Within the computer programming industry, the Java programming language is used in every major industry segment and has a presence in a wide range of devices, computers, and networks. Java applications are written in the Java programming language and compiled into machine-independent bytecodes that are executed on a Java Virtual Machine (JVM), which is deployed on a host Operating System (OS) and the host Computer Processing Unit (CPU) Instruction Set Architecture (ISA). Java technology's versatility, efficiency, platform portability, and security make it the ideal technology for network computing. The Java programming language is found everywhere from laptops to datacenters, game consoles to scientific supercomputers, and cell phones to the Internet. Indeed, portability, extensibility, generality, and reliability are key Java strengths. However, such ubiquity also provides ample opportunity for hackers and related computer attacks.
To prevent attacks and unauthorized access to the Java environment from un-trusted applications, Java technology includes the Java sand-box security model for protecting the execution environment of the host machine or device where compromised software such as viruses or malware may be downloaded or installed illegally. Preventing such hostile attacks is essential in designing critical applications that normally run on highly protected environments and systems such as telecommunication systems, transportation systems, defense systems, industrial automation systems, and power management systems. Each year, more and more such critical systems are designed and implemented using the Java programming language.
Likewise, the consumer electronics industry is entering a new age where advanced technologies and products, rapid demand on media digitalization, and the continuously falling prices of consumer electronics taken together with increasing disposable income from emerging markets have spurred growth in the consumer electronics market at a speed and scope without precedent. Many such consumer electronics products rely on software applications to function. Certain Java programming language strengths (such as portability, extensibility, generality, reliability, and simplicity) reduces overall development and deployment cost of consumer electronics products, thereby ensuring more and more Java-based platforms and applications are deployed to new consumer products.
Almost all consumer electronics devices require functioning in an un-trusted environment. In un-trusted environments, software within consumer electronics devices can be directly accessed for different purposes ranging from a beneficial reason (e.g., to get needed services) to undesirable reasons (e.g., to hack the devices). As a result, more and more computer applications execute in a relatively hostile environment than ever before. For example, hand-held devices (such as portable media players or smart phones), home networking (such as set-top boxes, media players, or personal computers), and web-based environments are areas where attackers often spend large amounts of time and resources. Therefore, the protection of legitimate software against attacking software is becoming an escalating arms race. Moreover, high performance hardware and sophisticated attack tools provide the intruders with many new advantages.
Software distributors must be sure that their software is robust and resistant to attack. However, the given platform and software are often well known to an attacker who has time, resources, tools, and all the experts on the web at the disposal of the attacker. This hostile attack landscape is often termed a “white box” environment, where all the content is in plain sight and therefore subject to direct access and tampering. This is the opposite of a “black-box” environment which is, in the other words, a trusted and protected environment where content is hidden or otherwise protected from attack. In the prevailing hostile landscape of a white box environment, preventing or stopping direct and automated attacks to software systems is becoming one of the most demanding security challenges. Moreover, strong defenses for white box attacks must be achieved to ensure proper and secure device function. The Java programming language is not adequately designed to tackle such security problems and challenges. In this respect, certain Java strengths actually cause security weaknesses when compared to programming in C or C++.
Unlike C/C++ compilers that compile C/C++ code to a low-level instruction set which operates on raw binary data and is specific to the target hardware (such as x86 or PowerPC), a Java compiler compiles Java source code to a higher-level portable bytecode that operates on classes and primitive types that the JVM can interpret during execution. Platform dependency is encapsulated within JVM and decoupled from the Java application.
As well, the standard Java compiler does not perform compile-time optimizations that are commonly and usually found in C/C++ compilers. Instead, Java relies on Just-In-Time (JIT) compilation to perform all optimizations at run time while taking the execution profile into account for performance improvement. Major C/C++ code optimizations are performed at compile time. For example, inline substitution results in copies of the given (member) function being scattered around the binary image; use of the preprocessor combined with compile-time evaluation of expressions may leave no trace of the constants defined in the source code; and so on. In general, sophisticatedly optimized code is more difficult to reverse engineer.
Still further, Java program dependencies are resolved at run time when classes are loaded. So the name of the class and names of its methods and fields must be present in a class file, as well as names of all imported classes, called methods, and accessed fields. On the other hand, C/C++ programs are statically linked. Therefore, the names of classes, members, and variables need not be present in the compiled and linked program, except for names exported from dynamic libraries.
Finally, a Java application is delivered as a set of Java Archive (JAR) files. The JAR format enables multiple files to be bundled into a single archive file, which are essentially non-encrypted archives and from which it is relatively easy to extract individual classes. By comparison, a C/C++ application is delivered as a monolithic executable that may link with a few dynamic libraries, so it is not as easy to identify program information and individual code.
Accordingly, the decompilation of Java bytecode to Java source is much simpler and easier than dissembling C/C++ and can therefore be fully automated. Program information such as class hierarchy, statements, names of classes, methods and fields can all be retrieved from the bytecode. Although there are many freeware and commercial Java obfuscation tools available, none provide protection to prevent a direct attack to execution of the bytecode. As a result, Java reverse engineering is now a common practice.
Moreover, a JVM provides an open run time environment for Java applications. There is very little built-in security to protect the JVM and make the JVM itself robust. Attaching to a JVM itself or using a JVM to launch attacks is relatively trivial. Therefore, regardless of the strength of protections applied to Java application code, hackers may always use the JVM as the weakest link in order to implement white box attacks because of the JVM's vulnerability. Although a more trusted and robust JVM would likely protect Java applications and prevent white box attacks, this approach would require significant changes to the current Java security model and related significant industry support and adaptation. It would therefore be desirable to have a trusted and robust component within industrial standard JVM that protects applications within a white box environment.