Researchers at Saarland University in Germany have developed a method that detects similarities between programs that can be used for identifying software piracy.

Called API Birthmark, the tool can scan a program and look for similarities it has with another piece of software based on its behaviour, according to Valentin Dallmeier, one of three researchers at the university’s Software Engineering Chair who developed this software analysis tool. What’s noteworthy about this approach, said Dallmeier, is that it compares and looks for similarities in the behaviour of the programs, rather than in the actual code.

Developers who illegally use code from a licensed program typically employ obfuscation techniques in an effort to evade detection by code-based scanning tools. Obfuscating the code does not necessarily change the functionality of the program, said Dallmeier.

“These obfuscation techniques only change the code in the program, but they cannot alter the behaviour without destroying the program and (losing) its functionality,” the researcher explained.

API Birthmark analyzes the behaviours of a particular program and compares them with other programs. The higher the degree of similarity between two different pieces of software the greater the likelihood of code theft is.

Dallmeier said API Birthmark looks at the interaction between a program and the operating system or the application programming interface (API), depending on the language the program was written. It then captures that interaction and compares it with other programs, he said.

The API Birthmark can be valuable to big software developers for conducting competitive analysis, said Michelle Warren, Toronto-based senior research analyst at Info-Tech Research Group.

API Birthmark can be used to evaluate other software products for possible copyright violations. It can also be used as an analysis tool in their own software development labs to ensure that their codes are not infringing on any copyrights, Warren explained.

The tool’s behaviour-based scanning method also makes it more effective than the traditional code-based analysis tools, she said.

“It’s like writing an essay,” said Warren. “Sentences can be created just coincidentally using the same words (as another piece of essay), but if we look at the actual idea and the thought patterns and the beliefs, that is really at the core of any kind of (intellectual property) theft.”

Looking at the behaviour of a program in the context of possible copyright infringement becomes more critical “as software piracy continues on its path of maturity.”

She added, however, that while this is a useful tool for detecting software piracy, it’s still ultimately up to the courts to decide whether a violation occurred.

“There will be a lot of grey areas there in terms of how to define code behaviour and program behaviour,” she said.

Even the scanning tool, such as the API Birthmark, itself would have to be thoroughly evaluated and analyzed before the results of its analysis can be deemed admissible in court, she added.

“And that might even depend on which court and in which country,” Warren said.

Canadian open source expert Russell McOrmond said the API Birthmark “seems to simply automate the most common method to detect this form of copyright infringement.”

He cited most copyright infringement investigations involving the Free/Libre Open Source Software (FLOSS) are triggered by noticing similarities in software behaviour.

“This type of tool only provides automation for that first glance and isn’t going to be helpful in the more thorough investigation,” said McOrmond, who is policy coordinator at Canadian open source group CLUE.

Dallmeier said they plan to release the API Birthmark code to the open source community in two to three months, in which case the methodology will be open to interested developers to take and develop for their own use.

The API Birthmark will also be presented at the upcoming Automated Software Engineering conference in Atlanta in November.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now