[SC-L] Managing the insider threat through code obfuscation
Kenneth R. van Wyk
Ken at krvw.com
Thu Dec 15 08:59:29 EST 2005
This morning, an article caught my attention -- "Managing the insider threat
through code obfuscation",
http://www.itmanagersjournal.com/article.pl?sid=05/12/13/1736253
The article's premise is that, because attackers can find out a great deal
about the internals of databases and such by decompiling bytecode (in Java
and .NET), bytecode should be obfuscated to hide its internal details. The
article points to several commercial bytecode obfuscation products:
http://www.devdirect.com/ALL/OBFUSCATIORS_PCAT_2014.aspx
I hadn't heard of this approach before, although I'm quite familiar with how
easy it is to decompile Java bytecode. My questions for the group are:
o Anyone here have any good/bad experiences with bytecode obfuscation?
o What is the impact on performance of the bytecode?
o How about compatibility with various JVMs?
o How much protection do these obfuscators really provide?
o Is this all just a bunch of product marketing hooey?
Well, at least the article uses the term "threat" correctly...
Cheers,
Ken van Wyk
---
KRvW Associates, LLC
http://www.KRvW.com
More information about the SC-L
mailing list