research-article

Watermarking, tamper-proffing, and obfuscation: tools for software protection

Authors:

Christian S. Collberg,

Clark ThomborsonAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 28, Issue 8

Pages 735 - 746

https://doi.org/10.1109/TSE.2002.1027797

Published: 01 August 2002 Publication History

Publisher Site

Abstract

We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamper-proofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.

References

[1]

{1} 4C Entity, "Content Protection System Architecture," revision 0.81, available http://www.4centity.com/data/tech/cpsa/ cpsa081.pdf, Aug. 2001.]]

Google Scholar

[2]

{2} M. Abadi and J. Feigenbaum, "Secure Circuit Evaluation: A Protocol Based on Hiding Information from an Oracle," J. Cryptology, vol. 2, no. 1, pp. 1-12, 1990.]]

Digital Library

Google Scholar

[3]

{3} R.J. Anderson and F.A.P. Peticolas, "On the Limits of Steganography," IEEE J. Selected Areas Comm., vol. 16, no. 4, May 1998.]]

Digital Library

Google Scholar

[4]

{4} Atari Games Corp. and Tengen, Inc. v. Nintendo of America Inc. and Nintendo Co., Ltd., United States Court of Appeals for the Federal Circuit, Sept. 1992.]]

Google Scholar

[5]

{5} D. Aucsmith, "Tamper Resistant Software: An Implementation," Information Hiding, First Int'l Workshop, R.J. Anderson, ed., pp. 317-333, May 1996.]]

Crossref

Google Scholar

[6]

{6} D. Aucsmith and G. Graunke, "Tamper Resistant Methods and Apparatus," US patent 5,892,899, Assignee: Intel Corporation, 1999.]]

Google Scholar

[7]

{7} B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, "On the (Im)possibility of Obfuscating Programs (Extended Abstract)," Advances in Cryptology--CRYPTO 2001, J. Kilian, ed., 2001.]]

Crossref

Google Scholar

[8]

{8} A. Beimel, M. Burmester, Y. Desmedt, and E. Kushilevitz, "Computing Functions of a Shared Secret," SIAM J. Discrete Math., vol. 13, no. 3, pp. 324-345, 2000.]]

Digital Library

Google Scholar

[9]

{9} W. Bender, D. Gruhl, N. Morimoto, and A. Lu, "Techniques for Data Hiding," IBM Systems J., vol. 35, nos. 3 & 4, pp. 313-336, 1996.]]

Digital Library

Google Scholar

[10]

{10} P. Bieber, J. Cazin, P. Girard, J.L. Lanet, V. Wiels, and G. Zanon, "Checking Secure Interactions of Smart Card Applets," Proc. Sixth European Symp. Research in Computer Security (ESORICS), 2000.]]

Crossref

Google Scholar

[11]

{11} M. Bishop, "An Overview of Computer Viruses in a Research Environment," technical report, Dept. of Math. and Computer Science, Dartmouth College, 1992.]]

Crossref

Google Scholar

[12]

{12} M. Blum, "Program Result Checking: A New Approach to Making Programs More Reliable," Proc. 20th Int'l Colloquium Automata, Languages, and Programming, S. Carlsson, A. Lingas, and R.G. Karlsson, eds., pp. 1-14, July 1993.]]

Crossref

Google Scholar

[13]

{13} M. Blum and S. Kannan, "Designing Programs that Check Their Work," J. ACM, vol. 42, no. 1, pp. 269-291, Jan. 1995.]]

Digital Library

Google Scholar

[14]

{14} D Boneh and M.K. Franklin," An Efficient Public Key Traitor Tracing Scheme," Advances in Cryptology--Crypto '99, pp. 338-353, 1999.]]

Crossref

Google Scholar

[15]

{15} T.A. Budd, "Protecting and Managing Electronic Content with a Digital Battery," Computer, vol. 34, no. 8, pp. 2-8, Aug. 2001.]]

Digital Library

Google Scholar

[16]

{16} L.K. Chen, "Computer Software Protection against Piracy in Taiwan," J. Asian Law, vol. 8, no. 1, 1994, http://www.columbia. edu/cu/asiaweb/v8n1chen.htm.]]

Google Scholar

[17]

{17} D.M. Chess, "Security Issues in Mobile Code Systems," Mobile Agents and Security, pp. 1-8, 1998.]]

Crossref

Google Scholar

[18]

{18} F. Cohen, "Computer Viruses--Theory and Experiments," IFIP-TC11, Computers and Security, pp. 22-35, 1987.]]

Digital Library

Google Scholar

[19]

{19} F. Cohen, "Current Trends in Computer Viruses," Proc. Int'l Symp. Information Security, 1991.]]

Google Scholar

[20]

{20} F.B. Cohen, Operating System Protection through Program Evolution. http://all.net/books/IP/evolve.html, 1992.]]

Google Scholar

[21]

{21} C. Collberg, "The Obfuscation and Software Watermarking Home Page," http://www.cs.arizona.edu/collberg/Research/Obfuscation/index.html, 1999.]]

Google Scholar

[22]

{22} C. Collberg and C. Thomborson, "Software Watermarking: Models and Dynamic Embeddings," Principles of Programming Languages (POPL '99), Jan. 1999, http://www.cs.auckland.ac.nz/ collberg/Research/nz/~collberg/Research/Publications/CollbergThomborson99a/index.html.]]

Crossref

Google Scholar

[23]

{23} C. Collberg, C. Thomborson, and D. Low, "A Taxonomy of Obfuscating Transformations," Technical Report 148, Dept. of Computer Science, Univ. of Auckland, July 1997, http:// www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow97a.]]

Google Scholar

[24]

{24} C. Collberg, C. Thomborson, and D. Low, "Breaking Abstractions and Unstructuring Data Structures," Proc. IEEE Int'l Conf. Computer Languages (ICCL '98), May 1998, http://www.cs.auckland.ac.nz/collberg/Research/Publications/CollbergThomborsonLow98b/.]]

Digital Library

Google Scholar

[25]

{25} C. Collberg, C. Thomborson, and D. Low, "Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs," Proc. Symp. Principles of Programming Languages (POPL '98), Jan. 1998. http:// www.cs.auckland.ac.nz/collberg/Research/Publications/CollbergThomborsonLow98a/.]]

Crossref

Google Scholar

[26]

{26} Compaq, "FreePort Express," http://www.support.compaq.com/ amt/freeport/.]]

Google Scholar

[27]

{27} Convera, "Software Integrity System," http://convera.com/.]]

Google Scholar

[28]

{28} R.L. Davidson and N. Myhrvold, "Method and System for Generating and Auditing a Signature for a Computer Program," US Patent 5,559,884, Assignee: Microsoft Corporation, Sept. 1996.]]

Google Scholar

[29]

{29} A. Deutsch, "Interprocedural May-Alias Analysis for Pointers: Beyond k-Limiting," Proc. SIGPLAN Conf. Programming Language Design and Implementation (PLDI '94), pp. 230-241, June 1994.]]

Crossref

Google Scholar

[30]

{30} F. Ergün, S. Kannan, S.R. Kumar, R. Rubinfeld, and M. Vishwanathan, "Spot-Checkers," Proc. 30th Ann. ACM Symp. Theory of Computing (STOC '98), pp. 259-268, May 1998.]]

Crossref

Google Scholar

[31]

{31} Ernie, "Disk Copy Protection," Mar. 1997, Usenet:comp.misc, http: //groups.google.com/groups?selm=33256CC1.7EE040mitre.org.]]

Google Scholar

[32]

{32} O. Goldreich and R. Ostrovsky, "Software Protection and Simulation on Oblivious RAMs," J. ACM, vol. 43, no. 3, pp. 431-473, 1996.]]

Digital Library

Google Scholar

[33]

{33} R.D. Gopal and G.L. Sanders, "Global Software Piracy: You Can't Get Blood Out of Turnip," Comm. ACM, vol. 43, no. 9, pp. 83-89, Sept. 2000.]]

Digital Library

Google Scholar

[34]

{34} J.R. Gosler, "Software Protection: Myth or Reality? CRYPTO'85--Advances in Cryptology, pp. 140-157, Aug. 1985.]]

Crossref

Google Scholar

[35]

{35} D. Grover, "Program Identification," The Protection of Computer Software: Its Technology and Applications, The British Computer Soc. Monographs in Informatics, Cambridge Univ. Press, second ed., 1992.]]

Crossref

Google Scholar

[36]

{36} S. Hada, "Zero-Knowledge and Code Obfuscation," AsiaCrypt 2000, pp. 443-457, 2000, http://link.springer.de/link/service/ series/0558/papers/1976/19760443.pdf.]]

Crossref

Google Scholar

[37]

{37} A. Herzberg and S.S. Pinter, "Public Protection of Software," ACM Trans. Computer Systems, vol. 5, no. 4, pp. 371-393, Nov. 1987.]]

Digital Library

Google Scholar

[38]

{38} F. Hohl, "Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts," Mobile Agents and Security, pp. 92-113, vol. 1419, Lecture Notes in Computer Science, Springer-Verlag, 1998.]]

Crossref

Google Scholar

[39]

{39} F. Hohl, "A Framework to Protect Mobile Agents by Using Reference States," Proc. 20th Int'l Conf. Distributed Computing Systems, pp. 410-417, 2000.]]

Crossref

Google Scholar

[40]

{40} K. Holmes, "Computer Software Protection," US Patent 5,287,407, Assignee: International Business Machines, Feb. 1994.]]

Google Scholar

[41]

{41} S. Horwitz, "Precise Flow-Insensitive May-Alias Analysis is NP-Hard," TOPLAS, vol. 19, no. 1, pp. 1-6, Jan. 1997.]]

Digital Library

Google Scholar

[42]

{42} J.D. Howard, "An Analysis of Security Incidents on the Internet, 1989-1995," PhD thesis, Dept. of Eng. and Public Policy, Carnegie-Mellon Univ., Apr. 1997.]]

Crossref

Google Scholar

[43]

{43} IBM, "Cryptolopes," http://www.ibm.com/software/security/ cryptolope/.]]

Google Scholar

[44]

{44} InterTrust, "Digital Rights Management," http://www.intertrust. com/de/index.html.]]

Google Scholar

[45]

{45} N.F. Johnson and S. Jajodia, "Computing Practices: Exploring Steganography: Seeing the Unseen," Computer, vol. 31, no. 2, pp. 26-34, Feb. 1998, http://www.isse.gmu.edu/njohnson/pub/ r2026.pdf.]]

Digital Library

Google Scholar

[46]

{46} A.B. Kahng, J. Lach, W.H. Mangione-Smith, S. Mantik, I.L. Markov, M. Potkonjak, P. Tucker, H. Wang, and G. Wolfe, "Watermarking Techniques for Intellectual Property Protection," Proc. 35th ACM/ IEEE DAC Design Automation Conf. (DAC '98), pp. 776-781, June 1999, http://www.cs.ucla.edu/gangqu/ipp/c79.ps.gz.]]

Crossref

Google Scholar

[47]

Google Scholar

[48]

{48} C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi, "A Taxonomy of Computer Program Security Flaws," ACM Computing Surveys, vol. 26, no. 3, pp. 211-254, Sept. 1994.]]

Digital Library

Google Scholar

[49]

{49} D. Libes, Obfuscated C and Other Mysteries. Wiley, 1993.]]

Crossref

Google Scholar

[50]

{50} D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," Architectural Support for Programming Languages and Operating Systems, pp. 168-177, Nov. 2000.]]

Crossref

Google Scholar

[51]

{51} M. Limayem, M. Khalifa, and W.W. Chin, "Factors Motivating Software Piracy: A Longitudinal Study," Proc. 20th Int'l Conf. Information Systems, pp. 124-131, 1999.]]

Crossref

Google Scholar

[52]

{52} U. Lindqvist and E. Jonsson, "How to Systematically Classify Computer Security Intrusions," Proc. 1997 IEEE Symp. Security and Privacy, pp. 154-163, 1997, http://www.ce.chalmers.se/staff/ ulfl/pubs/sp97.]]

Crossref

Google Scholar

[53]

{53} S. Lucco, R. Wahbe, and O. Sharp, "Omniware: A Universal Substrate for Web Programming," Proc. WWW4, 1995.]]

Google Scholar

[54]

{54} S. Macrakis, "Protecting Source Code with ANDF," ftp:// riftp.osf.org/pub/andf/andf_coll_papers/ProtectingSourceCode.ps, Jan. 1993.]]

Google Scholar

[55]

{55} Apple's QuickTime lawsuit, http://www.macworld.com/pages/ june.95/News.848.html and may.95/News.705.html, May-June 1995.]]

Google Scholar

[56]

{56} Y. Malhotra, "Controlling Copyright Infringements of Intellectual Property: The Case of Computer Software," J. Systems Management, part 1, vol. 45, no. 6, pp. 32-35, June 1994, part 2: no. 7, pp. 12-17, July 1994.]]

Google Scholar

[57]

{57} J. Martin, "Pursuing Pirates (Unauthorized Software Copying)," Datamation, vol. 35, no. 15, pp. 41-42, Aug. 1989.]]

Google Scholar

[58]

{58} T. Maude and D. Maude, "Hardware Protection against Software Piracy," Comm. ACM, vol. 27, no. 9, pp. 950-959, Sept. 1984.]]

Digital Library

Google Scholar

[59]

{59} R. Mori and M. Kawahara, "Superdistribution: The Concept and the Architecture," Technical Report 7, Inst. of Information Sci. & Electron, Tsukuba Univ., Japan, July 1990, http://www.site.gmu. edu/bcox/ElectronicFrontier/MoriSuperdist.html.]]

Google Scholar

[60]

{60} S.A. Moskowitz and M. Cooperman, "Method for Stega-Cipher Protection of Computer Code," US Patent 5,745,569, Assignee: The Dice Company, Jan. 1996.]]

Google Scholar

[61]

{61} D. Naccache, A. Shamir, and J.P. Stern, "How to Copyright a Function?" Public Key Encryption '99, Hideki Imai, ed., Lecture Notes in Computer Science, Springer-Verlag, 1999.]]

Crossref

Google Scholar

[62]

{62} D. Nagy-Farkas, "The Easter Egg Archive," http://www.eeggs. com/lr.html, 1998.]]

Google Scholar

[63]

Google Scholar

[64]

{64} P.G. Neumann, Computer-Related Risks. ACM Press, 1995.]]

Crossref

Google Scholar

[65]

{65} L.C. Noll, S. Cooper, P. Seebach, and L.A. Broukhis, "The International Obfuscated C Code Contest," http://www.ioccc. org/index.html, 2000.]]

Google Scholar

[66]

{66} F.A.P. Peticolas, R.J. Anderson, and M.G. Kuhn, "Attacks on Copyright Marking Systems," Proc. Second Workshop Information Hiding, Apr. 1998.]]

Crossref

Google Scholar

[67]

{67} International Planning and Research Corporation, "Sixth Annual BSA Global Software Piracy Study," http://www.bsa.org/resources/2001-O5-21.55.pdf, 2001.]]

Google Scholar

[68]

{68} T.A. Proebsting and S.A. Watterson, "Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?)," Proc. Third USENIX Conf. Object-Oriented Technologies and Systems (COOTS), June 1997.]]

Crossref

Google Scholar

[69]

{69} G. Qu and M. Potkonjak, "Analysis of Watermarking Techniques for Graph Coloring Problem," Proc. IEEE/ACM Int'l Conf. Computer Aided Design, pp. 190-193, Nov. 1998, http://www.cs.ucla.edu/ gangqu/publication/gc. ps.gz.]]

Crossref

Google Scholar

[70]

{70} G. Ramalingam, "The Undecidability of Aliasing," ACM Trans. Programming Languages and Systems, vol. 16, no. 5, pp. 1467-1471, Sept. 1994.]]

Digital Library

Google Scholar

[71]

{71} R. Rivest, "The MD5 Message-Digest Algorithm," The Internet Eng. Task Force RFC 1321, http://www.ietf.org/rfc/rfc1321.txt, 1992.]]

Crossref

Google Scholar

[72]

{72} H. Rosner, "Steal this Software," The.Standard.com, June 2000. http://www.thestandard.com/article/article_print/ 1,1153,16039,00.html.]]

Google Scholar

[73]

{73} R. Rubinfeld, "Batch Checking with Applications to Linear Functions," Information Processing Letters, vol. 42, no. 2, pp. 77-80, May 1992.]]

Digital Library

Google Scholar

[74]

{74} R. Rubinfeld, "Designing Checkers for Programs that Run in Parallel," Algorithmica, vol. 15, no. 4, pp. 287-301, Apr. 1996.]]

Digital Library

Google Scholar

[75]

{75} P.R. Samson, "Apparatus and Method for Serializing and Validating Copies of Computer Software," US Patent 5,287,408, Assignee: Autodesk, Inc., Feb. 1994.]]

Google Scholar

[76]

{76} P. Samuelson, "Reverse-Engineering Someone Else's Software: Is It Legal?" IEEE Software, pp. 90-96, Jan. 1990.]]

Digital Library

Google Scholar

[77]

{77} T. Sander and C.F. Tschudin, "Protecting Mobile Agents against Malicious Hosts," Mobile Agents and Security, 1998.]]

Crossref

Google Scholar

[78]

{78} Sega Enterprises Ltd. v. Accolade, Inc., United States Court of Appeals for the Ninth Circuit, July 1992.]]

Google Scholar

[79]

{79} S.S. Simmel and I. Godard, "Metering and Licensing of Resources--Kala's General Purpose Approach," Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, pp. 81-110, Jan. 1994.]]

Google Scholar

[80]

{80} E.H. Spafford, "Computer Viruses as Artificial Life," Artificial Life, vol. 1, no. 3, pp. 249-265, 1994.]]

Crossref

Google Scholar

[81]

{81} R. Stallman, "Why Software Should not Have Owners," http:// www.gnu.org/philosophy/why-free.html, 1994.]]

Google Scholar

[82]

{82} M. Swanson and B. Guttman, "Generally Accepted Principles and Practices for Securing Information Technology Systems," technical report, Nat'l Inst. Standards and Technology, Dept. of Commerce, US Government, Sept. 1996, http://www.auerbach-publications.com/white-papers/nist-security-guidelines.pdf.]]

Google Scholar

[83]

{83} Locksmith Tools, "Advanced DetaiIed Description of Dinkey Dongle for Software Protection, Software Security, and License Management," Copyright 1988-1999, http://www.locksmithshop. com/lsdddetail.htm.]]

Google Scholar

[84]

{84} A. Torrubia and F.J. More, "Information Security in Multiprocessor Systems Based on the x86 Architecture," Computers and Security, vol. 19, no. 6. pp. 559-563, Oct. 2000.]]

Digital Library

Google Scholar

[85]

{85} R.E. Vaughn, "Defining Terms in the Intellectual Property Protection Debate: Are the North and South Arguing Past Each Other When We Say 'Property'? A Lockean, Confucian, and Islamic Comparison," ILSA J. Comparative and Int'l Law, vol. 2, no. 2. p. 308. Winter 1996, http://www.nsulaw.nova.edu/ student/organizations/ILSAJournal/2-2/Vaughan202-2.htm.]]

Google Scholar

[86]

{86} R. Venkatesan, V. Vazirani, and S. Sinha, "A Graph Theoretic Approach to Software Watermarking," Proc. Fourth Int'l Information Hiding Workshop, Apr. 2001.]]

Crossref

Google Scholar

[87]

{87} Vermont Microsystems Inc. v. AutoDesk Inc., United States Court of Appeals for the Second Circuit, Jan. 1996.]]

Google Scholar

[88]

{88} G. Vigna, "Introduction," Mobile Agents and Security, pp. xi-xii, 1998.]]

Google Scholar

[89]

{89} H.P. Van Vliet, "Mocha--The Java Decompiler," http://web. inter.nl.net/users/H.P.van.Vliet/mocha.html, Jan. 1996.]]

Google Scholar

[90]

{90} R. Wahbe and S. Lucco, "Methods for Safe and Efficient Implementation of Virtual Machines," US Patent 5,761,477, Assignee: Microsoft Corporation, 1999.]]

Google Scholar

[91]

{91} R. Wahbe, S. Lucco, T. Anderson, and S. Graham, "Efficient Software-Based Fault Isolation," Proc. Symp. System Principles (SOSP '93), pp. 203-216, 1993.]]

Crossref

Google Scholar

[92]

{92} C. Wang, "A Security Architecture for Survivability Mechanisms," PhD thesis, Univ. of Virginia, School of Eng. and Applied Science, Oct. 2000, www.cs.virginia.edu/survive/pub/wangthesis.pdf.]]

Crossref

Google Scholar

[93]

{93} C. Wang, J. Hill, J. Knight, and J. Davidson, "Software Tamper Resistance: Obstructing Static Analysis of Programs," Technical Report CS-2000-12, Univ. of Virginia, Dec. 2000.]]

Digital Library

Google Scholar

[94]

{94} J. Wang, "Average-Case Complexity Forum," http://www.uncg.edu/mat/acc-forum, 1999.]]

Google Scholar

[95]

{95} H. Wasserman and M. Blum, "Software Reliability via Run-Time Result-Checking," J. ACM, vol. 44, no. 6, pp. 826-849, Nov. 1997.]]

Digital Library

Google Scholar

[96]

{96} S.P. Weisband and S.E. Goodman, "Int'l Software Piracy," Computer, vol. 92, no. 11, pp. 87-90, Nov. 1992.]]

Crossref

Google Scholar

[97]

Google Scholar

[98]

{98} Xerox, "ContentGuard," http://www.contentguard.com.]]

Google Scholar

Cited By

View all

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/370231457:4(1-41)Online publication date: 2-Nov-2024
https://dl.acm.org/doi/10.1145/3702314
Fedorov NTamada HInayoshi HMonden A(2024)Comparison of Similarity Functions for n-gram Software BirthmarksProceedings of the 2024 The 6th World Symposium on Software Engineering (WSSE)10.1145/3698062.3698087(169-176)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3698062.3698087
Pizzolotto DBerlato SCeccato M(2024)Mitigating Debugger-based Attacks to Java Applications with Self-debuggingACM Transactions on Software Engineering and Methodology10.1145/363197133:4(1-38)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3631971
Show More Cited By

Index Terms

Watermarking, tamper-proffing, and obfuscation: tools for software protection

Recommendations

An abstract interpretation-based framework for software watermarking
POPL '04

Software watermarking consists in the intentional embedding of indelible stegosignatures or watermarks into the subject software and extraction of the stegosignatures embedded in the stegoprograms for purposes such as intellectual property protection. ...
A Semi-Fragile Watermarking Scheme Using Weighted Vote with Sieve and Emphasis for Image Authentication

This paper describes a semi-fragile watermarking scheme for image authentication and tamper-proofing. Each watermark bit is duplicated and randomly embedded in the original image in the discrete wavelet domain by modifying the corresponding image ...
An abstract interpretation-based framework for software watermarking
POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Software watermarking consists in the intentional embedding of indelible stegosignatures or watermarks into the subject software and extraction of the stegosignatures embedded in the stegoprograms for purposes such as intellectual property protection. ...

Reviews

Reviewer: Jonathan K. Millen

Software piracy, reverse engineering, and tampering are the problems; watermarking, obfuscation, and tamper-proofing are the answers. Protecting software running in a malicious computer is the objective. This is a survey, with 98 references. Some of them are merely mentioned, like the impossibility-of-obfuscation result in the 2001 Crypto conference, but their presence is a good sign. About a dozen techniques are described in a paragraph or two each, with varying degrees of clarity and completeness. The authors' work on pointer aliasing obfuscation and dynamic graph watermarking is included. Droll stick figure illustrations enliven the definitions; data and flow diagrams are used to illustrate the techniques. The taxonomy is informal, and it is empirical rather than theoretical. The goals of the attacks are not precisely defined, and the countermeasures are not complete solutions. There are some connections that could have been drawn that weren't. For example, code obfuscation is listed as a countermeasure for reverse engineering, but it works for tamper-proofing as well. Still, given the modest length of the paper, it provides useful insights into the subject. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 28, Issue 8

August 2002

95 pages

ISSN:0098-5589

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 August 2002

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

169
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/370231457:4(1-41)Online publication date: 2-Nov-2024
https://dl.acm.org/doi/10.1145/3702314
Fedorov NTamada HInayoshi HMonden A(2024)Comparison of Similarity Functions for n-gram Software BirthmarksProceedings of the 2024 The 6th World Symposium on Software Engineering (WSSE)10.1145/3698062.3698087(169-176)Online publication date: 13-Sep-2024
https://dl.acm.org/doi/10.1145/3698062.3698087
Pizzolotto DBerlato SCeccato M(2024)Mitigating Debugger-based Attacks to Java Applications with Self-debuggingACM Transactions on Software Engineering and Methodology10.1145/363197133:4(1-38)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3631971
Siddiqui SKhan T(2024)An Overview of Techniques for Obfuscated Android Malware DetectionSN Computer Science10.1007/s42979-024-02637-35:4Online publication date: 16-Mar-2024
https://dl.acm.org/doi/10.1007/s42979-024-02637-3
Zhao DYu ZZhou JXiang J(2024)A Privacy-Preserving Source Code Vulnerability Detection MethodPattern Recognition and Computer Vision10.1007/978-981-97-8502-5_31(438-452)Online publication date: 18-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-97-8502-5_31
Engel DVerbeek FRavindran B(2024)On the Decidability of Disassembling BinariesTheoretical Aspects of Software Engineering10.1007/978-3-031-64626-3_8(127-145)Online publication date: 29-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64626-3_8
Ladisa PSahin MPonta SRosa MMartinez MBarais OTorres-Arias SMelara MSimon LVasilakis NMoriarty K(2023)The Hitchhiker's Guide to Malicious Third-Party DependenciesProceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3605770.3625212(65-74)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3605770.3625212
Hristov Tİşler DLaoutaris NErkin Z(2023)Graph Database Watermarking Using Pseudo-NodesProceedings of the Second ACM Data Economy Workshop10.1145/3600046.3600049(14-20)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1145/3600046.3600049
Zhou MGao XWu JGrundy JChen XChen CLi LJust RFraser G(2023)ModelObfuscator: Obfuscating Model Information to Protect Deployed ML-Based SystemsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598113(1005-1017)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598113
Borisov PKosolapov Y(2022)On the Characteristics of Symbolic Execution in the Problem of Assessing the Quality of Obfuscating TransformationsAutomatic Control and Computer Sciences10.3103/S014641162207001X56:7(595-605)Online publication date: 1-Dec-2022
https://dl.acm.org/doi/10.3103/S014641162207001X
Show More Cited By

Abstract

References

Cited By

Index Terms

Recommendations

An abstract interpretation-based framework for software watermarking

A Semi-Fragile Watermarking Scheme Using Weighted Vote with Sieve and Emphasis for Image Authentication

An abstract interpretation-based framework for software watermarking

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations