Hostname: page-component-78c5997874-ndw9j Total loading time: 0 Render date: 2024-11-05T12:51:34.841Z Has data issue: false hasContentIssue false

Semantics-based software watermarking by abstract interpretation

Published online by Cambridge University Press:  15 May 2018

MILA DALLA PREDA
Affiliation:
Department of Computer Science, University of Verona, Strada le Grazie 15, Verona 37134, Italy Emails: [email protected], [email protected]
MICHELE PASQUA
Affiliation:
Department of Computer Science, University of Verona, Strada le Grazie 15, Verona 37134, Italy Emails: [email protected], [email protected]

Abstract

Software watermarking is a software protection technique used to defend the intellectual property of proprietary code. In particular, software watermarking aims at preventing software piracy by embedding a signature, i.e. an identifier reliably representing the owner, in the code. When an illegal copy is made, the owner can claim his/her identity by extracting the signature. It is important to hide the signature in the program in order to make it difficult for the attacker to detect, tamper or remove it. In this work, we present a formal framework for software watermarking, based on program semantics and abstract interpretation, where attackers are modelled as abstract interpreters. In this setting, we can prove that the ability to identify signatures can be modelled as a completeness property of the attackers in the abstract interpretation framework. Indeed, hiding a signature in the code corresponds to embed it as a semantic property that can be retrieved only by attackers that are complete for it. Any abstract interpreter that is not complete for the property specifying the signature cannot detect, tamper or remove it. We formalize in the proposed framework the major quality features of a software watermarking technique: secrecy, resilience, transparence and accuracy. This provides a unifying framework for interpreting both watermarking schemes and attacks, and it allows us to formally compare the quality of different watermarking techniques. Indeed, a large number of watermarking techniques exist in the literature and they are typically evaluated with respect to their secrecy, resilience, transparence and accuracy to attacks. Formally identifying the attacks for which a watermarking scheme is secret, resilient, transparent or accurate can be a complex and error-prone task, since attacks and watermarking schemes are typically defined in different settings and using different languages (e.g. program transformation vs. program analysis), complicating the task of comparing one against the others.

Type
Paper
Copyright
Copyright © Cambridge University Press 2018 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

This work was partly supported by the MIUR FIRB 2013 project FACE RBFR13AJFT.

References

Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P. and Yang, K. (2001). On the (im)possibility of obfuscating programs. In: CRYPTO '01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, Springer-Verlag 1–18.Google Scholar
BSA (2016). Global Software Survey: Seizing Opportunity Through License Compliance, Online. Available at http://globalstudy.bsa.org/2016/.Google Scholar
Collberg, C., Carter, E., Debray, S., Huntwork, A., Kececioglu, J., Linn, C. and Stepp, M. (2004). Dynamic path-based software watermarking. SIGPLAN Not. 39 (6) 107118.Google Scholar
Collberg, C. and Thomborson, C. (2002). Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Transactions Software Engineering 28 735746.Google Scholar
Collberg, C. and Thomborson, C.D. (1999). Software watermarking: Models and dynamic embeddings. In: POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM 311–324.Google Scholar
Collberg, C., Thomborson, C.D. and Low, D. (1997). A taxonomy of obfuscating transformations; Technical Report 148; Department of Computer Science, The University of Auckland.Google Scholar
Collberg, C., Thomborson, C.D. and Low, D. (1998). Manufactoring cheap, resilient, and stealthy opaque constructs. In: Proceedings of Conference Record of the 25st ACM Symp osium on Principles of Programming Languages (POPL'98), ACM Press 184–196.Google Scholar
Cousot, P. (2002). Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theoretical Computer Science 277 (1–2) 47103.Google Scholar
Cousot, P. and Cousot, R. (1977). Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the 4th ACM Symposium on Principles of Programming Languages (POPL'77), ACM Press 238–252.Google Scholar
Cousot, P. and Cousot, R. (1979). Systematic design of program analysis frameworks. In: Conference Record of the 6th ACM Symposium on Principles of Programming Languages (POPL'79), ACM Press 269–282.Google Scholar
Cousot, P. and Cousot, R. (2002). Systematic design of program transformation frameworks by abstract interpretation. In: Conference Record of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM Press 178–190.Google Scholar
Cousot, P. and Cousot, R. (2004). An abstract interpretation-based framework for software watermarking. In: Conference Record of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM Press, New York, NY, USA 173–185.Google Scholar
Dalla Preda, M. and Giacobazzi, R. (2005). Semantic-based code obfuscation by abstract interpretation. In: Proceeding of the 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), Lecture Notes in Computer Science, vol. 3580, Springer-Verlag 1325–1336.Google Scholar
Dalla Preda, M. and Giacobazzi, R. (2009). Semantic-based code obfuscation by abstract interpretation. Journal of Computer Security 17 (6) 855908.Google Scholar
Dalla Preda, M., Giacobazzi, R. and Visentini, E. (2008). Hiding software watermarks in loop structures. In: Proceedings of the Static Analysis, 15th International Symposium, SAS 2008'; , Valencia, Spain, July 16–18, 2008, Lecture Notes in Computer Science, vol. 5079 174–188.Google Scholar
Dalla Preda, M. and Pasqua, M. (2016). Software watermarking: A semantics-based approach. In: Proceeding of the 6th Workshop on Numerical and Symbolic Abstract Domains (NSAD 2016), Edinburgh, Scotland, September 11, 2016 Elsevier – Electronic Notes in Theoretical Computer Science, 71–85. https://doi.org/10.1016/j.entcs.2017.02.005Google Scholar
Davidson, R.L. and Myhrvold, N. (1996). Method and system for generating and auditing a signature for a computer program. US Patent number 5,559,884.Google Scholar
Frontier-Economics (2016). The economic impacts of counterfeiting and piracy – report prepared for bascap and inta. online. Available at: https://iccwbo.org/publication/economic-impacts-counterfeiting-piracy-report-prepared-bascap-inta/.Google Scholar
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A. and Waters, B. (2013). Candidate indistinguishability obfuscation and functional encryption for all circuits. In: IACR Cryptology ePrint Archive, 451.Google Scholar
Giacobazzi, R. (2008). Hiding information in completeness holes – new perspectives in code obfuscation and watermarking. In: Proceedings of The 6th IEEE International Conferences on Software Engineering and Formal Methods (SEFM'08), IEEE Press. 7–20.Google Scholar
Giacobazzi, R. and Mastroeni, I. (2002). Compositionality in the puzzle of semantics. In: Proceedings of the 2002 ACM SIGPLAN Workshop on Partial Evaluation and Semantics-Based Program Manipulation (PEPM '02), Portland, Oregon, USA, January 14–15 87–97.Google Scholar
Giacobazzi, R. and Mastroeni, I. (2004). Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'04), ACM-Press 186–197.Google Scholar
Giacobazzi, R. and Mastroeni, I. (2008). Transforming abstract interpretations by abstract interpretation. In: Alpuente, M. (ed.), Proceedings of The 15th International Static Analysis Symposium, SAS'08, Lecture Notes in Computer Science; vol. 5079, Springer-Verlag, 1–17.Google Scholar
Giacobazzi, R. and Quintarelli, E. (2001). Incompleteness, counterexamples and refinements in abstract model-checking. In: Cousot, P. (ed.), Proceedings of the 8th Internat. Static Analysis Symposium (SAS'01), Lecture Notes in Computer Science, vol. 2126, Springer-Verlag, 356–373.Google Scholar
Giacobazzi, R., Ranzato, F. and Scozzari, F. (2000). Making abstract interpretation complete. Journal of the ACM 47 (2) 361416.Google Scholar
Mastroeni, I. (2005). Abstract Non-Interference - An Abstract Interpretation-based Approach to Secure Information Flow; PhD thesis; University of Verona – Dep. of Computer Science; Strada le Grazie 15, 37134, Verona (Italy).Google Scholar
Moskowitz, S.A. and Cooperman, M. (1996). Method for stega-cipher protection of computer code; US patent 5.745.569; Assignee: The Dice Company.Google Scholar
Nagra, J., Thomborson, C.D. and Collberg, C. (2002). A functional taxonomy for software watermarking. Australian Computer Science Communications 24 (1) 177186.Google Scholar
Venkatesan, R., Vazirani, V. and Sinha, S. (2001). A graph theoretic approach to software watermarking. In: Moskowitz, I. (ed.), Information Hiding, Lecture Notes in Computer Science, vol. 2137, Springer, Berlin/Heidelberg, 157168.Google Scholar