Code theft detection by software birthmarks for binary executables

Abstract

A code theft may make severe damages to the companies that have software as their major assets. To deal with code thefts, various methods have been developed such as software tamper proofing, code obfuscation, software watermarking, and software birthmarking. Software tamper proofing and code obfuscation are techniques to prevent or hinder illegal uses of program codes. Software watermarking and software birthmarking are techniques to confirm that software is illegally copied or contained in another programs. Software watermarking is different from software birthmarking in a sense that software watermarking embeds watermarks in software and extracts them to verify the originality of programs, while techniques of software birthmarking only utilize program codes themselves. Software birthmarking is considered as one of code plagiarism detection techniques. However, the term software birthmarking is used for detecting code theft in executable files, while the term code plagiarism detection is used for detecting code theft in source codes. In this thesis, software birthmarking techniques for binary executables are proposed. Prior to this research, software birthmarking has been targeted to executable files that are composed of intermediate codes such as Java bytecodes, which are simpler to analyze than OS-dependant binary executables. However, these binary executables account for higher proportion in real world applications than intermediate code executables. Besides, most lawsuits on code theft are related to binary executables. For these reasons, most birthmarking techniques target binary executables for the practical usage. The proposed birthmarks for binary executables are as follow: - a static API birthmark for binary executables that utilizes call graphs and API function calls, and - a dynamic API birthmark for binary executables that utilizes API function call traces at run-time. API functions are utilized as birthmarks for two reasons. The...