software birthmark for detecting theft of javascript programs
TRANSCRIPT
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Software Birthmark for Detecting Theft ofJavaScript Programs
Patel Swati Jitendrakumar
Guided byProf. T. M. Pattewar
ME CE2012-2013
Seminar-II Presentation
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 1
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Outline of Topics
1 Introduction
2 Literature Survey
3 Methodology
4 Conclusions and Future work
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 2
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction
Software TheftIt is an unauthorized copy and use of computer software.57 % Computer Users admit that they use piratedsoftware.
JavaScript programs and their theftIt is an interpreted computer programming language.
Techniques of avoiding Software Theft• Software Watermarking :
An extra code known as watermark is included as a partof a program to prove the ownership of the program.
• Code Obfuscation :code obfuscation is the application of transformations tothe code, which changes the physical appearance of thecode, while preserving the black-box specifications of theprogram.
Content of this slide cited from [?] [?] [?] [?] [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 3
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction contd...
Software BirthmarkA birthmark is a unique characteristic a program possessesthat can be used to identify the program.
To detect software theft,1 The birthmark of the program under protection (the
plaintiff program) extracted.2 The suspected program is searched against the birthmark.3 If the birthmark of plaintiff program is found in the code of
suspected one, then it can be claimed as the suspectedprogram or part of it is a copy of the plaintiff program.
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 4
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction contd...
Taxonomy of Software BirthmarkStatic Birthmark - extracted from the syntactic structureof a program.
Let p, q be two components of a program or program itself.Let f be method for extracting the set of characteristicsfrom a program. Then f(p) is a static birthmark of p if:1. f(p) is obtainable from p itself.
2. q is copy of p ⇒ f(p) = f(q).
Content of this slide cited from [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 5
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction contd...
Taxonomy of Software Birthmark contd...Dynamic Birthmark - extracted from the dynamicbehavior of a program at run-time.
Let p,q be two components of a program or program itself.Let I be the input to p and q. Let f(p,I) the set ofcharacteristics extracted from a program p with input I.Then f(p,I) is a dynamic birthmark of p if:1. f(p,I) is obtainable from p itself when executing p with
input I.
2. q is copy of p ⇒ f(p,I) = f(q,I).
Content of this slide cited from [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 6
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction contd...
Heap Graph based Birthmark
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 7
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Introduction contd...
The Threat Model
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 8
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Related Work
Year Author Work2004 Myles et al. Whole program path birthmarks [?]2007 Tamada et al. API calls based Birthmarks [?]2007 Schuler et al. Birthmark for java [?]2011 Chan et al. Birthmark on the runtime heap [?]2011 Chan et al. Birthmark on heap memory analysis [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 9
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview
Figure: System Overview
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 10
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview contd...
The JavaScript heap profiler:runs a JavaScript program and takes multipleheap snapshots in the course of its execution.
Figure: Heap profile of GMail initialization phase
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 11
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview contd...
The graph generator and filter:traverses the objects in the heap snapshots and builds heapgraphs out of them. It also filters out objects.
• Objects in the V8 JavaScript heap are:INTERNAL, ARRAY, STRING, OBJECT, CODE,CLOSURE
• References between objects in the V8 JavaScript heapare:CONTEXT VARIABLE, ELEMENT, PROPERTY,INTERNAL
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 12
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview contd...
The graph merger:merges the filtered heap graphs to form one single graph.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 13
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview contd...
The subgraph selector:selects a subgraph from the heap graph to form thebirthmark of the plaintiff program. This step is not neededfor the suspected program.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 14
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
System Overview contd...
The detector:searches for the birthmark of the plaintiff program in theheap graph of the suspected program.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 15
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Conclusions and Future work
Software Birthmark system finds similarities between twosimilarly functioning applications and distinguish distinctapplications.This system is reliable and scalable also it can resist toreference injection attack.Future work can be aimed for two major factors1. Improved Graph Selector2. Fast Detector
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 16
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
“Ninth annual BSA global software 2011 piracy study,” 5 2012, [accessed on April 14,2013]. [Online].
Available: http://globalstudy.bsa.org/2011/
“Software theft,” [accessed on April 14,2013]. [Online]. Available:
http://www.javvin.com/softwareglossary/SoftwareTheft.html
“Software piracy,” [accessed on April 14,2013]. [Online]. Available:
http://www.fastiis.org/our services/enforcement/software theft/
C. Collberg and C. Thomborson, “Software watermarking:models and dynamic embeddings,”
Department of Computer Science, University of Auckland, Private Bag 92091, Auckland, NewZealand, Tech. Rep., 2003.
H. I. A. Monden and K. Torii, “Watermarking java programs,” in International Symposium of Future
Software Technology, Nanjing, China, 1999.
C. T. C. Collberg and D. Low, “A taxonomy of obfuscating transformations,” University of Auckland,
Auckland, New Zealand, Tech. Rep. 148, 2003.
E. C. C. Collberg and M. Stepp, “Dynamic path-based software watermarking,” in Programming
Language Design and Implementation (PLDI 04), ACM, Ed., New York, 2004, pp. 107–118.
H. Tamada and A. Monden, “Design and evaluation of birthmarks for detecting theft of java
programs,” in IASTED International Conference of Software Engineering, 2004, pp. 569–575.
G. Myles and C. Collberg, “K-gram based software birthmarks,” in Symposium on Application
Computing (SAC 05), ACM, Ed., 2005, pp. 314–318.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 16
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
S. P.Chan, L.Hui, “Heap graph based software theft detection,” IEEE Transaction On Information
Forensics and Security, vol. 8, pp. 101–110, January 2013.
G.Myles and C. Collberg, “Detecting software theft via whole program path birthmarks,” in Inf.
Security 7th Int. Conf. (ISC 2004), Palo Alto,CA, September 2004, pp. 404–414.
K. H.Tamada and K.Matsumoto, “Design and evaluation of dynamic software birthmarks based on
API calls,” Graduate School of Information Science, Nara Institute of Science and Technology,8916-5 Takayama-cho, Ikoma-shi, Nara, 6300101 Japan, Technical Report, 2007.
V. D. D. Schuler and C. Lindig, “A dynamic birthmark for java,” in IEEE/ACM International
Conference of Automated Software Engineering (ASE 07), no. 22, New York, 2007, pp. 274–283.
L. P.Chan and S.Yiu, “Jsbirth: Dynamic javascript birthmark based on the run-time heap,” in 2011
IEEE 35th Annual Computer Software and Application Conference (COMPSAC), July 2011, pp.407–412.
L. H. P. Chan and S. Yiu, “Dynamic software birthmark for java based on heap memory analysis,” in
IFIP TC 6/TC 11 Int. Conf. Commun. and Multimedia Security (CMS11), Springer-Verlag, Ed.,no. 12, Berlin, Heidelberg, 2011, pp. 94–106.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 17
SoftwareBirthmark forDetectingTheft ofJavaScriptPrograms
Patel SwatiJitendrakumar
Outline
Introduction
LiteratureSurvey
Methodology
Conclusionsand Futurework
Thank You
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 17