Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Product Data Sheet GuardIT® for Java Intelligent Software Protection Protect Running Applications Java offers an efficient framework for developing and deploying enterprise and server or client-side applications. However, being a interpreted language, its bytecode contains highly detailed metadata that makes compiled applications easy to reverse engineer, tamper and pirate. Once Java applications are deployed, hackers and competitors have easy access to the source code and the embedded intellectual property (IP) within the applications themselves. For example, IP and personally identifiable information (PII) that is embedded in Java applications is susceptible to theft via reverse engineering. Furthermore, malware has traveled up the stack to the application layer. Hence, enterprises are seeing an increasing need to protect applications against many forms of tampering. Today’s threat environment requires resilient software protection solutions that reside at the application layer to ensure against IP theft, malware invasion and/or unauthorized access. Arxan Protects • Brand • Revenue • Data • Code Integrity • Intellectual Property Arxan Prevents • Malware Injection • Tampering with Security Controls or Sensitive Functions • Reverse-Engineering • Unauthorized Access and Fraud • IP Theft and Piracy Java Mobile Applications Require Protection For Java mobile applications, the recommended method for most mobile developers targeting Android devices is to write native apps using Java and the Android SDK. Attackers typically tamper with a compiled application. Compiled Java programs are composed of bytecode, an intermediate language that is interpreted and translated to machine code by the Java Virtual Machine (JVM). Bytecode consists of a relatively simple instruction set, contains much more metadata than machine code, and translates directly from Java. It is not optimized, contains symbol names and types, clearly demarks boundaries between methods, separates code from data, and contains debug information. All of this makes decompiling Java programs relatively easy. Numerous Java decompilers and other tools are available to attackers for free or little cost. Consequently, Java programs are particularly vulnerable to tampering. Java Code Vulnerabilities Include: • Reverse engineering • Attackers can reverse engineer a bytecode file and decompile the code after it is downloaded to the client. This enables IP theft as well as reverse engineering of security routines or other critical routines that can be found and exploited. • Bypass critical routines • Attackers can patch thick client binaries to bypass authentication logic or exploit restricted functionality contained in your client code. This enables attacks on your server. • Key and credential theft • Often secret keys or authentication credentials are hard coded into components. These are quite simple to identify, and can then be abused to launch attacks on your server. • Easy decompilation • As a interpreted language, Java is very easy to decompile. A number of free and low-cost Java decompilers are widely available and automatically process bytecode to produce amazingly readable source code. Hackers can quickly decompile your bytecode, modify it to implement hacks or create counterfeits, and recompile – resulting in a hacked version of your original application. Product Data Sheet GuardIT® for Java Automated Software Protection with GuardIT GuardIT® is a proven commercial software protection solution for both interpreted and native code. It actively detect, reacts and alerts against attempted application attacks, providing durable and resilient security to today’s threat profiles which can easily bypass security protocols. Arxan’s GuardIT protects critical functions of an application by combining advanced encryption and obfuscation with Guards that are manipulating the bytecode. GuardIT for Java is based on patented technology that features various advanced obfuscation techniques, and is part of the GuardIT family of products. The creation of a customized GuardSpec guides the insertion of various layers of protection for your IP. GuardIT for Java - Core Features Many Java obfuscation solutions largely rely on string encryption and variable renaming to prevent comprehension of disassembled code. However, in today’s sophisticated threat environment, such superficial measures are easily circumvented, giving rise to the myth that Java cannot be secured. In contrast, Arxan’s GuardIT for Java provides protection deep within the class file to durably secure Java bytecode. Technologies used by our protection framework to prevent reverse-engineering, tampering and decompilation attacks include: Arsenal of Guards GuardIT leverages thousands of guard instances, of many types, to comprehensively safeguard your software applications against tampering, piracy and any manner of theft. Class of Defense Guard Type Function DEFEND Obfuscation Transforms program instructions into code that is difficult to disassemble and understand, but has the same functionality as the original String Encryption Encrypts string literals and decryption at run-time Remaming Renames the symbols in the protected application to nonsense strings Resource Encryption Allows the user to encrypt and decrypt at runtime a variety of assets (shard objects, manifest.xml files, expansion files, etc.) in the android APK Debug Info Strips debugging information from Java class files. This prevents the attackers from using debugging information to reverse-engineer a program Class Encryption Encrypts target class files. It transforms Java class files to an obscure format, which is unreadable by machine or human, to prevent a program from being decompiled and to defend it against tamperin Call Hiding Uses Java reflection to hide method calls Checksum Detects whether a program has been modified by computing a checksum within a specified range Debugger Detection Detects whether the program is executing in a debugging environment Resource Verification Verifies resource files or shared library in the APK, at run-time, have not been altered or tampered Hook Detection Detects whether an attacker has overridden a called function that resides in a system library or within the application Root Detection Determines whether the device on which the application is running is rooted DETECT Tagline Font: Myriad Pro RegularBold 12pt www.arxan.com | [email protected] | +1. 301.968.4290