Software protection via encryption is an effective way to prevent software pirate from understanding the program by means of reverse engineering. Traditional software protection method via encryption has obvious runtime overhead and start up delay because of its one-time decryption prior to execution. Moreover, fully decrypted code can easily be obtained from memory. A novel approach, called just-in-time(JIT) decryption, was proposed. JIT decryption differs from traditional decryption method in that it decrypts only one function in a time and reveal the secret of the software step by step. The runtime JIT decipherator only decrypts called functions in a certain run of the program. The uncalled functions remain a secret for an attacker, where self-checking code can be hidden. So it is hard for an attacker to understand the entire program and thus hard to remove all the protecting code. Because decryption is scattered, the start up delay no longer exists. One-time pad based cipher further reduce the runtime overhead as compared with symmetric algorithms. JIT decryption makes encryption based software protection more applicable in practice and harder to attack.
Devanbu P, Stubblebine S.Software engineering for security, a roadmap Proceedings of the Conference on the Future of Software Engineering. New York:ACM Press,2000:227-239
Schneier B. Ӧ������ѧ,Э��,�㷨��CԴ����[M].�ڶ���. ����:��е��ҵ������,1996:11-13 Schneier B. Applied cryptography, protocols, algorithms, and source code in C . 2nd ed. Beijing:China Machine Press,1996:11-13(in Chinese)
AYCOCK J.A brief history of just-in-time[J].ACM Computing Surveys.2003, 35(2):97-113
Cramer T, Friedman R, Miller T, et al. Compiling Java just in time[J].IEEE Micro.1997,17(3):36-43
Collberg C, Thomborson C. Software watermarking:models and dynamic embeddings Principles of Programming Languages. San Antonio:ACM Press, 1999:311-324
Collberg C, Thomborson C. Watermarking, tamper-proofing, and obfuscation-tools for software protection[J].IEEE Transactions on Software Engineering.2002, 28:735-746
Horne B, Matheson L R, Sheehan C, et al. Dynamic self-checking techniques for improved tamper resistance Security and Privacy in Digital Rights Management, LNCS 2320. London:Springer Verlag,2001:141-159