A Survey of Software Watermarking

William Zhu1 , Clark Thomborson1, , and Fei-Yue Wang2,3

Department of Computer Sciences, The University of Auckland, Auckland, New Zealand 2 Systems and Industrial Engineering Department, The University of Arizona, Tucson, AZ 85721, USA 3 The Key Laboratory of Complex Systems and Intelligent Science, Institute of Automation, the Chinese Academy of Sciences, Beijing 100080, China fzhu009@ec.auckland.ac.nz, cthombor@cs.auckland.ac.nz, feiyue@sie.arizona.edu
1

Abstract. In the Internet age, software is one of the core components for the operation of network and it penetrates almost all aspects of industry, commerce, and daily life. Since digital documents and objects can be duplicated and distributed easily and economically cheaply and software is also a type of digital objects, software security and piracy becomes a more and more important issue. In order to prevent software from piracy and unauthorized modication, various techniques have been developed. Among them is software watermarking which protects software through embedding some secret information into software as an identier of the ownership of copyright for this software. This paper gives a brief overview of software watermarking. It describes the taxonomy, attack models, and algorithms of software watermarking. Keyword: Software Security, Software Watermarking.

Introduction

Software watermarking [3, 5] is a process for embedding secret information into the text of software. This information may identify the ownership of the software, so when an unauthorized use of this software occurs the copyright holders of this software can have evidence of piracy by extracting this secret message from an unauthorized copy. This paper is structured as follows. After the introduction is Section 2 which details the taxonomy of software watermarks according to dierent situations. Section 3 describes the software watermark attack models. In Section 4, we give a brief description of the software watermarking algorithms currently available. This paper concludes in section 5.
Research supported in part by the New Economy Research Fund of New Zealand.
P. Kantor et al. (Eds.): ISI 2005, LNCS 3495, pp. 454458, 2005. c Springer-Verlag Berlin Heidelberg 2005

A Survey of Software Watermarking

455

Taxonomy of Software Watermarks

Software watermarks can be classied in dierent ways by their functions and properties. The following are some classication schemes in published literatures. Software watermarks are classied by their functional goals [10] as prevention marks, assertion marks, permission marks, and armation marks. Prevention marks prevent unauthorized uses of a software. Assertion marks make a public claim to ownership of a software. Permission marks allow a (limited) change or copy operating a software. Armation marks ensure an end-user of a softwares authenticity. Software watermarks can also be classied by their extracting techniques as static or dynamic [2]. A static software watermark is one inserted in the data area or the text of codes. The extraction of such watermark needs not run the software. A dynamic software watermark is inserted in the execution state of a software object. More precisely, in dynamic software watermarking, what has been embedded is not the watermark itself but some codes which cause the watermark to be expressed, or extracted, when the software is run. An example is the CT algorithm. Robust software watermarks and fragile software watermarks: A robust software watermark can be extracted even if it has been subjected to adversarial or casual semantics-preserving or near-semantics-preserving code translation. Such watermarks are used in systems to prevent unauthorized uses(permission), and in systems that make public claims to software ownership(assertion). A fragile software watermark will (ideally) always be destroyed when the software has been changed. Such watermarks are used in integrity verication of software (armations) and in systems that allow limited change and copy(permission). According to the features that a user of software can experience, software watermarks can be categorized as visible software watermarks and invisible software watermarks. If a visible software watermark is embedded, the watermarked software will generate some legible image like a logo, etc. upon some special input. An invisible software watermark is one that will not appear as a legible image to the end-user, but can be extracted by some algorithm not in the end-users direct control. According to whether the original program and the watermark are the inputs to the watermark extractor, software watermark can be categorized as either blind or informed.

Attacks on Software Watermarks

Attacks on software can occur in two ways: malicious client attacks or malicious host attacks. Generally, software watermarking aims to protect software from a malicious host attack. There are four main ways to attack a watermark in a software.

456

W. Zhu, C. Thomborson, and F.-Y. Wang

Additive attacks: Embed a new watermark into the watermarked software, so the original copyright owners of the software cannot prove their ownership by their original watermark inserted in the software. Subtractive attacks: Remove the watermark of the watermarked software without aecting the functionality of the watermarked software. Distortive attacks: Modify watermark to prevent it from being extracted by the copyright owners and still keep the usability of the software. Recognition attacks: Modify or disable the watermark detector, or its inputs, so that it gives a misleading result. For example, an adversary may assert that his watermark detector is the one that should be used to prove ownership in a courtroom test.

Software Watermarking Algorithms

We will describe in the section the main software watermarking algorithms currently available. Basic block reordering algorithm: In 1996, Davidson and Myhrvold [8] published the rst software watermarking algorithm. It watermarks a program by reordering its basic blocks. Register allocation algorithm [12]: It is proposed by Qu and Potkonjak. This method inserts a watermark into the interference graph of a program. Spread-spectrum algorithms: Stern et al. [13] proposed a spread-spectrum algorithm which represents a program as a vector and modies each component of the vector with a small random amount. Curran et al. [7] also proposed a spread-spectrum software watermarking method. Opaque predicate algorithms: Monden et al. [9] and Arboit [1] proposed methods to insert a watermark into a dummy method and opaque predicate. Threading algorithm: Nagra and Thomborson [11] proposed a threading software watermarking algorithm based on the intrinsic randomness for a thread to run in a multithreaded program. Abstract interpretation algorithm: Cousot and Cousot [6] embedded the watermark in values assigned to designated integer local variables during program execution. These values can be determined by analyzing the program under an abstract interpretation framework, enabling the watermark to be detected even if only part of the watermarked program is present. Dynamic path algorithm: It was proposed by Collberg et al. [4]. This algorithm inserts a watermark in the runtime branch structure of a program to be watermarked. It is based on the observation that the branch structure is an essential part of a program and that it is dicult to analyse such a structure completely because it captures so much of the semantics of the program. Graph-based algorithms: Venkatesan, Vazirani and Sinha [15] proposed the rst graph-based software watermarking, called the VVS algorithm. It is a static software watermarking algorithm. Collberg and Thomborson [2] proposed the rst dynamic graph algorithm, the CT algorithm. It embeds the watermark in a graph data structure which is built during the execution of the program,

A Survey of Software Watermarking

457

so it is a dynamic software watermarking algorithm. Thomborson et al. [14] developed a variant of the CT algorithm, the constant-encoding algorithm. It tries to transform some numeric or non-numeric constants in the program text into function calls and to establish some dependencies of the values of these functions on the watermark data structures.

Conclusions

Software piracy is a worldwide issue and becomes more and more important for software developers and vendors. Software watermarking is one of the many mechanisms to protect the copyright of software.

References
1. G. Arboit. A Method for Watermarking Java Programs via Opaque Predicates, In The Fifth International Conference on Electronic Commerce Research(ICECR-5), 2002 2. C. Collberg and C. Thomborson. Software Watermarking: Models and Dynamic Embeddings, POPL99, 1999 3. C. Collberg and C. Thomborson. Watermarking, tamper-proong, and obfuscation - tools for software protection, IEEE Transactions on Software Engineering, vol. 28, 2002, pp. 735-746 4. C. Collberg, E. Carter, S. Debray, A. Huntwork, J. Kececioglu, C. Linn and M. Stepp. Dynamic path-based software watermarking, ACM SIGPLAN Notices , Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, Vol. 39, Iss. 6, June 2004 5. C. Collberg, S. Jha, D. Tomko and H. Wang. UWStego: A General Architecture for Software Watermarking, Technical Report(Aug. 31, 2001), available on http://www.cs.wisc.edu/ hbwang/watermark/TR.ps on Nov. 20 , 2004 6. P. Cousot and R. Cousot. An abstract interpretation-based framework for software watermarking, Principles of Programming Languages 2003, 2003, pp. 311-324 7. D. Curran, N. Hurley and M. Cinneide. Securing Java through Software Watermarking, PPPJ 2003, Kilkenny City, Irenland, pp. 145-148 8. R. Davidson and N. Myhrvold. Method and system for generating and auditing a signature for a computer program, US Patent 5,559,884, September 1996. Assignee: Microsoft Corporation. 9. A. Monden, H. Iida, K. Matsumoto, K. Inoue and K. Torii. A Practical Method for Watermarking Java Programs, T he 24th Computer Software and Applications Conference (compsac2000), Taipei, Taiwan, Oct. 2000 10. J. Nagra, C. Thomborson and C. Collberg. A functional taxonomy for software watermarking, In Proc. 25th Australasian Computer Science Conference 2002, ed. MJ Oudshoorn, ACS, January 2002, pp. 177-186 11. J. Nagra and C. Thomborson. Threading Software Watermarks, Proc. Information Hiding Workshop, 2004 12. G. Qu and M. Potkonjak. Analysis of Watermarking Techniques for Graph Coloring Problem, Proceding of 1998 IEEE/ACM International Conference on Computer Aided Design, ACM Press, 1998, pp. 190-193

458

W. Zhu, C. Thomborson, and F.-Y. Wang

13. J. Stern, G. Hachez, F. Koeune, and J. Quisquater. Robust Object Watermarking: Application to Code, In Information Hiding, 1999, pp. 368-378 14. C. Thomborson, J. Nagra, R. Somaraju, and C. He. Tamper-proong Software Watermarks. In Proc. Second Australasian Information Security Workshop(AISW2004), ed. P. Montague and C. Steketee, ACS, CRPIT, Vol. 32, 2004, pp. 27-36 15. R. Venkatesan, V. Vazirani, and S. Sinha. A Graph Theoretic Approach to software watermarking, presented at 4th International Information Hiding Workshop, Pittsburgh, PA, USA, Apr. 2001