End of Year Review 2010 - Java Attacks & Defenses

June 25, 2010 - 05:00

Decompilation is a problem for the software industry, with the global revenue loss due to software piracy estimated to be more than $50 billion in 2008. There are several Java decompilers available but none are 100% effective, and many are obsolete/unmaintained.

We found Java Decompiler, JODE and Dava to be good Java decompilers but not perfect. Dava is particularily suited to aribtrary bytecode, while others are suited to javac generated bytecode.

Static watermarking techniques can be used to protect a program from being copied by giving the ability to easily identify the owner of such software. However, static watermarking techniques are higher susceptible to semantics-preserving transformations. We show that the majority of the current implementations of watermarking systems are based on static techniques are fail when attacked with obfuscations and optimisations. Further work will involve evaluating dynamic watermarking algorithms in a similar manner, and compare them to their static counterparts.

Techniques such as program slicing can be used to attack software watermarks, in subtractive attacks on software.