Skip to main content
SpringerLink
Log in

DISSECT: DIStribution for SECurity Tool

  • Conference paper
  • First Online:
Book cover Information Security (ISC 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2200))

Included in the following conference series:

  • 531 Accesses

Abstract

A security threat that affects the Java environment (as a typical environment where code is made available to the user machine) is the reverse-engineering and code-understanding of the architecture-neutral bytecode format. A natural protection strategy is to hide parts of the execution in trusted locations (e.g., servers). However, the implementation and automatization of such an approach (beyond the abstract idea) is a challenging problem. In this paper, we present a novel software protection strategy and its automatization (implemented architecture) which materialize the above idea. It is employed in protecting the binary source of Java class files. Our software protection strategy partitions “programmer selected” classes of an application into server classes and client classes. Server classes contain the actual class code and run only on trusted systems (which we call servers but they can be other dedicated machines). Client classes, on the other hand, are assumed to perform most of the task (but the sensitive part) and execute on user systems; they must interact with their corresponding server class in order to execute the sensitive code and provide the behavior of the original class. We propose and implement DISSECT (DIStribution for SECurity Tool), an architecture based on the above partitioning (dissection) strategy, for Java 1.1. The tool relieves the developers from actually writing distributed applications by distributing the application automatically, according to designated sensitivities of application portions. We note that the remote execution of classes may increase the overhead. Thus, we have conducted initial experiments to understand the impact of partitioned classes on performance.We report initial performance results which show the overhead and demonstrate when it is low or non-existing, when it is high, and when we actually gain performance by partitioning.

This work was supported by the National Science Foundation under Grant No. 9256688 and the NY State Center for Advanced Technology in Telecommunications. The author is now with IBM T. J.Watson Research Center, Hawthorne, NY.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahpah Software, Inc. SourceAgain. http://www.ahpah.com .

  2. Dirk Balfanz. Access Control for Ad-Hoc Collaboration. Ph.D. Dissertation, pages 75–110, Princeton University, USA, Jan. 2001. http://ncstrl.cs.princeton.edu/expand.php?id=TR-634-01 .

    Google Scholar 

  3. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Le. On the (Im)possibility of Obfuscating Programs. Crypto’01.

    Google Scholar 

  4. Petr Beckmann. A History of Pi. St. Martin’s Press, pages 144–145, 1971.

    Google Scholar 

  5. A. D. Birrell and B. J. Nelson. Implementing Remote Procedure Calls. In ACM TOCS, 2(1):39–59, Feb. 1984.

    Article  Google Scholar 

  6. C. Collberg, C. Thomborson, and D. Low. A Taxonomy of Obfuscating Transformations. Technical Report 148, University of Auckland, NZ, July 1997. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborson97a/index.html .

    Google Scholar 

  7. C. Collberg, C. Thomborson, and D. Low. Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In Proc. of POPL 1998, pages 184–196, Jan. 1998.

    Google Scholar 

  8. DashO Obfuscation Edition. http://www.preemptive.com/products.html .

  9. N. Eastridge. Java Shrinker & Obfuscator v1.04. http://www.e-t.com/jshrink.html , March 1999.

  10. L. Gong. Inside Java 2Platform Security: Architecture, API Design, and Implementaion. Addison-Wesley, 1999.

    Google Scholar 

  11. S. Hada. Zero-Knowledge and Code Obfuscation. Asiacrypt 2000, LNCS 1976, Springer, 2000.

    Chapter  Google Scholar 

  12. C. S. Horstmann and G. Cornell. Core Java 1.1, Volume II-Advanced Features. Sun Microsystems Press, 1998.

    Google Scholar 

  13. IBM. Cryptographic cards home page. http://www.ibm.com/security/cryptocards .

  14. Jasmin. http://www.cat.nyu.edu/meyer/jasmin/ .

  15. JAva Decompiler, Jad. http://www.geocities.com/SiliconValley/Bridge/8617/jad.html .

  16. KB Sriram. HashJava. http://www.sbtech.org/ , Sept 1997.

  17. D. Malkhi, M. Reiter, and A. Rubin. Secure Execution of Java Applets using a Remote Playground. In Proc. of the 1998 IEEE Sym. on Security and Privacy.

    Google Scholar 

  18. J. Meyer and T. Downing. Java Virtual Machine. O’Reilly & Associates, 1997.

    Google Scholar 

  19. M. Pistoia, D. F. Reller, D. Gupta, M. Nagnur, and A. K. Ramani. Java 2 Network Security, 2nd edition. Prentice Hall, 1999.

    Google Scholar 

  20. T. Sander and C. Tschudin. Towards Mobile Cryptography. In Proc. of the 1998 IEEE Sym. on Security and Privacy, pages 215–224, 1998.

    Google Scholar 

  21. T. Sander, A. Young, and M. Yung. Non-Interactive Crypto Computing for NC 1. In Proc. of the 40th FOCS, pages 554–566, IEEE 1999.

    Google Scholar 

  22. SPEC JVM Client98 Suite, Standard Performance Evaluation Corporation, Release 1.0 8/98. http://www.spec.org/osg/jvm98 .

  23. Sun Microsystems, Inc. ClassServer. ftp://java.sun.com/pub/jdk1.1/rmi/class-server.zip, 1997

    Google Scholar 

  24. Sun Microsystems, Inc. Java Object Serialization Specification, Rev 1.2, Dec. 1996.

    Google Scholar 

  25. Sun Microsystems, Inc. Java Remote Method Invocation, 1997.

    Google Scholar 

  26. Sun Microsystems, Inc. Jini architectural overview, http://www.sun.com/jini/whitepapers/architecture.html .

  27. J. D. Tygar and B. Yee. Dyad: A System for Using Physically Secure Coprocessors. In Proc. of Technical Strategies for Protecting Intellectual Property in Networked Multimedia Environment. Annapolis, MD, 1994.

    Google Scholar 

  28. E. Valdez and M. Yung. Software DisEngineering: Program Hiding Architecture and Experiments. Information Hiding ’99, LNCS 1768, Springer, 2000.

    Chapter  Google Scholar 

  29. Hanpeter van Vliet. Mocha, the Java Decompiler. http://www.brouhaha.com/~eric/computers/mocha.html , Aug 1996.

  30. U. G. Wilhelm. Cryptographically Protected Objects. http://lsewww.epfl.ch/~wilhelm/CryPO.html , May 1997.

  31. U. G. Wilhelm, S. Staamann and L. Buttyan. Introducing Trusted Third Parties to the Mobile Agent Paradigm. Secure Internet Programming: Security Issues for Mobile and Distributed Objects, LNCS 1603, Springer, 1999.

    Google Scholar 

  32. Matt T. Yourst. Inside Java Class Files. http://www.laserstars.com/articles/ddj/insidejcf/ .

  33. WingSoft Corporation. WingDis Java Decompiler. http://www.wingsoft.com/ .

Download references

Author information

Author notes

  1. Enriquillo Valdez

    Present address: IBM T. J. Watson Research Center, Hawthorne, NY

Authors and Affiliations

  1. Computer and Information Science Department, Polytechnic University, Brooklyn, NY, USA

    Enriquillo Valdez

  2. CertCo Inc., New York, NY, USA

    Moti Yung

Authors
  1. Enriquillo Valdez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moti Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of EECS, University of Wisconsin-Milwaukee, Milwaukee, WI, 53201, USA

    George I. Davida

  2. Techtegrity, LLC, 122 Harrison, Westfield, NJ, 07090, USA

    Yair Frankel

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Valdez, E., Yung, M. (2001). DISSECT: DIStribution for SECurity Tool. In: Davida, G.I., Frankel, Y. (eds) Information Security. ISC 2001. Lecture Notes in Computer Science, vol 2200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45439-X_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-45439-X_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42662-2

  • Online ISBN: 978-3-540-45439-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation