Toward robustly protecting data of a dominant path in a java method

Abstract

This paper presents an approach to robustly protect the data of a dominant path in a method of a Java bytecode program by integrating oblivious hashing, guards network, and control flow obfuscation. A dominator tree based on the basic blocks of the target method is first built. Then the dominant path of the dominator tree is selected. The bytecodes of the dominant path are then transformed by the oblivious hashing, guards network, and control flow obfuscation. Oblivious hashing is not directly applicable for bytecodes. We extend the oblivious hashing for Java to monitor the stack. The guards network makes copies of the hash values generated by oblivious hashing, hides the copies in the method and inserts codes for checking the values of these copies in different basic blocks. Finally, the method is transformed by one of the three control flow obfuscations at random, which not only increases the complexity of the guards network but also prevents decompilation of the program. A bytecode simulator is developed to evaluate and compromise the incidents of adding the protective bytecodes and to make the protected program pass the JVM verifier. We used CaffeineMark 3.0 as the benchmark. The measured performance degradation was from 1.2% to 61.3%.