Developing software is expensive. This tempts some programmers to illegally include third-party software in their own programs. Researchers at Saarland University have developed a new method for detecting this kind of software theft. It analyzes the behavior of one program and looks for similarities in other programs.
Today, most software consists of independent components, which makes it easy to include parts of a software into another program. Yet, for a code owner such theft is difficult to prove in court. David Schuler, researcher at Saarland University, developed a tool called API BIRTHMARK that measures the degree of similarity between programs. A company that suspects code theft may use API BIRTHMARK to run both its own program and a foreign program. When this yields a high degree of similarity, code theft is likely and further investigations are warranted.
The novelty of Schuler's method is that it compares the behavior of programs rather than their code. A program's code can easily be obfuscated without destroying it. Such obfuscation tools are freely available on the internet. On the other hand, a program's behavior is difficult to change without breaking the program, just like a birthmark. David Schuler and his co-authors Valentin Dallmeier and Christian Lindig have shown that birthmarks from Java programs are immune against the best obfuscation tools available. A paper on the birthmarking technique has been accepted at the Automated Software Engineering (ASE 2007) conference which will be held in Atlanta, USA. This year, only 37 submissions out of 312 got accepted to ASE 2007.
David Schuler, Valentin Dallmeier, and Dr. Christian Lindig work as researchers at the Software Engineering Chair of Prof. Andreas Zeller at Saarland University, Germany. The group develops statistical approaches for program analysis and defect localization. Another topic is mining the evolution history of programs to predict and avoid software defects. Prof. Zeller was first to systematically analyze the bug databases of Microsoft to predict error-prone components - which are now tested even more thoroughly.
For additional informations, please call:
Prof. Dr. Andreas Zeller
Tel. +49 681 302-64011
Friederike Meyer zu Tittingdorf
Tel. +49 681 302-58099
http://www.st.cs.uni-sb.de/birthmarking/ - Birthmarking at Software Engineering Chair at Saarland University
http://www.cse.msu.edu/ase2007/ - Conference Automated Software Engineering 2007
http://www.st.cs.uni-sb.de/~lindig/papers/schuler-ase-2007.pdf - Preparing of A Dynamic Birthmark for Java
Criteria of this press release:
Information technology
transregional, national
Research results
English
You can combine search terms with and, or and/or not, e.g. Philo not logy.
You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).
Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.
You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).
If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).