A key concern for software developers is to defend their programs against the so called “malicious host attacks” that aim at violating the intellectual property of programs by stealing, modifying or tampering with the code in order to take (economic) advantages over it. Code obfuscation and software watermarking represent two promising techniques for the protection of the intellectual property of programs. The basic idea of code obfuscation is to transform a program in order to make it more difficult to understand while preserving its functionality. Once an attacker goes beyond this defense, software watermarking allows the owner of the violated code to prove the ownership of the pirated copies.
Software watermarking is a technique for embedding a signature, i.e., a unique identifier reliably representing the owner, in a program. This allows the software developer to prove his ownership by extracting his signature from the pirated copies.
Even if in the last few years many obfuscating and watermarking techniques have been proposed, the lack of a rigorous theoretical background for code obfuscation and software watermarking makes it difficult to formally evaluate and compare the efficiency of these methodologies. In this project we are interested in the development of a unifying theory and methodology for the evaluation and design of software watermarking and code obfuscation tools.
Sensitive information and obscurity are typically added to a program by modifying the data structures, the code structures, the semantics, and the computational flow. Our idea is to formally investigate the effects that these transformations have on program semantics and to use abstract interpretation for reasoning about semantics at different levels of abstraction. This allows us to formalize the program properties that are protected by a given obfuscation and the information that is hidden by a watermarking scheme, and therefore to compare the efficiency of different obfuscating and watermarking techniques.