B2 (enExample)
EP (2) EP2467800B1 (enExample)
JP (1) JP5689472B2 (enExample)
KR (1) KR20130018642A (enExample)
CN (1) CN102598017B (enExample)
CA (1) CA2774728C (enExample)
IN (1) IN2012DN02458A (enExample)
WO (1) WO2011057393A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101471589B1 (ko) * 2013-08-22 2014-12-10 (주)잉카엔트웍스 공통중간언어 기반 프로그램을 위한 보안 제공 방법

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8424082B2 (en) * 2008-05-08 2013-04-16 Google Inc. Safely executing an untrusted native code module on a computing device
EP2402880A1 (en) * 2010-07-01 2012-01-04 Aladdin Europe GmbH Method and device for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language
FR2967275B1 (fr) * 2010-11-10 2012-12-28 Oberthur Technologies Procede, programme d'ordinateur et dispositif de securisation de code intermediaire de programmation pour son execution par une machine virtuelle
US8812868B2 (en) 2011-03-21 2014-08-19 Mocana Corporation Secure execution of unsecured apps on a device
US9396325B2 (en) 2011-03-21 2016-07-19 Mocana Corporation Provisioning an app on a device and implementing a keystore
US8955142B2 (en) * 2011-03-21 2015-02-10 Mocana Corporation Secure execution of unsecured apps on a device
US9473485B2 (en) 2011-03-21 2016-10-18 Blue Cedar Networks, Inc. Secure single sign-on for a group of wrapped applications on a computing device and runtime credential sharing
WO2012129639A2 (en) * 2011-03-31 2012-10-04 Irdeto Canada Corporation Method of securing non-native code
EP2761463A1 (en) * 2011-09-30 2014-08-06 Newman Infinite, Inc. Apparatus, method and computer-readable storage medium for securing javascript
US9021271B1 (en) * 2011-12-27 2015-04-28 Emc Corporation Injecting code decrypted by a hardware decryption module into Java applications
KR101944010B1 (ko) * 2012-02-24 2019-01-30 삼성전자 주식회사 애플리케이션의 변조 감지 방법 및 장치
EP2831790B1 (en) * 2012-03-30 2020-09-23 Irdeto B.V. Secured execution of a web application
WO2014133528A1 (en) * 2013-02-28 2014-09-04 Hewlett-Packard Development Company, L.P. Determining coverage of dynamic security scans using runtime and static code analyses
US9141823B2 (en) * 2013-03-15 2015-09-22 Veridicom, Sa De Cv Abstraction layer for default encryption with orthogonal encryption logic session object; and automated authentication, with a method for online litigation
KR101500512B1 (ko) * 2013-05-15 2015-03-18 소프트캠프(주) 데이터 프로세싱 시스템 보안 장치와 보안방법
US9378034B2 (en) 2013-05-16 2016-06-28 Sap Se Dynamic bytecode modification of classes and class hierarchies
US8943592B1 (en) 2013-07-15 2015-01-27 Eset, Spol. S.R.O. Methods of detection of software exploitation
KR101350390B1 (ko) * 2013-08-14 2014-01-16 숭실대학교산학협력단 코드 난독화 장치 및 그 방법
KR101490047B1 (ko) * 2013-09-27 2015-02-04 숭실대학교산학협력단 자가변환 기반 애플리케이션 코드 난독화 장치 및 그 방법
US9792354B2 (en) 2013-09-30 2017-10-17 Microsoft Technology Licensing, Llc Context aware user interface parts
US9740854B2 (en) * 2013-10-25 2017-08-22 Red Hat, Inc. System and method for code protection
KR101556908B1 (ko) * 2013-11-14 2015-10-02 (주)잉카엔트웍스 프로그램 보호 장치
GB201405754D0 (en) * 2014-03-31 2014-05-14 Irdeto Bv Protecting an item of software comprising conditional code
KR101566142B1 (ko) * 2014-10-21 2015-11-06 숭실대학교산학협력단 사용자 단말기 및 그것을 이용한 응용 프로그램의 핵심코드 보호 방법
CN104375938B (zh) * 2014-11-20 2017-09-05 工业和信息化部电信研究院 安卓应用程序的动态行为监测方法及系统
EP3026559A1 (en) * 2014-11-28 2016-06-01 Thomson Licensing Method and device for providing verifying application integrity
WO2016112338A1 (en) * 2015-01-08 2016-07-14 Intertrust Technologies Corporation Cryptographic systems and methods
CN107430650B (zh) * 2015-03-02 2020-10-09 因温特奥股份公司 保护计算机程序以抵御逆向工程
US9460284B1 (en) * 2015-06-12 2016-10-04 Bitdefender IPR Management Ltd. Behavioral malware detection using an interpreter virtual machine
KR101740133B1 (ko) * 2015-08-10 2017-05-26 라인 가부시키가이샤 어플리케이션의 코드를 보호하기 위한 시스템 및 방법
KR101740134B1 (ko) * 2015-08-10 2017-05-26 라인 가부시키가이샤 어플리케이션의 코드 난독화를 위한 시스템 및 방법
WO2017056194A1 (ja) * 2015-09-29 2017-04-06 株式会社 東芝 情報機器または情報通信端末および、情報処理方法
EP3391583B1 (en) * 2015-12-15 2019-07-24 Koninklijke Philips N.V. A computation device and method
EP3188063A1 (en) * 2015-12-29 2017-07-05 GuardSquare NV A build system
MA44905A (fr) * 2016-04-05 2018-05-09 Mi Group B V Système et procédé d'informations de vol
US10073975B2 (en) 2016-08-11 2018-09-11 International Business Machines Corporation Application integrity verification in multi-tier architectures
US10394554B1 (en) * 2016-09-09 2019-08-27 Stripe, Inc. Source code extraction via monitoring processing of obfuscated byte code
US11423140B1 (en) * 2017-03-27 2022-08-23 Melih Abdulhayoglu Auto-containment of guest user applications
US10951644B1 (en) 2017-04-07 2021-03-16 Comodo Security Solutions, Inc. Auto-containment of potentially vulnerable applications
CN107294702B (zh) * 2017-07-17 2020-04-28 四川长虹电器股份有限公司 基于Hybrid APP自身特征的前端代码加密方法
EP3665566A4 (en) 2017-08-08 2021-04-21 Crypto4A Technologies Inc. Secure machine executable code deployment and execution method and system
CN107480478B (zh) * 2017-08-14 2019-08-13 钟尚亮 一种java应用程序的加密方法及运行方法
EP3861469B1 (en) 2018-10-23 2023-05-31 Huawei Technologies Co., Ltd. Device and method for validation of virtual function pointers
EP3709560A1 (en) * 2019-03-14 2020-09-16 Thales Dis France SA Method for provisioning white-box assets and corresponding device, server and system
US11468881B2 (en) * 2019-03-29 2022-10-11 Samsung Electronics Co., Ltd. Method and system for semantic intelligent task learning and adaptive execution
KR102243378B1 (ko) * 2019-04-02 2021-04-22 (주)드림시큐리티 자바 라이브러리의 무결성을 보장하기 위한 방법 및 장치
US11150915B2 (en) 2019-09-13 2021-10-19 International Business Machines Corporation Deferred bytecode class verification in managed runtime environments
US10963275B1 (en) 2019-10-31 2021-03-30 Red Hat, Inc. Implementing dependency injection via direct bytecode generation
CN110826031B (zh) * 2019-10-31 2022-08-02 望海康信(北京)科技股份公司 加密方法、装置、计算机设备及存储介质
JP7079502B2 (ja) * 2019-11-14 2022-06-02 株式会社アクセル 推論システム
US11403075B2 (en) 2019-11-25 2022-08-02 International Business Machines Corporation Bytecode verification using class relationship caching
CN111143029B (zh) * 2019-12-19 2024-03-22 浪潮软件股份有限公司 基于Gitlab-CI回调集成实现虚拟机一致、自动伸缩的持续构建环境的方法
KR102338885B1 (ko) * 2020-01-21 2021-12-14 주식회사 행복소프트 응용프로그램의 동적 변조 탐지 방법 및 장치
KR20210112923A (ko) 2020-03-06 2021-09-15 삼성전자주식회사 시스템 온 칩 및 이의 동작 방법
US11550883B2 (en) * 2020-09-08 2023-01-10 Assured Information Security, Inc. Code protection
CN113239330A (zh) * 2021-06-10 2021-08-10 杭州安恒信息技术股份有限公司 一种基于散列算法的反调试方法及相关装置
CN114036524B (zh) * 2021-10-29 2025-11-21 中国银联股份有限公司 一种电子设备
CN114928550B (zh) * 2022-04-29 2024-05-03 杭州默安科技有限公司 一种数据库交互账户安全检测方法及系统
CN116020127A (zh) * 2022-12-23 2023-04-28 安天科技集团股份有限公司 一种运行游戏的方法、装置及发送游戏的方法、装置
CN117932648B (zh) * 2024-03-20 2024-06-04 厦门星纵数字科技有限公司 一种字节码保护方法、终端设备及存储介质
CN118260750B (zh) * 2024-05-27 2024-09-17 北京升鑫网络科技有限公司 攻击行为检测方法和装置、攻击行为阻断方法和装置

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5692047A (en) 1995-12-08 1997-11-25 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
JP4739465B2 (ja) 1997-06-09 2011-08-03 インタートラスト テクノロジーズ コーポレイション ソフトウェアセキュリティを増強するための混乱化技術
US6594761B1 (en) 1999-06-09 2003-07-15 Cloakware Corporation Tamper resistant software encoding
US6779114B1 (en) 1999-08-19 2004-08-17 Cloakware Corporation Tamper resistant software-control flow encoding
CA2304433A1 (en) 2000-04-05 2001-10-05 Cloakware Corporation General purpose access recovery scheme
CA2305078A1 (en) 2000-04-12 2001-10-12 Cloakware Corporation Tamper resistant software - mass data encoding
US7020882B1 (en) * 2000-09-14 2006-03-28 International Business Machines Corporation Method, system, and program for remotely manipulating a user interface over a network
GB0024918D0 (en) * 2000-10-11 2000-11-22 Sealedmedia Ltd Method of providing java tamperproofing
CA2327911A1 (en) 2000-12-08 2002-06-08 Cloakware Corporation Obscuring functions in computer software
US7039814B2 (en) * 2001-03-07 2006-05-02 Sony Corporation Method for securing software via late stage processor instruction decryption
CA2348355A1 (en) 2001-05-24 2002-11-24 Cloakware Corporation General scheme of using encodings in computations
CA2350029A1 (en) 2001-06-08 2002-12-08 Cloakware Corporation Sustainable digital watermarking via tamper-resistant software
CA2354470A1 (en) 2001-07-30 2003-01-30 Cloakware Corporation Active content for secure digital media
US7516331B2 (en) * 2003-11-26 2009-04-07 International Business Machines Corporation Tamper-resistant trusted java virtual machine and method of using the same
JP2005293109A (ja) 2004-03-31 2005-10-20 Canon Inc ソフトウェア実行管理装置、ソフトウェア実行管理方法、及び制御プログラム
WO2007011001A1 (ja) * 2005-07-22 2007-01-25 Matsushita Electric Industrial Co., Ltd. 実行装置
US7788730B2 (en) * 2006-01-17 2010-08-31 International Business Machines Corporation Secure bytecode instrumentation facility
WO2007147495A2 (en) 2006-06-21 2007-12-27 Wibu-Systems Ag Method and system for intrusion detection
JP2009258772A (ja) 2006-08-09 2009-11-05 Panasonic Corp アプリケーション実行装置
DE102007045743A1 (de) * 2007-09-25 2009-04-02 Siemens Ag Verfahren und System zum Schutz gegen einen Zugriff auf einen Maschinencode eines Gerätes
US20110035601A1 (en) 2007-12-21 2011-02-10 University Of Virginia Patent Foundation System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms
US20110083020A1 (en) 2008-01-31 2011-04-07 Irdeto Access B.V. Securing a smart card
EP2196934A1 (en) * 2008-12-09 2010-06-16 Gemalto SA Method for securing java bytecode

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101471589B1 (ko) * 2013-08-22 2014-12-10 (주)잉카엔트웍스 공통중간언어 기반 프로그램을 위한 보안 제공 방법
WO2015026091A1 (ko) * 2013-08-22 2015-02-26 (주)잉카엔트웍스 공통 중간 언어 기반 프로그램을 위한 보안 제공 방법

Also Published As

Publication number Publication date
CA2774728A1 (en) 2011-05-19
CN102598017A (zh) 2012-07-18
CN102598017B (zh) 2016-03-09
EP2467800A1 (en) 2012-06-27
EP3923165A1 (en) 2021-12-15
IN2012DN02458A (enExample) 2015-08-21
EP2467800B1 (en) 2021-06-30
CA2774728C (en) 2019-02-12
WO2011057393A1 (en) 2011-05-19
US20120246487A1 (en) 2012-09-27
JP5689472B2 (ja) 2015-03-25
EP2467800A4 (en) 2016-03-16
US9213826B2 (en) 2015-12-15
JP2013511077A (ja) 2013-03-28

Similar Documents

Publication Publication Date Title
US9213826B2 (en) System and method to protect Java bytecode code against static and dynamic attacks within hostile execution environments
Hu et al. Data-oriented programming: On the expressiveness of non-control data attacks
US9141787B2 (en) Interlocked binary protection using whitebox cryptography
Roundy et al. Binary-code obfuscations in prevalent packer tools
US9064099B2 (en) Software self-defense systems and methods
US20170024230A1 (en) Method, apparatus, and computer-readable medium for ofuscating execution of an application on a virtual machine
RU2439669C2 (ru) Способ предотвращения обратного инжиниринга программного обеспечения, неавторизованной модификации и перехвата данных во время выполнения
WO2013170724A1 (zh) 安卓系统中java应用程序的保护方法
Shioji et al. Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks
Zhou et al. Hybrid user-level sandboxing of third-party android apps
CN105608391A (zh) 多elf文件保护方法及系统
Li et al. AppSpear: Automating the hidden-code extraction and reassembling of packed android malware
Geden et al. RegGuard: Leveraging CPU registers for mitigation of control-and data-oriented attacks
Pizzolotto et al. Mitigating Debugger-based Attacks to Java Applications with Self-debugging
Wood et al. A novel technique for control flow obfuscation in JVM applications using InvokeDynamic with native bootstrapping
Yu et al. Pagoda: Towards Binary Code Privacy Protection with SGX-based Execute-Only Memory
Kiperberg et al. System for executing encrypted Java programs
Haoliang et al. The Design and Implementation on the Android Application Protection System
Aelterman Exploitation of synergies between software protections
Togan et al. Virtual machine for encrypted code execution
Ghosh et al. What's the PointiSA?
CN114461992A (zh) 一种java程序代码保护方法、装置、设备及存储介质
Shonia et al. ANALYSIS OF WINDOWS PORTABLE EXECUTABLE SOFTWARE PROTECTION SYSTEMS

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20120612

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
N231 Notification of change of applicant
PN2301 Change of applicant

Patent event date: 20150415

Comment text: Notification of Change of Applicant

Patent event code: PN23011R01D

A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20151028

Comment text: Request for Examination of Application

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20161101

Patent event code: PE09021S01D

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20170530

PC1904 Unpaid initial registration fee