The document discusses a software birthmark method for detecting theft of JavaScript programs. It begins with an introduction to software theft, birthmarks, and JavaScript programs. It then outlines the related work in software birthmarks, describes the proposed system's methodology including heap profiling, graph generation, merging and detection. The conclusions state that the software birthmark system can find similarities between applications and distinguish them while resisting attacks. Future work aims to improve the graph selection and detection speed.

1. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Software Birthmark for Detecting Theft of
JavaScript Programs
Patel Swati Jitendrakumar
Guided by
Prof. T. M. Pattewar
ME CE
2012-2013
Seminar-II Presentation
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 1

2. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Outline of Topics
1 Introduction
2 Literature Survey
3 Methodology
4 Conclusions and Future work
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 2

3. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction
Software Theft
It is an unauthorized copy and use of computer software.
57 % Computer Users admit that they use pirated
software.
JavaScript programs and their theft
It is an interpreted computer programming language.
Techniques of avoiding Software Theft
• Software Watermarking :
An extra code known as watermark is included as a part
of a program to prove the ownership of the program.
• Code Obfuscation :
code obfuscation is the application of transformations to
the code, which changes the physical appearance of the
code, while preserving the black-box specifications of the
program.
Content of this slide cited from [?] [?] [?] [?] [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 3

4. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction contd...
Software Birthmark
A birthmark is a unique characteristic a program possesses
that can be used to identify the program.
To detect software theft,
1 The birthmark of the program under protection (the
plaintiff program) extracted.
2 The suspected program is searched against the birthmark.
3 If the birthmark of plaintiff program is found in the code of
suspected one, then it can be claimed as the suspected
program or part of it is a copy of the plaintiff program.
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 4

5. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction contd...
Taxonomy of Software Birthmark
Static Birthmark - extracted from the syntactic structure
of a program.
Let p, q be two components of a program or program itself.
Let f be method for extracting the set of characteristics
from a program. Then f(p) is a static birthmark of p if:
1. f(p) is obtainable from p itself.
2. q is copy of p ⇒ f(p) = f(q).
Content of this slide cited from [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 5

6. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction contd...
Taxonomy of Software Birthmark contd...
Dynamic Birthmark - extracted from the dynamic
behavior of a program at run-time.
Let p,q be two components of a program or program itself.
Let I be the input to p and q. Let f(p,I) the set of
characteristics extracted from a program p with input I.
Then f(p,I) is a dynamic birthmark of p if:
1. f(p,I) is obtainable from p itself when executing p with
input I.
2. q is copy of p ⇒ f(p,I) = f(q,I).
Content of this slide cited from [?] [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 6

7. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction contd...
Heap Graph based Birthmark
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 7

8. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Introduction contd...
The Threat Model
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 8

9. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Related Work
Year Author Work
2004 Myles et al. Whole program path birthmarks [?]
2007 Tamada et al. API calls based Birthmarks [?]
2007 Schuler et al. Birthmark for java [?]
2011 Chan et al. Birthmark on the runtime heap [?]
2011 Chan et al. Birthmark on heap memory analysis [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 9

10. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview
Figure: System Overview
Content of this slide cited from [?]
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 10

11. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview contd...
The JavaScript heap profiler:
runs a JavaScript program and takes multiple
heap snapshots in the course of its execution.
Figure: Heap profile of GMail initialization phase
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 11

12. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview contd...
The graph generator and filter:
traverses the objects in the heap snapshots and builds heap
graphs out of them. It also filters out objects.
• Objects in the V8 JavaScript heap are:
INTERNAL, ARRAY, STRING, OBJECT, CODE,
CLOSURE
• References between objects in the V8 JavaScript heap
are:
CONTEXT VARIABLE, ELEMENT, PROPERTY,
INTERNAL
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 12

13. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview contd...
The graph merger:
merges the filtered heap graphs to form one single graph.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 13

14. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview contd...
The subgraph selector:
selects a subgraph from the heap graph to form the
birthmark of the plaintiff program. This step is not needed
for the suspected program.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 14

15. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
System Overview contd...
The detector:
searches for the birthmark of the plaintiff program in the
heap graph of the suspected program.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 15

16. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Conclusions and Future work
Software Birthmark system finds similarities between two
similarly functioning applications and distinguish distinct
applications.
This system is reliable and scalable also it can resist to
reference injection attack.
Future work can be aimed for two major factors
1. Improved Graph Selector
2. Fast Detector
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 16

17. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
“Ninth annual BSA global software 2011 piracy study,” 5 2012, [accessed on April 14,2013]. [Online].
Available: http://globalstudy.bsa.org/2011/
“Software theft,” [accessed on April 14,2013]. [Online]. Available:
http://www.javvin.com/softwareglossary/SoftwareTheft.html
“Software piracy,” [accessed on April 14,2013]. [Online]. Available:
http://www.fastiis.org/our services/enforcement/software theft/
C. Collberg and C. Thomborson, “Software watermarking:models and dynamic embeddings,”
Department of Computer Science, University of Auckland, Private Bag 92091, Auckland, New
Zealand, Tech. Rep., 2003.
H. I. A. Monden and K. Torii, “Watermarking java programs,” in International Symposium of Future
Software Technology, Nanjing, China, 1999.
C. T. C. Collberg and D. Low, “A taxonomy of obfuscating transformations,” University of Auckland,
Auckland, New Zealand, Tech. Rep. 148, 2003.
E. C. C. Collberg and M. Stepp, “Dynamic path-based software watermarking,” in Programming
Language Design and Implementation (PLDI 04), ACM, Ed., New York, 2004, pp. 107–118.
H. Tamada and A. Monden, “Design and evaluation of birthmarks for detecting theft of java
programs,” in IASTED International Conference of Software Engineering, 2004, pp. 569–575.
G. Myles and C. Collberg, “K-gram based software birthmarks,” in Symposium on Application
Computing (SAC 05), ACM, Ed., 2005, pp. 314–318.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 16

18. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
S. P.Chan, L.Hui, “Heap graph based software theft detection,” IEEE Transaction On Information
Forensics and Security, vol. 8, pp. 101–110, January 2013.
G.Myles and C. Collberg, “Detecting software theft via whole program path birthmarks,” in Inf.
Security 7th Int. Conf. (ISC 2004), Palo Alto,CA, September 2004, pp. 404–414.
K. H.Tamada and K.Matsumoto, “Design and evaluation of dynamic software birthmarks based on
API calls,” Graduate School of Information Science, Nara Institute of Science and Technology,
8916-5 Takayama-cho, Ikoma-shi, Nara, 6300101 Japan, Technical Report, 2007.
V. D. D. Schuler and C. Lindig, “A dynamic birthmark for java,” in IEEE/ACM International
Conference of Automated Software Engineering (ASE 07), no. 22, New York, 2007, pp. 274–283.
L. P.Chan and S.Yiu, “Jsbirth: Dynamic javascript birthmark based on the run-time heap,” in 2011
IEEE 35th Annual Computer Software and Application Conference (COMPSAC), July 2011, pp.
407–412.
L. H. P. Chan and S. Yiu, “Dynamic software birthmark for java based on heap memory analysis,” in
IFIP TC 6/TC 11 Int. Conf. Commun. and Multimedia Security (CMS11), Springer-Verlag, Ed.,
no. 12, Berlin, Heidelberg, 2011, pp. 94–106.
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 17

19. Software
Birthmark for
Detecting
Theft of
JavaScript
Programs
Patel Swati
Jitendrakumar
Outline
Introduction
Literature
Survey
Methodology
Conclusions
and Future
work
Thank You
October 24, 2013 SES’s R. C. Patel Institute of Technology, Shirpur, MS, India 17