DISSECT: DIStribution for SECurity Tool

DISSECT: DIStribution for SECurity Tool
TR-CIS-2000-01
Enriquillo Valdez, Moti Yung

pdf version of this paper

Abstract:
A security threat that affects the Java environment is the reverse-engineering and code-understanding of the architecture-neutral bytecode format. In this paper, we present a novel decomposition strategy that protects the binary source of Java class files. Our strategy, which has been automated, decomposes ``programmer selected'' classes of a Java application into server classes and client classes. Server classes contain the actual class code and run only on trusted systems (which we call servers but can be other dedicated machines). Assumed to perform most of the task (but the sensitive part), client classes, on the other hand, execute on user systems and must interact with their corresponding server class in order to execute the sensitive code and provide the behavior of the original class. We implemented DISSECT, an architecture based on the decomposition strategy, for Java 1.1. Our protection architecture consists of an automated tool that generates decomposed classes and the supporting infrastructur for instantiating and executing classes remotely.

We conducted initial experiments to understand the impact of decomposed classes on performance, since the remote execution of classes increases the overhead and one has to understand the granularity and modularization of decomposition. We report initial performance results which show the overhead and demonstrate when it does not exist, when it is low and when it is high.