Notice of Violation of IEEE Publication PrinciplesSecuring Java-Based Mobile Agents through Byte Code Obfuscation Techniques

Mobile agents have the ability to relocate computation and then carry communication with their peers locally. The design and implementation of mechanism to relocate computations requires a careful assessment of security issues. If these issues are not addressed properly, mobile agent technology cannot be used to implement real-world applications. To address such issues this paper proposes two code obfuscation techniques (Memon at el., 2006) for Java-based mobile agents that are compiled into a platform independent byte code format. These techniques involve applying obfuscating transformations to the mobile agent's byte code in order to protect them against malicious attacks. Consequently these techniques prevent automatic software analysis tools, De-compilers, from generating correct source code by introducing syntax and semantic errors in the generated source code. The proposed techniques are applied on sample mobile agent's class files to examine the effectiveness of the techniques in impeding reverse engineering. After obtaining the results, we will reveal the erroneous codes generated by the tested de-compilers

[1]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[2]  Nasir D. Memon,et al.  Obfuscation of design intent in object-oriented applications , 2003, DRM '03.

[3]  J. A. Whittaker,et al.  Software Protection: Security's Last Stand? , 2003, IEEE Secur. Priv..

[4]  Wuu Yang,et al.  Advanced obfuscation techniques for Java bytecode , 2004, J. Syst. Softw..

[5]  F. Memon,et al.  Preventing Reverse Engineering Threat in Java Using Byte Code Obfuscation Techniques , 2006, 2006 International Conference on Emerging Technologies.

[6]  Douglas Low,et al.  Protecting Java code via code obfuscation , 1998, CROS.

[7]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[8]  Nasir D. Memon,et al.  Preventing Piracy, Reverse Engineering, and Tampering , 2003, Computer.

[9]  Patrick LeBlanc,et al.  Self-Protecting Mobile Agents Obfuscation Report Final report , 2003 .

[10]  Martin R. Stytz Considering defense in depth for software applications , 2004, IEEE Security & Privacy Magazine.

[11]  Saumya K. Debray,et al.  Deobfuscation: reverse engineering obfuscated code , 2005, 12th Working Conference on Reverse Engineering (WCRE'05).

[12]  Douglas M. Blough,et al.  Data obfuscation: anonymity and desensitization of usable data sets , 2004, IEEE Security & Privacy Magazine.

[13]  Levent Ertaul,et al.  Novel Obfuscation Algorithms for Software Security , 2005, Software Engineering Research and Practice.

[14]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[15]  Koen De Bosschere,et al.  On the Effectiveness of Source Code Transformations for Binary Obfuscation , 2006, Software Engineering Research and Practice.

[16]  Yuichiro Kanzaki,et al.  Software obfuscation from crackers' viewpoint , 2006, ACST.

[17]  Mark D. Ladue WHEN JAVA WAS ONE: THREATS FROM HOSTILE BYTE CODE , 1997 .