Christian S. Collberg
Clark Thomborson
Skip Abstract Section
Abstract
Fingerprinting embeds a secret message into a cover message. In media fingerprinting, the secret is usually a copyright notice and the cover a digital image. Fingerprinting an object discourages intellectual property theft, or when such theft has occurred, allows us to prove ownership.
The Software Fingerprinting problem can be described as follows. Embed a structure W into a program P such that: W can be reliably located and extracted from P even after P has been subjected to code transformations such as translation, optimization and obfuscation; W is stealthy; W has a high data rate; embedding W into P does not adversely affect the performance of P; and W has a mathematical property that allows us to argue that its presence in P is the result of deliberate actions.
In this article, we describe a software fingerprinting technique in which a dynamic graph fingerprint is stored in the execution state of a program. Because of the hardness of pointer alias analysis such fingerprints are difficult to attack automatically.
- BCEL. 2004. jakarta.apache.org/bcel.Google Scholar
- DynamicJava. 2004. koala.ilog.fr/djava.Google Scholar
- Ahpah. 2005. Sourceagain. ahpah.com.Google Scholar
- Albert, D. and Morse, S. 1982. Combating software piracy by encryption and key management. IEEE Comput. 17, 4 (Apr.), 68--73. Google ScholarDigital Library
- Anderson, R. J. and Peticolas, F. A. 1998. On the limits of steganography. IEEE J-SAC 16, 4 (May).Google ScholarDigital Library
- Arboit, G. 2002. A method for watermarking Java programs via opaque predicates (extended abstract). In Proceedings of the 5th International Conference on Electronic Commerce Research (ICECR-5). citeseer.nj.nec.com/arboit02method.html.Google Scholar
- Bacon, D. F., Graham, S. L., and Sharp, O. J. 1994. Compiler transformations for high-performance computing. ACM Comput. Surv. 26, 4 (Dec.), 345--420. Google ScholarDigital Library
- Baker, B. S. and Manber, U. 1998. Deducing similarites in Java sources from bytecodes. In Proceedings of the Usenix Annual Technical Conference. Google ScholarDigital Library
- Bender, W., Gruhl, D., Morimoto, N., and Lu, A. 1996. Techniques for data hiding. IBM Syst. J. 35, 3&4, 313--336. Google ScholarDigital Library
- Chang, H. and Atallah, M. 2001. Protecting software code by guards. In Security and Privacy in Digital Rights Management, ACM CCS-8 Workshop DRM 2001 (Philadelphia, PA), Lecture Notes in Computer Science, Vol. 2320. Springer Verlag, New York. Google ScholarDigital Library
- Chow, S., Gu, Y., Johnson, H., and Zakharov, V. 2001. An approach to the obfuscation of control-flow of sequential computer programs. In Information Security: Fourth International Conference (ISC 2001), Davida and Frankl, Eds. Lecture Notes in Computer Science, vol. 2200. Springer Verlag, 144--155. Google ScholarDigital Library
- Collberg, C., Carter, E., Kobourov, S., and Thomborson, C. 2003a. Error-correcting graphs. In Proceedings of the Workshop on Graphs in Computer Science (WG'2003).Google Scholar
- Collberg, C., Myles, G., and Huntwork, A. 2003b. SandMark---A tool for software protection research. IEEE Magazine of Security and Privacy 1, (Aug.). Google ScholarDigital Library
- Collberg, C. and Thomborson, C. 1999. Software watermarking: Models and dynamic embeddings. In Conference Record of POPL '99: The 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Antonio, TX). ACM, New York. Google ScholarDigital Library
- Collberg, C., Thomborson, C., and Low, D. 1997. A taxonomy of obfuscating transformations. Tech. Rep. 148, Department of Computer Science, University of Auckland. July. citeseer.nj.nec.com/collberg97taxonomy.html.Google Scholar
- Collberg, C., Thomborson, C., and Low, D. 1998a. Breaking abstractions and unstructuring data structures. In Proceeding of the IEEE International Conference on Computer Languages, ICCL'98. (Chicago, IL), IEEE Computer Society Press, Los Alamitos, CA. Google ScholarDigital Library
- Collberg, C., Thomborson, C., and Low, D. 1998b. Manufacturing cheap, resilient, and stealthy opaque constructs. In Proceedings of the Principles of Programming Languages (POPL'98) (San Diego, CA), ACM, New York. Google ScholarDigital Library
- Compaq. 2004. FreePort Express. hwww.support.compaq.com/amt/tools/migrate-cover.html.Google Scholar
- Cousot, P. and Cousot, R. 2004. An abstract interpretation-based framework for software watermarking. In Proceedings of the ACM Principles of Programming Languages. ACM, New York. Google ScholarDigital Library
- Craver, S., Memon, N., Yeo, B.-L., and Yeung, M. M. 1998. Resolving rightful ownerships with invisible watermarking techniques: limitations, attacks, and implications. IEEE J. Select. Areas. Commun. 16, 4 (May), 573--586.Google ScholarDigital Library
- Davidson, R. and Myhrvold, N. 1996a. Method and system for generating and auditing a signature for a computer program. US Patent 5,559,884, Assignee: Microsoft Corporation. www.delphion.com/details?pn=US055598844.Google Scholar
- Davidson, R. L. and Myhrvold, N. 1996b. Method and system for generating and auditing a signature for a computer program. US Patent 5,559,884. Assignee: Microsoft Corporation.Google Scholar
- Debray, S., Evans, W., Muth, R., and Sutter, B. D. 2000. Compiler techniques for code compaction. ACM Trans. Prog. Lang. Syst. 22, 2 (Mar.), 378--415. Google ScholarDigital Library
- Debray, S., Muth, R., Watterson, S., and Bosschere, K. D. 2001a. ALTO: A link-time optimizer for the Compaq Alpha. Softw.---Pract. Exp. 31, 67--101. Google ScholarDigital Library
- Debray, S., Schwarz, B., Andrews, G., and Legendre, M. 2001b. PLTO: A link-time optimizer for the Intel IA-32 architecture. In Proceedings of the 2001 Workshop on Binary Rewriting (WBT-2001).Google Scholar
- Ghiya, R. and Hendren, L. J. 1996. Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL'96) (St. Petersburg Beach, FL). ACM, New York, 1--15. Google ScholarDigital Library
- Goulden, I. P. and Jackson, D. M. 1983. Combinatorial Enumeration. Wiley, New York. Google ScholarDigital Library
- Halstead, M. H. 1977. Elements of Software Science. Elsevier North-Holland. Amsterdam, The Netherlands. Google ScholarDigital Library
- Harary, F. and Palmer, E. 1973. Graphical Enumeration. Academic Press, New York.Google Scholar
- Harrison, W. A. and Magel, K. I. 1981. A complexity measure based on nesting level. SIGPLAN Notices 16, 3, 63--74. Google ScholarDigital Library
- Hauser, R. C. 1995. Using the Internet to decrease software piracy---On anonymous receipts, anonymous ID cards, and anonymous vouchers. In INET'95 The 5th Annual Conference of the Internet Society The Internet: Towards Global Information Infrastructure. Vol. 1. (Honolulu, Hawaii), 199--204.Google Scholar
- Heffner, K. and Collberg, C. S. 2004. The obfuscation executive. In Information Security, 7th International Conference. Lecture Notes in Computer Science, Vol. 3225. Springer Verlag, New York, 428--440.Google Scholar
- Henry, S. and Kafura, D. 1981. Software structure metrics based on information flow. IEEE Trans. Softw. Eng. 7, 5 (Sept.), 510--518. Google ScholarDigital Library
- Herzberg, A. and Karmi, G. 1984. On software protection. In Proceedings of the 4th Jerusalem Conference on Information Technology. Jerusalem, Israel.Google Scholar
- Herzberg, A. and Pinter, S. S. 1987. Public protection of software. ACM Trans. Comput. Syst. 5, 4 (Nov.), 371--393. Google ScholarDigital Library
- Horne, B., Matheson, L., Sheehan, C., and Tarjan, R. E. 2001. Dynamic self-checking techniques for improved tamper resistance. In Security and Privacy in Digital Rights Management, ACM CCS-8 Workshop (DRM 2001). (Philadelphia, PA). Lecture Notes in Computer Science, vol. 2320, Springer Verlag, New York. Google ScholarDigital Library
- International Planning and Research Corporaation. 2003. Eighth annual BSA global software piracy study. Global.bsa.org/globalstudy.Google Scholar
- Knuth, D. E. 1997. Fundamental Algorithms, Third ed. The Art of Computer Programming, vol. 1. Addison-Wesley, Reading, MA. Google ScholarDigital Library
- Kundu, S. and Misra, J. 1997. A linear tree partitioning algorithm. SIAM J. Comput. 6, 1 (Mar.), 151--154.Google Scholar
- Madou, M., Anckaert, B., Sutter, B. D., and Bosschere, K. D. 2005. Hybrid static-dynamic attacks against software protection mechanisms. In DRM '05: Proceedings of the 5th ACM Workshop on Digital Rights Management. ACM, New York, 75--82. Google ScholarDigital Library
- Malhotra, Y. 1994. Controlling copyright infringements of intellectual property: the case of computer software. J. Syst. Manage. 45, 6 (June), 32--35. part 1, part 2: No 7, Jul. pp. 12--17.Google Scholar
- Maude, T. and Maude, D. 1984. Hardware protection against software piracy. Commun. ACM 27, 9 (Sept.), 950--959. Google ScholarDigital Library
- McCabe, T. J. 1976. A complexity measure. IEEE Trans. Softw. Eng. 2, 4 (Dec.), 308--320. Google ScholarDigital Library
- Monden, A., Iida, H., ichi Matsumoto, K., Torii, K., and Ichisugi, Y. 1998. Watermarking method for computer programs. In Proceedings of the 1998 Symposium on Cyptography and Information Security (SCIS'98 - 9.2A). (In Japanese).Google Scholar
- Monden, A., Iida, H., Matsumoto, K., Inoue, K., and Torii, K. 2000. A practical method for watermarking Java programs. In Proceedings of the 24th Computer Software and Applications Conference. Google ScholarDigital Library
- Mori, R. and Kawahara, M. 1990. Superdistribution: The concept and the architecture. The Transactions of the IEICE 73, 7 (July). www.virtualschool.edu/mon/ElectronicProperty/MoriSuperdist.html.Google Scholar
- Moskowitz, S. A. and Cooperman, M. 1996. Method for stega-cipher protection of computer code. US Patent 5,745,569. Assignee: The Dice Company.Google Scholar
- Munson, J. C. and Kohshgoftaar, T. M. 1993. Measurement of data structure complexity. J. Syst. Softw. 20, 217--225. Google ScholarDigital Library
- Muratani, H. 2001. A collusion-secure fingerprinting code reduced by Chinese remaindering and its random-error resilience. In Information Hiding: 4th International Workshop (IHW 2001). (Pittsburgh, PA), 303--315. Google ScholarDigital Library
- Myles, G. and Collberg, C. 2003. Software watermarking through register allocation: Implementation, analysis, and attacks. In Proceedings of the International Conference on Information Security and Cryptology.Google Scholar
- Myrvold, W. and Ruskey, F. 2001. Ranking and unranking permutations in linear time. Inf. Proc. Lett. 79, 6 (Sept.), 281--284. Google ScholarDigital Library
- Nagra, J. 2006. Threading software watermarks. Ph.D. dissertation. University of Auckland, Auckland, New Zealand.Google Scholar
- Nagy-Farkas, D. 2004. The Easter egg archive. www.eeggs.com.Google Scholar
- Nystrom, N. 2004. BLOAT---The Bytecode-Level Optimizer and Analysis Tool. www.cs. purdue.edu/s3/projects/bloat.Google Scholar
- Oviedo, E. I. 1980. Control flow, data flow, and program complexity. In Proceedings of IEEE COMPSAC. 146--152.Google Scholar
- Palsberg, J., Krishnaswamy, S., Kwon, M., Ma, D., Shao, Q., and Zhang, Y. 2000. Experience with software watermarking. In Proceedings of ACSAC'00, 16th Annual Computer Security Applications Conference. 308--316. citeseer.nj.nec.com/323325.html. Google ScholarDigital Library
- Peticolas, F. A., Anderson, R. J., and Kuhn, M. G. 1998. Attacks on copyright marking systems. In Proceedings of the 2nd Workshop on Information Hiding (Portland, OR). Google ScholarDigital Library
- Petitcolas, F. A. P. 2004. Stirmark 3.1. www.cl.cam.ac.uk/~fapp2/watermarking/stirmark.Google Scholar
- Pieprzyk, J. 1999. Fingerprints for copyright software protection. In Proceedings of the 2nd International Workshop on Information Security (ISW'99), Lecture Notes in Computer Science, vol. 1729, Springer Verlag, pp. 178. Google ScholarDigital Library
- Proebsting, T. A. and Watterson, S. A. 1997. Krakatoa: Decompilation in Java (Does bytecode reveal source?). In Proceedings of the 3rd USENIX Conference on Object-Oriented Technologies and Systems (COOTS). Google ScholarDigital Library
- Qu, G. and Potkonjak, M. 1998. Analysis of watermarking techniques for graph coloring problem. In Proceedings of the 1998 IEEE/ACM International Conference on Computer-Aided Design. ACM, New York 190--193. Google ScholarDigital Library
- Ramalingam, G. 1994. The undecidability of aliasing. ACM Trans. Prog. Lang. Syst. 16, 5 (Sept.), 1467--1471. Google ScholarDigital Library
- Sahoo, T. and Collberg, C. 2004. Software watermarking in the frequency domain: Implementation, analysis, and attacks. Tech. Rep. TR04-07, Department of Computer Science, University of Arizona. Mar.Google Scholar
- Simmel, S. S. and Godard, I. 1994. Metering and Licensing of Resources - Kala's General Purpose Approach. In Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment. The Journal of the Interactive Multimedia Association Intellectual Property Project, Coalition for Networked Information. Interactive Multimedia Association, John F. Kennedy School of Government, MIT, Program on Digital Open High-Resolution Systems, 81--110.Google Scholar
- Stern, J. P., Hachez, G., Koeune, F., and Quisquater, J.-J. 1999. Robust object watermarking: Application to code. In Information Hiding. 368--378. Google ScholarDigital Library
- Thomborson, C., Nagra, J., Somaraju, R., and He, C. 2004. Tamper-proofing software watermarks. In Proceedings of the 2nd Australasian Information Security Workshop (AISW2004), P. Montague and C. Steketee, Eds. Number 32 in CRPIT. ACS, 27--36. Google ScholarDigital Library
- Venkatesan, R., Vazirani, V., and Sinha, S. 2001. A graph theoretic approach to software watermarking. In Proceedings of the 4th International Information Hiding Workshop (Pittsburgh, PA). Google ScholarDigital Library
- Wang, C. 2000. A security architecture for survivability mechanisms. Ph.D. dissertation, University of Virginia, School of Engineering and Applied Science. www.cs.virginia. edu/~survive/pub/wangthesis.pdf. Google ScholarDigital Library
Index Terms
- Dynamic graph-based software fingerprinting
Recommendations
Dynamic path-based software watermarking
PLDI '04: Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementationSoftware watermarking is a tool used to combat software piracy by embedding identifying information into a program. Most existing proposals for software watermarking have the shortcoming that the mark can be destroyed via fairly straightforward ...
Dynamic path-based software watermarking
PLDI '04Software watermarking is a tool used to combat software piracy by embedding identifying information into a program. Most existing proposals for software watermarking have the shortcoming that the mark can be destroyed via fairly straightforward ...
A semi-dynamic multiple watermarking schemefor java applications
DRM '09: Proceedings of the nineth ACM workshop on Digital rights managementSoftware protection and security has been a more and more important issue. In order to prevent software from unauthorized use and modification, a great many techniques have been proposed and developed. In this paper, we address this issue through a ...
Comments