Developing software is expensive. This tempts some programmers to illegally include third-party software in their own programs. Researchers at Saarland University have developed a new method for detecting this kind of software theft. It analyzes the behavior of one program and looks for similarities in other programs.
Today, most software consists of independent components, which makes it easy to include parts of a software into another program. Yet, for a code owner such theft is difficult to prove in court. David Schuler, researcher at Saarland University, developed a tool called API BIRTHMARK that measures the degree of similarity between programs. A company that suspects code theft may use API BIRTHMARK to run both its own program and a foreign program. When this yields a high degree of similarity, code theft is likely and further investigations are warranted.
The novelty of Schuler's method is that it compares the behavior of programs rather than their code. A program's code can easily be obfuscated without destroying it. Such obfuscation tools are freely available on the internet. On the other hand, a program's behavior is difficult to change without breaking the program, just like a birthmark. David Schuler and his co-authors Valentin Dallmeier and Christian Lindig have shown that birthmarks from Java programs are immune against the best obfuscation tools available. A paper on the birthmarking technique has been accepted at the Automated Software Engineering (ASE 2007) conference which will be held in Atlanta, USA. This year, only 37 submissions out of 312 got accepted to ASE 2007.
David Schuler, Valentin Dallmeier, and Dr. Christian Lindig work as researchers at the Software Engineering Chair of Prof. Andreas Zeller at Saarland University, Germany. The group develops statistical approaches for program analysis and defect localization. Another topic is mining the evolution history of programs to predict and avoid software defects. Prof. Zeller was first to systematically analyze the bug databases of Microsoft to predict error-prone components - which are now tested even more thoroughly.
For additional informations, please call:
Prof. Dr. Andreas Zeller
Tel. +49 681 302-64011
Friederike Meyer zu Tittingdorf
Tel. +49 681 302-58099
http://www.st.cs.uni-sb.de/birthmarking/ - Birthmarking at Software Engineering Chair at Saarland University
http://www.cse.msu.edu/ase2007/ - Conference Automated Software Engineering 2007
http://www.st.cs.uni-sb.de/~lindig/papers/schuler-ase-2007.pdf - Preparing of A Dynamic Birthmark for Java
Merkmale dieser Pressemitteilung:
Informationstechnik
überregional
Forschungsergebnisse
Englisch
Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.
Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).
Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.
Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).
Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).