Identifying Code Tampering Using A Bytecode Comparison Analysis Tool

The issues related to SolarWinds attacks point out a large concern with modern software development projects in that there are fundamental flaws with existing security infrastructure. The purpose of this research is to investigate to what extent can the SootDiff analysis tool, a bytecode comparison tool, be used to determine if an application has been tampered with by comparing a known good version with a version that is unknown. The compiled and decompiled bytecodes as Jimple representations were compared to analyze the unique differences in identifying code tempering. The results showed that the scope of the variable is important in whether the change was detected. Variables with a scope that was entirely contained within one method could have their names changed without triggering a warning, but global variables to objects could not. The parameter variable and the local variable behave differently. Since the parameter is in the publicly available part of the method Java treats it the same way as it does the global variable. The local variable is strictly private to the method and not made available to the outside. Such findings can support the analysis tool which is useful for identifying potential breaches to detect meaningful changes in code even if it is decompiled.