Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection
- By Christian Collberg, Jasvir Nagra
- Published Jul 24, 2009 by Addison-Wesley Professional. Part of the Addison-Wesley Software Security Series series.
- Copyright 2010
- Dimensions: 7 X 9-1/8
- Pages: 792
- Edition: 1st
- ISBN-10: 0-321-54925-2
- ISBN-13: 978-0-321-54925-9
- eBook (Adobe DRM)
- ISBN-10: 0-321-54522-2
- ISBN-13: 978-0-321-54522-0
Register your product to gain access to bonus material or receive a coupon.
Product Author Bios
Christian Collberg received a B.Sc. in computer science and numerical analysis and a Ph.D. in computer science from Lund University, Sweden. He is currently an associate professor in the department of computer science at the University of Arizona and has also worked at the University of Auckland, New Zealand, and the Chinese Academy of Sciences in Beijing. Professor Collberg is a leading researcher in the intellectual property protection of software, and also maintains an interest in compiler and programming language research. In his spare time he writes songs, sings, and plays guitar for The Zax and hopes one day to finish his Great Swedish Novel.
“This book gives thorough, scholarly coverage of an area of growing importance in computer security and is a ‘must have’ for every researcher, student, and practicing professional in software protection.”
—Mikhail Atallah, Distinguished Professor of Computer Science at Purdue University
Theory, Techniques, and Tools for Fighting Software Piracy, Tampering, and Malicious Reverse Engineering
The last decade has seen significant progress in the development of techniques for resisting software piracy and tampering. These techniques are indispensable for software developers seeking to protect vital intellectual property. Surreptitious Software is the first authoritative, comprehensive resource for researchers, developers, and students who want to understand these approaches, the level of security they afford, and the performance penalty they incur.
Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques.
- Mastering techniques that both attackers and defenders use to analyze programs
- Using code obfuscation to make software harder to analyze and understand
- Fingerprinting software to identify its author and to trace software pirates
- Tamperproofing software using guards that detect and respond to illegal modifications of code and data
- Strengthening content protection through dynamic watermarking and dynamic obfuscation
- Detecting code theft via software similarity analysis and birthmarking algorithms
- Using hardware techniques to defend software and media against piracy and tampering
- Detecting software tampering in distributed system
- Understanding the theoretical limits of code obfuscation
13 of 15 people found the following review helpful
A very interesting read on securing your software,
This review is from: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection (Paperback)This book was very interesting to me. I really don't work in such a way that I would have a need to deploy my own software for money and therefore need to worry about hiding the details of my code, but it was an aspect of computer security I didn't know much about until I sat down with this book. The book is not about trying to keep people out of your computer networks, but it is about keeping unauthorized users from executing your code and about disabling the analysis of your code by those who might want to extract details about some algorithm for the purpose of copying it.
I thought that the algorithms involved were very well explained and code snippets were shown to illustrate key concepts. The author employs widely used languages such as PERL for his examples. Commercial products are mentioned when applicable. I really enjoyed the sections on steganography and watermarking - these sections contain the clearest descriptions of the key algorithms involved that I've seen... Read more
1 of 4 people found the following review helpful
Packs in tips on security and tools for fighting software piracy,
This review is from: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection (Paperback)Christian Collberg's SURREPTITIOUS SOFTWARE packs in tips on security and tools for fighting software piracy and covers all the latest programs that both attackers and defenders use to analyze programs. From fingerprinting software to identify its author to tamper-proofing software with guards, strengthening content, and detecting code theft, this is a key acquisition for any serious software library, unparalleled in its content and coverage.
2 of 9 people found the following review helpful
This review is from: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection (Paperback)This book is part of Addison-Wesley's software security series (which I edit). Most of the books in the series are about how to build more secure software. By contrast, this book is about how to protect software.
There are many resaons to protect software with watermarking, obfuscation, and tamperproofing. Perhaps your product needs protection from piracy (like a game, a book, or music). Perhaps your product involves top secret military ideas and may be captured by the enemy (like a predator drone shot down in Afghanistan). Whatever your reason for software protection might be, this book is the go to guide for protecting software.
Christian Collberg has long been an important intellectual leader in software protection. This book will serve as the most important reference in a blossoming new field.
› See all 3 customer reviews...
Online Sample Chapter
Download the sample pages (includes Chapter 1 and Index)
Table of Contents
About the Authors xxv
Chapter 1: What Is Surreptitious Software? 1
1.1 Setting the Scene 1
1.2 Attack and Defense 6
1.3 Program Analysis 7
1.4 Code Obfuscation 13
1.5 Tamperproofing 32
1.6 Software Watermarking 36
1.7 Software Similarity 43
1.8 Hardware-Based Protection Techniques 49
1.9 Discussion 55
1.10 Notation 58
Chapter 2: Methods of Attack and Defense 59
2.1 Attack Strategies 60
2.2 Defense Strategies 86
2.3 Discussion 114
Chapter 3: Program Analysis 117
3.1 Static Analysis 118
3.2 Dynamic Analysis 145
3.3 Reconstituting Source 170
3.4 Pragmatic Analysis 190
3.5 Discussion 198
Chapter 4: Code Obfuscation 201
4.1 Semantics-Preserving Obfuscating Transformations 202
4.2 Definitions 217
4.3 Complicating Control Flow 225
4.4 Opaque Predicates 246
4.5 Data Encodings 258
4.6 Breaking Abstractions 277
4.7 Discussion 298
Chapter 5: Obfuscation Theory 301
5.1 Definitions 304
5.2 Provably Secure Obfuscation: Possible or Impossible? 307
5.3 Provably Secure Obfuscation: It’s Possible (Sometimes)! 313
5.4 Provably Secure Obfuscation: It’s Impossible (Sometimes)! 335
5.5 Provably Secure Obfuscation: Can It Be Saved? 344
5.6 Discussion 354
Chapter 6: Dynamic Obfuscation 357
6.1 Definitions 360
6.2 Moving Code Around 362
6.3 Encryption 383
6.4 Discussion 398
Chapter 7: Software Tamperproofing 401
7.1 Definitions 405
7.2 Introspection 412
7.3 Algorithm TPTCJ: Response Mechanisms 440
7.4 State Inspection 444
7.5 Remote Tamperproofing 453
7.6 Discussion 464
Chapter 8: Software Watermarking 467
8.1 History and Applications 468
8.2 Watermarking Software 478
8.3 Definitions 480
8.4 Watermarking by Permutation 486
8.5 TamperproofingWatermarks 494
8.6 Improving Resilience 498
8.7 Improving Stealth 505
8.8 Steganographic Embeddings 522
8.9 SplittingWatermark Integers 526
8.10 Graph Codecs 533
8.11 Discussion 537
Chapter 9: Dynamic Watermarking 541
9.1 Algorithm WMCT: Exploiting Aliasing 546
9.2 Algorithm WMNT: Exploiting Parallelism 565
9.3 Algorithm WMCCDKHLSpaths: Expanding Execution Paths 583
9.4 Algorithm WMCCDKHLSbf : Tamperproofing Execution Paths 592
9.5 Discussion 598
Chapter 10: Software Similarity Analysis 601
10.1 Applications 602
10.2 Definitions 611
10.3 k-gram-Based Analysis 616
10.4 API-Based Analysis 625
10.5 Tree-Based Analysis 631
10.6 Graph-Based Analysis 635
10.7 Metrics-Based Analysis 644
10.8 Discussion 652
Chapter 11: Hardware for Protecting Software 655
11.1 Anti-Piracy by Physical Distribution 657
11.2 Authenticated Boot Using a Trusted Platform Module 670
11.3 Encrypted Execution 683
11.4 Attacks on Tamperproof Devices 695
11.5 Discussion 711
This book includes free shipping!
This book includes free shipping!
eBook (Adobe DRM)
This eBook requires the free Adobe® Digital Editions software.
Before downloading this DRM-encrypted PDF, be sure to:
- Install the free Adobe Digital Editions software on your machine. Adobe Digital Editions only works on Macintosh and Windows, and requires the Adobe Flash Player. Please see the official system requirements.
- Authorize your copy of Adobe Digital Editions using your Adobe ID. If you don't already have an Adobe ID, you can create one here.
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.