为Java程序打造更安全的旅行
Java is everywhere – from embedded devices, servers in the cloud, enterprise-level applications to those little browser games that everybody likes to waste some time on. As ubiquitous as Java, however, are the risks and threats to the versatile multiplatform technology. And these risks are lurking at every corner of the Java journey.
When Java source code is compiled, it first takes a brief detour under a new guise, called Java Byte Code. Only when it arrives at its destination will this code be finally interpreted and executed by the Java Virtual Machine (JVM). This is one of the pillars of the multi-platform capabilities of Java, but it is a pillar standing on clay feet from an IT security point of view:
Would-be attackers need only simple, freely shared tools to not only tamper with the Java Byte Code, but to actually transition it back into the source code. Even rookie hackers can easily reverse-engineer the inner workings of an application, make copies, or just remove simpler license checks from the code.
To circumnavigate these risks, AxProtector Java comes with the ability to automatically encrypt the Java Byte Code. It can only be decrypted on the fly during loading and before the JVM springs into action, and only if the right license is available. No decrypted Byte Code will find its way onto the hardware during the entire process.
For simple applications, all functions can be protected with a single license, that is, encrypted by AxProtector Java with the key belonging to that license. This makes the licensing process particularly robust, as it is cryptographically dependent on the presence of the key. More modular applications can use different keys for different functions: The users would then only have access to those functions for which they have the right licenses for decryption.
In all of this, the choice of license container does not matter: CodeMeter supports either the secure CmDongle hardware (USB sticks, secure memory cards, or ASIC) or the software-based CmActLicense that is tied to a specific device.
AxProtector Java makes it easy to implement versatile licensing models either on the class level or the method level. The settings for this can be configured via a GUI, an xml file, or directly by annotations in the Java source code, which makes for simple integration in existing build and distribution processes.
The webinar reveals how AxProtector Java can protect Java applications.
Agenda
- How Java works
- Security and Java
- AxProtector Java at a glance
- Flexible licensing and protection capabilities
- Class-level encryption
- Method-level encryption
- Demo
- Advanced security features
- Integrating traps
- Encrypting the constant pool
- Encrypting the flow of control
- Obfuscation
- Integrity checks
- Status quo with CodeMoving
- Support for Java 9
- Encrypting modular JARs
- Summary and look-ahead
With AxProtector Java, protecting a wide variety of Java applications is easier than ever, whether they are desktop or server applications, stand-alone or applications run from a server, optimized for a specific platform, or multi-platform applications following the “Write once, run anywhere” principle. AxProtector Java is the premier choice for effective software protection and licensing: Time-efficient, robust, secure, and with full control over every parameter.