Spring Review Week 2009: Obfuscating Transformations for Decompilation Resistant Java

June 02, 2009 - 05:00

Computer programs are written by a programmer in an English-like programming language, known as source-code. There are many programming languages available to programmers who can choose a language for their specific needs.

Source code is transformed by a compiler into a sequence of instructions to be executed by a computer - a task known as compiling. Java is a popular programming language mainly due to it's `write once, run anywhere' nature - programmers write Java source code and the compiled Java program is able to run on many different systems without changes. In comparison, compiled programs written in the C language are tied to particular types of computers.

One disadvantage that the Java programming language has, compared to other languages like C, is the relative ease of decompiling - the act of transforming compiled programs back into source code. Access to source code presents a risk that adversaries (such as software pirates or competing companies) could access proprietary information used to create a program.

Code obfuscation techniques can be used to make decompiled code more confusing and in certain cases cause decompilation tools to fail. Such techniques can be applied to Java programs to hinder decompilation and decrease program understanding.

What obfuscating transformations can be applied to Java programs to hinder decompilation? How effective are such obfuscating transformations? What are the ways in which adverseries could attack such obfuscations? How can we use this knowledge to create secure Java programs?

Spring Review Week 2009: Presentation to a non-specialist audience