With the improvement of network and browser performance, the Web JavaScript applications are becoming more and more diversity, and their execution capabilities and performance enhancements have also made more important logic from the back-end to the front-end. At the same time, it also means that the work that JavaScript undertakes is becoming more and more important, and its own security issues and requirements are all the more urgent. In the source code transmission Web environment, how to ensure the security of JavaScript application code and prevent it from being maliciously analyzed and utilized is crucial to protecting the rights of network service providers.
The current mainstream JavaScript code protection measures are mainly streamlined, encrypted, and obfuscated. The features of JavaScript source code transfer make it easier to reverse analyze than traditional compiled binary applications. Coupled with the function of browser debugger getting the better and better, these protection methods are difficult to play a very good protection effect. In order to solve the flaws in the above methods and protect the key JavaScript logic from being maliciously analyzed and used, this paper presents a WebAssembly-based JavaScript code virtualization protection method called JSVMP (Virtual Machine based code Protection for JavaScript). On the one hand, Introduce the idea of code virtualization to protect the execution logic of JavaScript code, on the other hand, the virtual interpreter is implemented based on WebAssembly technology, and the core logic of the virtual machine is hidden by compiling. The main research work of this thesis is summarized as follows:
(1) Provides a detailed analysis of the mainstream JavaScript code protection methods and analyzes their basic principles, technical characteristics, and security challenges. Present a JavaScript code protection scheme based on the idea of code virtualization protection.
(2) Design a virtualization protection scheme for JavaScript code. Analyze and introduce design details such as instruction splitting, virtual machine architecture, virtual instruction set, virtual interpreter, and instruction mapping encoding rules.
(3) Design and implement a virtual interpreter based on WebAssembly, using the new WebAssembly technology to improve the design and compilation of the virtual interpreter, to protect the core modules of the virtual machine architecture.
(4) Implement the JSVMP prototype system, and select the practical application and a variety of protection tools to evaluate the prototype system to verify the practicability and effectiveness of the proposed method.
YOU CAN GET JSVMP FROM jsvmp.com