Watermarking a java source file?

Levi Pearson levipearson at gmail.com
Thu Sep 13 23:08:01 MDT 2012


On Thu, Sep 13, 2012 at 10:33 PM, Andy Bradford <amb-plugg at bradfords.org>wrote:

> Thus said "S. Dale Morrey" on Thu, 13 Sep 2012 22:26:21 MDT:
>
> > It's b, sorry if I wasn't clear.  I'm giving some files to someone for
> > review. I  don't want these  to become distributed since  they contain
> > secret sauce recipes and  if they leak I want to be  able to blame the
> > correct person.
>
> Automatically  generate every  piece of  your code.  The function  names
> should be generated  as well as variable names. Make  the function names
> look non-random. Then, give out  a different, randomly generated copy of
> the code to  the various parties and keep track  of which party received
> which randomly generated version of the code.
>
> Would this work?
>
>
This is again trivially defeated by a parser/pretty-printer combo with a
renamer, at least if they knew there was a watermark to defeat.  These
sorts of code obfuscation tools are common, and wouldn't be hard to build
from easily-combined components in a tool-rich language ecosystem such as
Java's anyway.  It would be impossible to tell which was the source after
the random renaming.

The problem with this is the very nature of computer programs.  Computer
languages are designed to have a precise and unambiguous interpretation
because they must ultimately control computers.  All of the computer
programs that are isomorphic to one another in meaning must necessarily be
transformable to one another, at least in theory. There's no way to tell
what the "original" form was without changing the meaning if all the
meta-information in the program text is replaced.

Now, you could potentially do some sort of alteration to the meaning of the
program that would identify the original recipient without altering the
primary desirable properties of the program, and this (if hidden well
enough) would defeat simple program transformations.  It would be much
easier to just stick it in an appropriately watermarked PDF. :)

      --Levi


More information about the PLUG mailing list