Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Method To Detect and Prove GPL Violations

Posted by kdawson on from the marked-at-birth dept.

qwerty writes "A paper to be presented at the upcoming academic conference Automated Software Engineering describes a new method to detect code theft and could be used to detect GPL violations in particular. While the co-called birthmarking method is demonstrated for Java, it is general enough to work for other languages as well. The API Benchmark observes the interaction between an application and (dynamic) libraries that are part of the runtime system. This captures the observable behavior of the program and cannot be easily foiled using code obfuscation techniques, as shown in the paper (PDF). Once such a birthmark is captured, it can be searched for in other programs. By capturing the birthmarks from popular open-source frameworks, GPL-violating applications could be identified."

3 of 218 comments (clear)

  1. new use of old trick by toolslive · · Score: 5, Informative

    I used to be a research assistent, and at university, we used this technique to see if students copied their assignments. They could rename variables, move pieces of text, change comments all the way they liked, but the execution profile stayed the same. We caught a lot of students, and they never figured out how we did it.

    1. Re:new use of old trick by Just+Some+Guy · · Score: 5, Interesting

      How did you know they were cheating and didn't derive their similar approaches from a common origin (presumably material that was presented in class or else from the textbook)?

      Amen to that. This is an old story, but I think it bears repeating. A friend of mine and I got "caught" turning in identical code for an assignment. I mean, identical. Same structures, variables, types, layout - everything. However, we wrote our programs separately and never saw each others' until our teacher asked about it.

      It sounds improbable, but consider that:

      1. We both directly transcribed variable names from the homework assignment. A sentence like "it is a fatal error condition for the user to specify a negative number of tasks" became "assert(numtasks >= 0);".
      2. We used the same editor and the same indenting style.
      3. We had done much of our homework together in previous classes because we tended to take the same approach to solving problems.
      4. The assignment wasn't terribly complex to begin with, so the resulting code was only a few pages long.

      We had a teacher who trusted us and we were both good students with good test grades, so it was dismissed as a humorous coincidence. I'm glad a human was willing to listen to our explanation and not just go along with the findings of an automated tester.

      --
      Dewey, what part of this looks like authorities should be involved?
  2. Coming soon... by koh · · Score: 5, Funny

    GGA! The GNU Genuine Advantage program!

    --
    Karma cannot be described by words alone.