System and method to protect Java bytecode code against static and dynamic attacks within hostile execution environments

摘要

A method and system that provides secure modules that can address Java platform weaknesses and protect Java bytecode during execution time. The secure modules are implemented in C/C++ as an example. Because implementation of the security modules is made in C/C++, this enables use of security technology that secures C/C++ software code.

主权项

1. An apparatus for increasing tamper-resistance of Java bytecode, comprising:
one or more processors; and one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to:
apply protections to Java bytecode during build-time to generate secured Java bytecode and corresponding security information;load at least a portion of the secured Java bytecode into a Java Virtual Machine (JVM) executing within an unprotected hardware environment;load the corresponding security information into a software-implemented security module, wherein the software-implemented security module is configured to execute in the same unprotected hardware environment as the JVM during deployment time and to communicate with the JVM via a Java Native Interface (JNI) bridge during loading and execution of the secured Java bytecode; andcounter static and dynamic attacks to the secured Java bytecode during loading and execution of the secured Java bytecode via one or more software-implemented protection mechanisms, wherein at least one of the one or more software-implemented protection mechanisms are integrated into the software-implemented security module, wherein the static and dynamic attacks are countered based at least in part on the corresponding security information loaded into the software-implemented security module, and wherein the software-implemented security module is configured to co-execute with the secured Java bytecode within the unprotected hardware environment via the JNI bridge during runtime.