By Topic

Using class decompilers to facilitate the security of Java applications!

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Tam, V. ; Dept. of Comput. Sci., Nat. Univ. of Singapore, Singapore ; Gupta, R.K.

Undoubtedly, JavaTM has become a very popular choice of Internet programming language for developing many Web applications. However, few engineers or researchers questioned Java security problems due to its informative classfiles in which hackers can easily use most available decompilers to reverse-engineer targeted applications. We investigate an interesting proposal of the innovative combination of class decompilers and obfuscators as a feedback-and-control system to secure Java applications. Unlike ordinary obfuscation techniques which always require prior knowledge about the Java source files, our approach can start from the compiled Java classfiles, especially useful when the original source is partially or completely lost. Moreover, the obfuscated codes can also use back the class decompiler as a tester to check if the final product is sufficiently secured. In general, our contribution is two-fold. First, our proposal demonstrated the first constructive use of class decompilers to facilitate the security of Java applications. Decompilers are combined with visualization techniques to deduce useful information for obfuscation. More importantly, with component-based approach, our implemented system can actually be extended as a centralized Web-based testing center with a library of obfuscators to secure most real-life Java applications against a collection of class decompilers

Published in:

Web Information Systems Engineering, 2000. Proceedings of the First International Conference on  (Volume:1 )

Date of Conference: