Pressemitteilung

Today, most software consists of independent components, which makes it easy to include parts of a software into another program. Yet, for a code owner such theft is difficult to prove in court. David Schuler, researcher at Saarland University, developed a tool called API BIRTHMARK that measures the degree of similarity between programs. A company that suspects code theft may use API BIRTHMARK to run both its own program and a foreign program. When this yields a high degree of similarity, code theft is likely and further investigations are warranted.

The novelty of Schuler's method is that it compares the behavior of programs rather than their code. A program's code can easily be obfuscated without destroying it. Such obfuscation tools are freely available on the internet. On the other hand, a program's behavior is difficult to change without breaking the program, just like a birthmark. David Schuler and his co-authors Valentin Dallmeier and Christian Lindig have shown that birthmarks from Java programs are immune against the best obfuscation tools available. A paper on the birthmarking technique has been accepted at the Automated Software Engineering (ASE 2007) conference which will be held in Atlanta, USA. This year, only 37 submissions out of 312 got accepted to ASE 2007.

David Schuler, Valentin Dallmeier, and Dr. Christian Lindig work as researchers at the Software Engineering Chair of Prof. Andreas Zeller at Saarland University, Germany. The group develops statistical approaches for program analysis and defect localization. Another topic is mining the evolution history of programs to predict and avoid software defects. Prof. Zeller was first to systematically analyze the bug databases of Microsoft to predict error-prone components - which are now tested even more thoroughly.

For additional informations, please call:

Prof. Dr. Andreas Zeller
Tel. +49 681 302-64011

Friederike Meyer zu Tittingdorf
Tel. +49 681 302-58099