Java Applet Client Security

Studenteropgave: Kandidatspeciale og HD afgangsprojekt

  • Dan Lund Christensen
4. semester, Software, Kandidat (Kandidatuddannelse)
This report documents the attempt to raise security for clients against a threat model, with these three attacks; Man-In-The-Middle(MITM), phishing, and tampering attacks. The analysis describes security mechanisms and existing technology to prevent the three attacks in the threat model. It was discovered in the analysis that there exists technology to prevent MITM and phishing attacks, but no security mechanism exist to prevent tampering of Java client programs. Instead of designing and implementing existing technology as security mechanisms to prevent MITM and phishing attacks, the project should be, to design and implement a possible tamper-proofing security mechanism for Java client programs. In the design and implementation chapters, documentation of the prototype tamper-proofing security mechanism is found. The test shows that the security mechanism is not sufficient, to ensure that the client was actual tamper-proof. However, when the prototype was tested, a nice property was found in the embedding of an illegal byte array operation, which could make it possible to allow one to trust the client for a small period of time.
Udgivelsesdatojun. 2007
ID: 61070944