Software watermarking involves embedding a unique identifier within a piece of software, to discourage software theft. Watermarking does not prevent theft but instead discourages software thieves by providing a means to identify the owner of a piece of software and/or the origin of the stolen software. The hidden watermark can be extracted, at a later date, by the use of a recogniser to prove ownership of stolen software.
My previous post gave an overview of the graph visualisation techniques I've been using recently. Here's a more in-depth look at a program watermarked with the dynamic graph watermarking algorithm (as implemented in Sandmark). Is it stealthy? The short answer is 'no'. Here's why...
I've recently been working on visualising program slices using graphs.
Software watermarking is a software protection technique based on the insertion of copyright notices or unique identifiers into a program to prove ownership. The basic idea is that if a copyright owner finds a copy of their software (e.g. online) they would be able to prove, in a court of law, that they own that software. Alternatively, a software fingerprint - where the watermark is a unique customer ID for every copy of the program - would allow a software owner to trace the person who copied the software.
Graph watermarking techniques encode a watermark in a graph structure which is embedded in a program either statically, or dynamically. Static watermarks can be encoded in a control flow graph while dynamic graphs are encoded in a data structure built at runtime. Like other static watermarking algorithms, static graph watermarking is susceptible to semantics-preserving transformation attacks. Collberg and Thomborson proposed the first dynamic graph based watermarking scheme, CT, to overcome problems with static watermarking schemes.
The stealthiness of watermarked code is the degree to which the watermarked code can be distinguished from the unwatermarked code. Stealh is an important concept in watermark because if a watermark is unstealthy an attacker could find the watermark. If an attacker can find a watermark it will be easier for them to remove it. The attacker may still have to spend some time figuring out how to remove the watermark but it makes the task easier.
Software watermarking by providing a means to identify the owner of a piece of software and/or the origin of the stolen software. The hidden watermark can be recognised or extracted, at a later date, by the use of a recogniser or extractor to prove ownership of stolen software. It is also possible to embed a unique customer identifier in each copy of the software distributed which allows the software company to identify the individual that pirated the software - this is known as fingerprinting. A software watermark should allow an author to prove ownership of a piece of copied software but how can the author demonstrate extraction of a watermark to a judge in a court of law?
There are two general types of software watermarking: static and dynamic. The latter stores the watermark in the execution or a data structure of a program. Execution path watermarking encodes the watermark in the sequence of branches taken during execution. A version of this algorithm has been implemented in Sandmark. How effective is execution path watermarking? Is it better than static watermarks, which are highly susceptible to semantics-preserving transformation attacks?
Software theft, also known as software piracy, is the act of copying a legitimate application and illegally distributing that software, either free or for profit. The global revenue loss due to software piracy was estimated to be more than $50 billion in 2009. Watermarks can be classified as either static or dynamic. Static watermarks are embedded in the code and/or data of a computer program, whereas dynamic watermarking techniques store a watermark in a program's execution state. In this paper, we present a brief survey of the proposed static watermarking techniques, including a brief explanation of each technique concluding with directions for future work.
We examine the currently proposed static and dynamic graph watermarking schemes. Graph based watermarking schemes, like other watermarking schemes, can be divided into two groups: static and dynamic. Static graph watermarks are embedding in a control-flow graph within a program whereas dynamic graph watermarks are embedding in a graph data-structure built at run-time. We report previous findings, describe some recent additions and conclude by suggesting a direction for future work.