Suggestions for a custom bootstrap class loader

Dan Hicks danhicks at ieee.org
Tue Jun 1 04:12:39 PDT 2010


You could somewhat circumvent the debugger type issues if the code were 
always immediately JITCed before use. iSeries, which had a static 
compiler, used the similar technique of including only the JITCed code 
in the class file, omitting the visible bytecodes.  There was a way to 
find the bytecodes hidden in the JITCed code, but that was a "feature of 
convenience", not a necessary one.

A system with a true JITC could decipher each method as it was 
referenced, immediately JITC it, then delete the deciphered bytecodes.  
Of course this is not efficient JITC-wise (everything has to be JITCed 
to start with, and re-JITC is a pain), and there would be some details 
to work out on the decrypting by parts, but it's doable.

And it's worth noting that most folks interested in this sort of thing 
aren't that anxious to have a "perfect" system -- they just want 
something that makes the job a little tougher.
> Message: 1
> Date: Tue, 1 Jun 2010 10:21:40 +0300
> From: George H <george.dma at gmail.com>
> Subject: Suggestions for a custom bootstrap class loader
> To: hotspot-dev at openjdk.java.net
> Message-ID:
> 	<AANLkTinezlthXW4sHAGWKuJn6IlLOaEP37bmtX_xpruY at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> I have in mind a feature that I would like to see in the OpenJDK and I
> was reading on the OpenJDK webpage that it is better to discuss a new
> feature first on the mailing list before starting on it. And I have a
> few questions to ask. Thought if anyone could provide me with insight,
> tips and some sort of starting point it would be on this mailing list.
>
> My ultimate goal to have the virtual machine load encrypted java
> byte-byte code. Yes, its the age old protecting intellectual property
> (IP) routine.
> Doing this with a custom class loader in Java is out of the question.
> I believe the best way to do this is through the bootstrap class
> loader which is written natively. I was hoping of trying to do the
> following.
>
> 1: Be able to supply a cryptographic key to the VM so that it may use
> it to decrypt/encrypt bytecode on the fly
>
> and/or
>
> 2. Be able to register a second bootstrap class loader that performs
> the on the fly encryption/decryption on the fly, and I can call it
> from inside java programs.
>
> I was thinking that this might be a nice feature for everyone to use
> especially if point No.1 is done. The VM will be better adopted by
> persons and entities who require protection from decompiling class
> files. It would certainly make it easier than having to deploy a
> custom built OpenJDK variant that will load encrypted class files.
>
>
> Currently I have looked at
> "openjdk-6-src-b19-15_apr_2010\hotspot\src\share\vm\classfile\classLoader.cpp"
> and I wonder if there is any more documentation about this file and
> the whole bootstrap class loading process.
>
> What are your suggestions, opinions and responses? I am eager to know
> if this is something many people want or just me?
> I am probably going to inevitably try to do this so any help in
> getting to know the OpenJDK source code would be great.
>
> Thanks
> --
> George
>   
-- 
Dan Hicks
To give pleasure to a single heart by a single kind act is better than a thousand head-bowings in prayer.  --Saadi




More information about the hotspot-dev mailing list