Abstract
Over the last decade a bewildering array of techniques have been proposed to protect software from piracy, malicious reverse engineering, and tampering. While we can broadly classify these techniques as obfuscation, watermarking/fingerprinting, birthmarking, and tamperproofing there is a need for a more constructive taxonomy. In this paper we present a model of Surreptitious Software techniques inspired by defense mechanisms found in other areas: we will look at the way humans have historically protected themselves from each other and from the elements, how plants and animals have evolved to protect themselves from predators, and how secure software systems have been architected to protect against malicious attacks. In this model we identify a set of primitives which underlie many protection schemes. We propose that these primitives can be used to characterize existing techniques and can be combined to construct novel schemes which address a specific set of protective requirements.
Supported in part by the Institute of Automation, Chinese Academy of Sciences.
Supported by the European Commission, contract No 021186-2, RE-TRUST project.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Cunningham, W., Beck, K.: Using pattern languages for object-oriented programs. In: OOPSLA’87 (1987)
Garfinkel, S.: Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA (2005)
unknown: Decoys: Tanks but no tanks. Time Magazine (Monday, Feb. 4) (1991), http://www.time.com/time/magazine/article/0,9171,972244,00.html
Collberg, C., Thomborson, C., Low, D.: Breaking abstractions and unstructuring data structures. In: IEEE International Conference on Computer Languages 1998, ICCL’98, Chicago, IL (1998)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages 1998, POPL’98, San Diego, CA (1998)
Cronin, G.: Defense Mechanisms. Salem Press, pp. 314–319 (2001)
Collberg, C., Huntwork, A., Carter, E., Townsend, G.: Graph theoretic software watermarks: Implementation, analysis, and attacks. In: Workshop on Information Hiding, pp. 192–207 (2004)
Collberg, C., Carter, E., Debray, S., Kececioglu, J., Huntwork, A., Linn, C., Stepp, M.: Dynamic path-based software watermarking. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 04), ACM Press, New York (2004)
Shamir, A., van Someren, N.: Playing Hide and Seek with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Ramalingam, G.: The undecidability of aliasing. ACM TOPLAS 16(5), 1467–1471 (1994)
Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: Obstructing static analysis of programs. Technical Report CS-2000-12, University of Virginia (2000)
Stark, S.: Why lawyers can’t write. Harvard Law Review 97(1389) (1984)
Tyma, P.: Method for renaming identifiers of a computer program. US patent 6,102,966 (2000)
Bender, W., Gruhl, D., Morimoto, N., Lu, A.: Techniques for data hiding. IBM Syst. J. 35(3–4), 313–336 (1996)
Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal, 656–715 (1949)
Wayner, P.: Mimic functions. CRYPTOLOGIA 14(3) (1992)
Monden, A., Iida, H., Matsumoto, K., Inoue, K., Torii, K.: A practical method for watermarking Java programs. In: 24th Computer Software and Applications Conference (2000)
Myles, G., Collberg, C.: k-gram based software birthmarks. In: Proceedings of SAC (2005)
Horne, B., Matheson, L., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, Springer, Heidelberg (2002)
Chang, H., Atallah, M.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, Springer, Heidelberg (2002)
Gang Tan, Y.C., Jakubowski, M.H.: Delayed and controlled failures in tamper-resistant systems. In: Information Hiding 2006 (2006)
Farrell, N.: Mac Display Eater kills home files. The Inquirer (February 27, 2007)
Keaney, T.A., Cohen, E.A.: Gulf War Air Power Survey Summary Report (1993)
Aucsmith, D.: Tamper resistant software: An implementation. In: Anderson, R. (ed.) Information Hiding, LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
Wang, F.Y.: Computational experiments for behavior analysis and decision evaluation of complex systems. Journal of Systems Simulations 16(5), 893–897 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Collberg, C., Nagra, J., Wang, FY. (2007). Surreptitious Software: Models from Biology and History. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)