由於Java對程式的內容與結構都有很嚴格的限制，而且當Java虛擬機器（Java Virtual Machine，簡稱JVM）載入類別檔（class file）時，都需要驗證。因此適用於C、Fortran或組合語言撰寫的程式的防篡改技術，並不能直接使用於Java程式。目前學界及業界尚未出現針對Java軟體所設計的防篡改器。

　　本論文提出一個新穎的適用於Java軟體的防篡改技術。它整合了不明顯的雜湊運算（oblivious hashing）、檢查網（guards network）與複雜流程混淆法（complex flow obfuscation）等三種軟體保護技術。首先利用我們新提出的動態堆疊追蹤法改良不明顯的雜湊運算，在程式中加入額外的雜湊指令監控堆疊的頂層元素，藉此判別程式是否曾被篡改。並引入檢查網的概念來散布檢查點，並找出程式片段的支配樹（dominator tree）來決定檢查點的位置，如此將檢查點散佈到程式各地，組成嚴密的檢查網，增加對程式的保護強度。最後將檢查網隨機轉換成三種複雜的程式流程。因為目前沒有Java反編譯器能完全破解此種複雜的程式流程，如此不僅能夠增加檢查網的複雜度，並能避免程式被反編譯，同時達到混淆的功效。為了適當補償加入檢查網對程式造成的影響，本論文開發了位元組碼（bytecode）模擬器，以使加入之保護碼仍能通過JVM的位元組碼（bytecode）驗證。本論文已完成實作，並分析加入之保護碼之效能影響。

　　This paper presents a novel Java software tamper-proofing technology by integrating oblivious hashing, guards network, and complex flow obfuscation. Checking if programs have been tampered is performed by a new dynamic stack-tracing approach for oblivious hashing. The guards network connects the guards in different basic blocks to enhance the strength of the protection of the system. The “dominator tree” of the to-be-protected program segment is found and guards network is inserted along the selected path of the tree. Finally, the guards network is transformed into three complex flow patterns at random, which not only increases the complexity of the guards network, but also protects programs from decompiling. As we surveyed and tested, at present no Java decompilers can fully decompile the three complex flow patterns. A bytecode simulator is developed to evaluate and compromise the effects of adding guards network, hence the output program can pass the bytecode verification of JVM. A demonstration prototype is implemented. The tradeoffs of the protection are analyzed.

[1] Tuomas Aura, Dieter Gollmann, “Software license management with smart cards,” Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard ’99), Chicago, p.75-85, May 1999.

[2] David Aucsmith, “Tamper Resistant Software: An Implementation,” Proceedings of the first International Information Hiding Workshop (IHW), Cambridge, England, 1996, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 1174, p. 317-333, May/June 1996.

[3] Business Software Alliance, “Piracy Study: Trends in Software Piracy, 1994-2002,” http://www.bsa.org/globalstudy/, June 2003.

[4] S. Chow, P. Eisen, H. Johnson and P.C. van Oorschot, “A White-Box DES Implementation for DRM Applications,” Security and Privacy in Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 2002, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 2696, p. 1-15, October 2003.

[5] Hoi Chang and Mikhail Atallah, “Protecting software code by guards,” Proceedings of the first ACM Workshop on Security and Privacy in Digital Rights Management, Philadelphia, Pennsylvania, USA, November 2001, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 2320, p. 160-175, 2002.

[6] Christian Collberg, Clark Thomborson, “Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection,” IEEE Transactions on Software Engineering, vol. 28, no. 8, p. 735-746, August 2002.

[7] Christain Collberg, Clark Thomborson, “Software watermarking: models and dynamic embeddings,” Proceedings of the twenty-sixth ACM SIGPLAN-SIGACT symposium on Principles of programming languages, San Antonio, Texas, United States, p. 311-324, January 1999.

[8] Yuqun Chen, Ramrathnam Venkatesan, Matthew Cary, Ruoming Pang, Saurabh Sinha and Mariusz H. Jakubowski, “Oblivious hashing: a stealthy software integrity verification primitive,” Information Hiding, the fifth International Workshop, IH 2002, Noordwijkerhout, The Netherlands, October 2002, Revised Paper. Lecture Notes in Computer Science (LNCS), vol. 2578, p. 400-414, 2003.

[9] D Harel, “A linear algorithm for finding dominators in flow graphs and related problems,” Proceedings of the seventeenth annual ACM symposium on Theory of computing, Providence, Rhode Island, United States, p.185-194, May 1985.

[10] Markus Jakobsson , Michael K. Reiter, “Discouraging Software Piracy Using Software Aging,” Proceedings of the first ACM Workshop on Security and Privacy in Digital Rights Management, Philadelphia, Pennsylvania, USA, November 2001, p. 1-12, November 05, 2001, Revised Papers. Lecture Notes in Computer Science (LNCS), vol. 2320, p. 1-12, 2002.

[11] Thomas Lengauer , Robert Endre Tarjan, “A fast algorithm for finding dominators in a flowgraph,” ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 1 no. 1, p. 121-141, July 1979.

[12] Tim Lindholm, Frank Yellin, “The JavaTM Virtual Machine Specification,” Addison-Wesley Professional, April 1999, http://java.sun.com/docs/books/vmspec/2nd-edition/html/VMSpecTOC.doc.html.

[13] David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, Mark Horowitz, “Architectural Support for Copy and Tamper Resistant Software,” Proceedings of the nineth international conference on Architectural support for programming languages and operating systems, Cambridge, Massachusetts, United States, p. 168-177, 2000.

[14] Jon Meyer, “Jasmin,” March 1997, http://cat.nyu.edu/~meyer/jvm/.

[15] Gleb Naumovich, Nasir Memon, “Preventing piracy, reverse engineering, and tampering,” IEEE Computer Society Press, vol. 36, no. 7, p. 64 – 71, July 2003.

[16] Raja Vallée-Rai, Laurie Hendren, Vijay Sundaresan, Patrick Lam, Etienne Gagnon and Phong Co, “Soot - a Java bytecode optimization framework,” Proceedings of CASCON 1999, Mississauga, Ontario, Canada, p. 125—135, 1999, http://www.sable.mcgill.ca/soot/.

[17] 吳朝相, “一切從’殼’開始”, Feb 23, 1999, http://wongtaisin.uhome.net/unpack/lesson102.htm.

[18] 蔡明修, “使用反反編譯混淆法設計與實作Java抗加入式浮水印產生器,” 國立成功大學工程科學系碩士班碩士論文, 2003.

[19] 德錡實業有限公司, “外殼加密”, 2003, http://www.mtitw.com/dis2.htm..

[20] 賴溪松, 韓亮, 張真誠, “近代密碼學及其應用”, 台北市, 旗標, 2003.