论文信息 - Specifying API Trace Birthmark by Abstract Interpretation

Specifying API Trace Birthmark by Abstract Interpretation

API trace birthmark is a major class of software birthmarks, where API sequences are defined as software birthmarks to detect software theft. Currently, many birthmarks of this class have been proposed, but the evaluation of these birthmarks is mainly done through experiments and there is no theoretical framework, which makes it difficult to formally analyze and certify the effectiveness of the birthmarks. To solve this problem, an abstract interpretation-based method for specifying API trace birthmark is proposed in this paper. First, API trace birthmark is characterized as a semantic program property by abstract interpretation. Then, the credibility of API trace birthmark with respect to a specific criterion for copy relation is formally analyzed. Finally, the resilience of API trace birthmark is discussed and it is proved that API trace birthmark is resilient to a commonly used program transformation.

Ying Zeng | Fenlin Liu | Jian Chen | Bin Yan

[1] Christian S. Collberg,et al. Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[2] Patrick Cousot,et al. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3] Akito Monden,et al. Design and evaluation of birthmarks for detecting theft of java programs , 2004, IASTED Conf. on Software Engineering.

[4] David Schuler,et al. A dynamic birthmark for java , 2007, ASE.

[5] Hyun-il Lim,et al. A static API birthmark for Windows binary executables , 2009, J. Syst. Softw..

[6] Hyun-il Lim,et al. Detecting Java Theft Based on Static API Trace Birthmark , 2008, IWSEC.

[7] Patrick Cousot,et al. Systematic design of program transformation frameworks by abstract interpretation , 2002, POPL '02.

[8] Akito Monden,et al. Java Birthmarks - Detecting the Software Theft - , 2005, IEICE Trans. Inf. Syst..