August 2002 | Christian S. Collberg, Member, IEEE Computer Society, and Clark Thomborson, Senior Member, IEEE
The paper discusses three types of attacks on intellectual property in software: software piracy, reverse engineering, and tampering. Each attack is defended against using specific technical methods: watermarking, obfuscation, and tamper-proofing. Watermarking embeds a secret message into the software to deter piracy and allow for ownership proof. Obfuscation transforms the software to make it harder to reverse engineer while maintaining functionality. Tamper-proofing adds code to detect and prevent unauthorized modifications, ensuring the software remains functional if tampered with. The authors also explore various techniques for each defense method, including lexical transformations, control transformations, data transformations, and dynamic watermarking. They discuss the trade-offs between resilience, data rate, cost, and stealth in these techniques. The paper concludes by emphasizing the importance of technical defenses for software developers concerned about malicious hosts and outlines future research directions.The paper discusses three types of attacks on intellectual property in software: software piracy, reverse engineering, and tampering. Each attack is defended against using specific technical methods: watermarking, obfuscation, and tamper-proofing. Watermarking embeds a secret message into the software to deter piracy and allow for ownership proof. Obfuscation transforms the software to make it harder to reverse engineer while maintaining functionality. Tamper-proofing adds code to detect and prevent unauthorized modifications, ensuring the software remains functional if tampered with. The authors also explore various techniques for each defense method, including lexical transformations, control transformations, data transformations, and dynamic watermarking. They discuss the trade-offs between resilience, data rate, cost, and stealth in these techniques. The paper concludes by emphasizing the importance of technical defenses for software developers concerned about malicious hosts and outlines future research directions.