Java Obfuscation with a Theoretical Basis for Building Secure Mobile Agents

  • Yusuke Sakabe
  • Masakazu Soshi
  • Atsuko Miyaji
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


In this paper we propose novel techniques to obfuscate Java programs for developing secure mobile agent systems. Our obfuscation techniques take advantage of polymorphism and exception mechanism of object-oriented languages and can drastically reduce the precision of points-to analysis of the programs. We show that determining precise points-to analysis in obfuscated programs is NP-hard and the fact provides a theoretical basis for our obfuscation techniques. Furthermore, in this paper we present some empirical experiments, whereby we demonstrate the effectiveness of our approaches.


mobile agents security obfuscation static analysis computational complexity 


  1. 1.
    Hohl, F.: Time limited blackbox security: Protecting mobile agents from malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, the University of Auckland, Auckland, New Zealand (1997)Google Scholar
  3. 3.
    Aucsmith, D.: Tamper resistant software: An implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  4. 4.
    Mambo, M., Murayama, T., Okamoto, E.: A tentative approach to constructing tamper-resistant software. In: New Security Paradigm Workshop, pp. 23–33 (1997)Google Scholar
  5. 5.
    Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEICE Transactions on Fundamentals E86-A, 176–186 (2003)Google Scholar
  6. 6.
    Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: Obstructing static analysis of programs. Technical Report CS-2000-12, Department of Computer Science, University of Virginia (2000)Google Scholar
  7. 7.
    Chatterjee, R., Ryder, B.G., Landi, W.: Complexity of points-to analysis of Java in the presence of exceptions. IEEE Transactions on Software Engineering 27, 481–512 (2001)Google Scholar
  8. 8.
    Garey, M.R., Johnson, D.S.: Computers and Intractability – A Guide to the Theory of NP-completeness. W. H. Freeman and Co., New York (1979)Google Scholar
  9. 9.
    Sander, T., Tschudin, C.F.: Protecting mobile agents against malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 44–60. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Kotzanikolaou, P., Burmester, M., Chrissikopoulos, V.: Secure transactions with mobile agents in hostile environments. In: Clark, A., Boyd, C., Dawson, E.P. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 289–297. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Myers, E.W.: A precise inter-procedural data flow algorithm. In: Conference record of the 8th ACM Symposium on Principles of Programming Languages (POPL), pp. 219–230 (1981)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Yusuke Sakabe
    • 1
  • Masakazu Soshi
    • 1
  • Atsuko Miyaji
    • 1
  1. 1.School of Information ScienceJapan Advanced Institute of Science and TechnologyIshikawaJapan

Personalised recommendations