DOCSLIB.ORG

De-Anonymizing Programmers from Executable Binaries

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
De-Anonymizing Programmers from Executable Binaries To appear at the 2018 Network and Distributed System Security Symposium (NDSS). When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries Aylin Caliskan∗, Fabian Yamaguchiy, Edwin Dauberz, Richard Harangx, Konrad Rieck{, Rachel Greenstadtz and Arvind Narayanan∗ ∗Princeton University, faylinc@, [email protected] yShiftleft Inc, [email protected] zDrexel University, fegd34, [email protected] xSophos, Data Science Team, [email protected] {TU Braunschweig, [email protected] Abstract—The ability to identify authors of computer pro- in the compilation process and can be extracted from the grams based on their coding style is a direct threat to the privacy executable binary. This means that it may be possible to infer and anonymity of programmers. While recent work found that the programmer’s identity if we have a set of known potential source code can be attributed to authors with high accuracy, candidate programmers, along with executable binary samples attribution of executable binaries appears to be much more (or source code) known to be authored by these candidates. difficult. Many distinguishing features present in source code, e.g. variable names, are removed in the compilation process, and com- Programmer de-anonymization from executable binaries piler optimization may alter the structure of a program, further has implications for privacy and anonymity. Perhaps the creator obscuring features that are known to be useful in determining of a censorship circumvention tool distributes it anonymously, authorship. We examine programmer de-anonymization from the fearing repression. Our work shows that such a programmer standpoint of machine learning, using a novel set of features that might be de-anonymized. Further, there are applications for include ones obtained by decompiling the executable binary to source code. We adapt a powerful set of techniques from the software forensics, for example to help adjudicate cases of domain of source code authorship attribution along with stylistic disputed authorship or copyright. representations embedded in assembly, resulting in successful de- The White House Cyber R&D Plan states that “effective anonymization of a large set of programmers. deterrence must raise the cost of malicious cyber activities, We evaluate our approach on data from the Google Code lower their gains, and convince adversaries that such activities Jam, obtaining attribution accuracy of up to 96% with 100 and can be attributed [42].” The DARPA Enhanced Attribution calls 83% with 600 candidate programmers. We present an executable for methods that can “consistently identify virtual personas binary authorship attribution approach, for the first time, that and individual malicious cyber operators over time and across is robust to basic obfuscations, a range of compiler optimization different endpoint devices and C2 infrastructures [25].” While settings, and binaries that have been stripped of their symbol the forensic applications are important, as attribution methods tables. We perform programmer de-anonymization using both develop, they will threaten the anonymity of privacy-minded obfuscated binaries, and real-world code found “in the wild” in single-author GitHub repositories and the recently leaked individuals at least as much as malicious actors. Nulled.IO hacker forum. We show that programmers who would We introduce the first part of our approach by significantly arXiv:1512.08546v3 [cs.CR] 18 Dec 2017 like to remain anonymous need to take extreme countermeasures overperforming the previous attempt at de-anonymizing pro- to protect their privacy. grammers by Rosenblum et al. [39]. We improve their accuracy of 51% in de-anonymizing 191 programmers to 92% and then I. INTRODUCTION we scale the results to 83% accuracy on 600 programmers. First, whereas Rosenblum et al. extract structures such as If we encounter an executable binary sample in the wild, control-flow graphs directly from the executable binaries, our what can we learn from it? In this work, we show that the work is the first to show that automated decompilation of exe- programmer’s stylistic fingerprint, or coding style, is preserved cutable binaries gives additional categories of useful features. Specifically, we generate abstract syntax trees of decompiled source code. Abstract syntax trees have been shown to greatly improve author attribution of source code [16]. We find that Network and Distributed Systems Security (NDSS) Symposium 2018 syntactical properties derived from these trees also improve 18-21 February 2018, San Diego, CA, USA ISBN 1-1891562-49-5 the accuracy of executable binary attribution techniques. http://dx.doi.org/10.14722/ndss.2018.23304 Second, we demonstrate that using multiple tools for dis- www.ndss-symposium.org assembly and decompilation in parallel increases the accuracy of de-anonymization by generating different representations of code that capture various aspects of the programmer’s style. a model and correctly rejected the fourth sample as none of We present a robust machine learning framework based on the previous three. entropy and correlation for dimensionality reduction, followed by random-forest classification, that allows us to effectively use We emphasize that research challenges remain before pro- disparate types of features in conjunction without overfitting. grammer de-anonymization from executable binaries is fully ready for practical use. For example, programs may be au- These innovations allow us to de-anonymize a large set thored by multiple programmers and may have gone through of real-world programmers with high accuracy. We perform encryption. We have not performed experiments that model experiments with a controlled dataset collected from Google these scenarios which require different machine learning and Code Jam (GCJ), allowing a direct comparison to previous segmentation techniques and we mainly focus on the privacy work that used samples from GCJ. The results of these implications. Nonetheless, we present a robust and principled experiments are discussed in detail in Section V. Specifically; programmer de-anonymization method with a new approach we can distinguish between thirty times as many candidate and for the first time explore various realistic scenarios. Ac- programmers (600 vs. 20) with higher accuracy, while utilizing cordingly, our effective framework raise immediate concerns less training data and much fewer stylistic features (53) per for privacy and anonymity. programmer. The accuracy of our method degrades gracefully The remainder of this paper is structured as follows. as the number of programmers increases, and we present We begin by formulating the research question investigated experiments with as many as 600 programmers. Similarly, we throughout this paper in Section II, and discuss closely related are able to tolerate scarcity of training data: our accuracy for work on de-anonymization in Section III. We proceed to de-anonymizing sets of 20 candidate programmers with just a describe our novel approach for binary authorship attribution single training sample per programmer is over 75%. based on instruction information, control flow graphs, and Third, we find that traditional binary obfuscation, enabling decompiled code in Section IV. Our experimental results are compiler optimizations, or stripping debugging symbols in described in Section V, followed by a discussion of results in executable binaries results in only a modest decrease in Section VII. Finally, we shed light on the limitations of our de-anonymization accuracy. These results, described in Sec- method in Section VIII and conclude in Section IX. tion VI, are an important step toward establishing the practical significance of the method. II. PROBLEM STATEMENT The fact that coding style survives compilation is unintu- In this work, we consider an analyst interested in deter- itive, and may leave the reader wanting a “sanity check” or an mining the author of an executable binary purely based on its explanation for why this is possible. In Section V-J, we present style. Moreover, we assume that the analyst only has access several experiments that help illuminate this mystery. First, we to executable binary samples each assigned to one of a set of show that decompiled source code is not necessarily similar candidate programmers. to the original source code in terms of the features that we use; rather, the feature vector obtained from disassembly and Depending on the context, the analyst’s goal might be decompilation can be used to predict, using machine learning, defensive or offensive in nature. For example, the analyst the features in the original source code. Even if no individual might be trying to identify a misbehaving employee that feature is well preserved, there is enough information in the violates the non-compete clause in his company by launching vector as a whole to enable this prediction. On average, the an application related to what he does at work. By contrast, the cosine similarity between the original feature vector and the re- analyst might belong to a surveillance agency in an oppressive constructed vector is over 80%. Further, we investigate factors regime who tries to unmask anonymous programmers. The that are correlated with coding style being well-preserved, and regime might have made it unlawful for its citizens to use find that more skilled programmers are more fingerprintable. certain types of programs, such as censorship-circumvention This suggests that
Load more

Recommended publications
  • Watson Daniel.Pdf (5.294Mb)
    Source Code Stylometry and Authorship Attribution for Open Source by Daniel Watson A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics in Computer Science Waterloo, Ontario, Canada, 2019 c Daniel Watson 2019 Author's Declaration I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract Public software repositories such as GitHub make transparent the development history of an open source software system. Source code commits, discussions about new features and bugs, and code reviews are stored and carefully attributed to the appropriate developers. However, sometimes governments may seek to analyze these repositories, to identify citi- zens who contribute to projects they disapprove of, such as those involving cryptography or social media. While developers who seek anonymity may contribute under assumed identi- ties, their body of public work may be characteristic enough to betray who they really are. The ability to contribute anonymously to public bodies of knowledge is extremely impor- tant to the future of technological and intellectual freedoms. Just as in security hacking, the only way to protect vulnerable individuals is by demonstrating the means and strength of available attacks so that those concerned may know of the need and develop the means to protect themselves. In this work, we present a method to de-anonymize source code contributors based on the authors' intrinsic programming style.
    [Show full text]
  • Code Hunt: Experience with Coding Contests at Scale
    Code Hunt: Experience with Coding Contests at Scale Judith Bishop R. Nigel Horspool Tao Xie Nikolai Tillmann, Microsoft Research University of Victoria University of Illinois at Jonathan de Halleux Redmond, WA, USA Victoria, BC, Canada Urbana-Champaign Microsoft Research [email protected] [email protected] IL, USA Redmond, WA, USA [email protected] nikolait, [email protected] Abstract—Mastering a complex skill like programming takes Code Hunt adds another dimension – that of puzzles. It is with many hours. In order to encourage students to put in these hours, these ideas in mind that we conceived Code Hunt, a game for we built Code Hunt, a game that enables players to program coding against the computer by solving a sequence of puzzles against the computer with clues provided as unit tests. The game of increasing complexity. Code Hunt is unique among coding has become very popular and we are now running worldwide systems and among games in that it combines the elements of contests where students have a fixed amount of time to solve a set of puzzles. This paper describes Code Hunt and the contest both to produce just what we need to get students to put in those experience it offers. We then show some early results that hours of practice to hone their programming skills. Along the demonstrate how Code Hunt can accurately discriminate between way, they also learn to understand testing, since the game is good and bad coders. The challenges of creating and selecting based on unit tests. Code Hunt has been used by over 50,000 puzzles for contests are covered.
    [Show full text]
  • Curriculum Vitae
    Curriculum Vitae Jakub Pachocki [email protected] Work experience 2016 { present Harvard School of Engineering and Applied Sciences Postdoctoral Fellow Education 2013 { 2016 Carnegie Mellon University PhD in Computer Science Thesis: Graphs and Beyond: Faster Algorithms for High Dimen- sional Convex Optimization Advisor: Gary Miller 2010 { 2013 University of Warsaw Bachelor's Degree in Computer Science Publications author names in alphabetical order • M. Cohen, Y. T. Lee, G. Miller, J. Pachocki and A. Sidford. Geometric Median in Nearly Linear Time. 48th Annual Symposium on the Theory of Computing (STOC 2016). • A. Ene, G. Miller, J. Pachocki and A. Sidford. Routing under Balance. 48th Annual Symposium on the Theory of Computing (STOC 2016). • M. Cygan, F. Fomin, A. Golovnev, A. Kulikov, I. Mihajlin, J. Pachocki and A. Soca la. Tight bounds for graph homomorphism and subgraph isomorphism. 27th Annual Symposium on Discrete Algorithms (SODA 2016). • M. Cohen, C. Musco and J. Pachocki. Online Row Sampling. 19th In- ternational Workshop on Approximation Algorithms for Combinatorial Optimization Problems (APPROX 2016). • M. Mitzenmacher, J. Pachocki, R. Peng, C. E. Tsourakakis and S. C. Xu. Scalable Large Near-Clique Detection in Large-Scale Networks via Sampling. 21th International Conference on Knowledge Discovery and Data Mining (KDD 2015). • M. Cohen, G. Miller, R. Kyng, J. Pachocki,p R. Peng, A. Rao and S. C. Xu. Solving SDD Systems in Nearly O(m log n) Time. 46th Annual Symposium on the Theory of Computing (STOC 2014). • M. Cygan, J. Pachocki, A. Socala. The Hardness of Subgraph Isomor- phism. arXiv preprint, 2015. • M. Cohen, G. Miller, J.
    [Show full text]
  • 321444 1 En Bookbackmatter 533..564
    Index 1 Abdominal aortic aneurysm, 123 10,000 Year Clock, 126 Abraham, 55, 92, 122 127.0.0.1, 100 Abrahamic religion, 53, 71, 73 Abundance, 483 2 Academy award, 80, 94 2001: A Space Odyssey, 154, 493 Academy of Philadelphia, 30 2004 Vital Progress Summit, 482 Accelerated Math, 385 2008 U.S. Presidential Election, 257 Access point, 306 2011 Egyptian revolution, 35 ACE. See artificial conversational entity 2011 State of the Union Address, 4 Acquired immune deficiency syndrome, 135, 2012 Black Hat security conference, 27 156 2012 U.S. Presidential Election, 257 Acxiom, 244 2014 Lok Sabha election, 256 Adam, 57, 121, 122 2016 Google I/O, 13, 155 Adams, Douglas, 95, 169 2016 State of the Union, 28 Adam Smith Institute, 493 2045 Initiative, 167 ADD. See Attention-Deficit Disorder 24 (TV Series), 66 Ad extension, 230 2M Companies, 118 Ad group, 219 Adiabatic quantum optimization, 170 3 Adichie, Chimamanda Ngozi, 21 3D bioprinting, 152 Adobe, 30 3M Cloud Library, 327 Adonis, 84 Adultery, 85, 89 4 Advanced Research Projects Agency Network, 401K, 57 38 42, 169 Advice to a Young Tradesman, 128 42-line Bible, 169 Adwaita, 131 AdWords campaign, 214 6 Affordable Care Act, 140 68th Street School, 358 Afghan Peace Volunteers, 22 Africa, 20 9 AGI. See Artificial General Intelligence 9/11 terrorist attacks, 69 Aging, 153 Aging disease, 118 A Aging process, 131 Aalborg University, 89 Agora (film), 65 Aaron Diamond AIDS Research Center, 135 Agriculture, 402 AbbVie, 118 Ahmad, Wasil, 66 ABC 20/20, 79 AI. See artificial intelligence © Springer Science+Business Media New York 2016 533 N.
    [Show full text]
  • Declaratively Solving Tricky Google Code Jam Problems with Prolog-Based Eclipse CLP System
    Declaratively solving tricky Google Code Jam problems with Prolog-based ECLiPSe CLP system Sergii Dymchenko Mariia Mykhailova Independent Researcher Independent Researcher [email protected] [email protected] ABSTRACT produces correct answers for all given test cases within a In this paper we demonstrate several examples of solving certain time limit (4 minutes for the \small" input and 8 challenging algorithmic problems from the Google Code Jam minutes for the \large" one). programming contest with the Prolog-based ECLiPSe sys- tem using declarative techniques: constraint logic program- GCJ competitors can use any freely available programming ming and linear (integer) programming. These problems language or system (including the ECLiPSe2 system de- were designed to be solved by inventing clever algorithms scribed in this paper). Most other competitions restrict par- and efficiently implementing them in a conventional imper- ticipants to a limited set of popular programming languages ative programming language, but we present relatively sim- (typically C++, Java, C#, Python). Many contestants par- ple declarative programs in ECLiPSe that are fast enough ticipate not only in GCJ, but also in other contests, and to find answers within the time limit imposed by the con- use the same language across all competitions. When the test rules. We claim that declarative programming with GCJ problem setters design the problems and evaluate their ECLiPSe is better suited for solving certain common kinds complexity, they keep in mind mostly this crowd of seasoned of programming problems offered in Google Code Jam than algorithmists. imperative programming. We show this by comparing the mental steps required to come up with both kinds of solu- We show that some GCJ problems that should be challeng- tions.
    [Show full text]
  • [Xtrl] Yahoo Is Shutting Down Its Groups Re
    Steve Spicer Oct 23 #1471 Re: Yahoo is shutting down its groups Thanks for keeping the dream alive from me as well, Bob. Peter K. Campbell On Tue, 22 Oct 2019 at 2:59 pm, Henk Meijerink hmeijeri2@... [xTRL] Peter K. Campbell Oct 23 #1470 Re: Yahoo is shutting down its groups The group will continue only as a bare basic mail list... Understand what's changing in Yahoo Groups Yahoo has made the decision to no longer allow users to Bob Backway Oct 21 #1469 Fw: [xTRL] Yahoo is shutting down its groups I own a few Yahoo groups and have converted some to IO. My understanding is that the Yahoo groups with continue, but all attachments and extra features such David Connor Oct 21 #1468 Re: Yahoo is shutting down its groups Ditto that, Bob. Thanks, Henk. On Tue, 22 Oct 2019 at 10:46 am, 'Vitas Anderson' vitas.anderson@... Henk Meijerink Oct 21 #1467 Re: Yahoo is shutting down its groups Facebook fine with me. Thanks for all your work Bob. Really appreciated by many. Liz Bednall Sent from Yahoo7 Mail on Android On Tue., 22 Oct. 2019 at 10:46 Liz Bednall Oct 21 #1466 Re: Yahoo is shutting down its groups Consolidating to Facebook sounds like a sensible suggestion Bob. And thank you for taking the trouble to curate this group. Best regards Vitas Anderson Mob: Vitas Anderson Oct 21 #1465 Yahoo is shutting down its groups XTRLers, Yahoo is shutting down its groups on December 14. This means this group will not exist after that date.
    [Show full text]
  • Managing a Global Workforce
    Managing a Global Workforce Managing a Global Workforce Challenges and Opportunities in International Human Resource Management Charles M. Vance Yongsun Paik M.E.Sharpe Armonk, New York London, England Copyright © 2006 by M.E. Sharpe, Inc. All rights reserved. No part of this book may be reproduced in any form without written permission from the publisher, M.E. Sharpe, Inc., 80 Business Park Drive, Armonk, New York 10504. Library of Congress Cataloging-in-Publication Data Vance, Charles M., 1952– Managing a global workforce : challenges and opportunities in international human resource management / by Charles M. Vance and Yongsun Paik. p. cm. Includes bibliographical references and index. ISBN-13 978-0-7656-1069-0 (cloth : alk. paper) ISBN-10 0-7656-1069-8 (cloth : alk. paper) 1. International business enterprises—Personnel management. 2. Personnel management. I. Paik, Yongsun, 1956– II. Title. HF5549.5.E45V46 2006 658.3—dc22 2006005775 Printed in the United States of America The paper used in this publication meets the minimum requirements of American National Standard for Information Sciences Permanence of Paper for Printed Library Materials, ANSI Z 39.48-1984. ~ BM (c)10987654321 INTRODUCTION AND OVERVIEW v To our dear wives and precious children: the global source of our support and inspiration. CONTENTS vii Contents Foreword xi Preface xiii 1. INTRODUCTION AND OVERVIEW Attracting Factory Workers in China 3 Introduction 4 Global Market Context 5 Key Perspectives in Global Workforce Management 25 Book Overview 30 Summary 31 Questions for Opening Scenario Analysis 32 Case 1.1. The United Nations of Bananas 32 Case 1.2. MNC Collaboration in Social Responsibility 34 Recommended Website Resources 35 2.
    [Show full text]
  • Arxiv:1701.02711V1 [Cs.CR] 10 Jan 2017
    On the Feasibility of Malware Authorship Attribution Saed Alrabaee, Paria Shirani, Mourad Debbabi, and Lingyu Wang Concordia University, Montreal, Canada Abstract. There are many occasions in which the security community is interested to discover the authorship of malware binaries, either for digital forensics analysis of malware corpora or for thwarting live threats of malware invasion. Such a discovery of authorship might be possible due to stylistic features inherent to software codes written by human programmers. Existing studies of authorship attribution of general pur- pose software mainly focus on source code, which is typically based on the style of programs and environment. However, those features critically depend on the availability of the program source code, which is usually not the case when dealing with malware binaries. Such program binaries often do not retain many semantic or stylistic features due to the compila- tion process. Therefore, authorship attribution in the domain of malware binaries based on features and styles that will survive the compilation process is challenging. This paper provides the state of the art in this literature. Further, we analyze the features involved in those techniques. By using a case study, we identify features that can survive the compi- lation process. Finally, we analyze existing works on binary authorship attribution and study their applicability to real malware binaries. 1 Introduction Authorship attribution comprises an important aspect of many forensic investi- gations, which is equally true in the computer world. When a malware attacks computer systems and leaves behind a malware corpus, an important question to ask is 'Who wrote this malware?'.
    [Show full text]
  • Elements of Programming Interviews in Python
    Elements of Programming Interviews in Python The Insiders’ Guide Adnan Aziz Tsung-Hsien Lee Amit Prakash This document is a sampling of our book, Elements of Programming Interviews in Python (EPI). Its purpose is to provide examples of EPI’s organization, content, style, topics, and quality. The sampler focuses solely on problems; in particular, it does not include three chapters on the nontechnical aspects of interviewing. We’d love to hear from you—we’re especially interested in your suggestions as to where the exposition can be improved, as well as any insights into interviewing trends you may have. You can buy EPI Python at Amazon.com (paperback). http://ElementsOfProgrammingInterviews.com Adnan Aziz is a Research Scientist at Facebook. Previously, he was a professor at the Department of Electrical and Computer Engineering at The University of Texas at Austin, where he conducted research and taught classes in applied algorithms. He received his Ph.D. from The University of California at Berkeley; his undergraduate degree is from Indian Institutes of Technology Kanpur. He has worked at Google, Qualcomm, IBM, and several software startups. When not designing algorithms, he plays with his children, Laila, Imran, and Omar. Tsung-Hsien Lee is a Senior Software Engineer at Uber. Previously, he worked as a Software Engineer at Google and as Software Engineer Intern at Facebook. He received both his M.S. and undergraduate degrees from National Tsing Hua University. He has a passion for designing and implementing algorithms. He likes to apply algorithms to every aspect of his life. He takes special pride in helping to organize Google Code Jam 2014 and 2015.
    [Show full text]
  • The Innovator's
    MoreMOreMORE fromfrom from QwertyQWERTY QWERTY at KAT.PH at at KAT.PH KAT.PH christensen gregersen dyer (Continued from front flap) ManageMent uS$29.95 “ Businesses worldwide have been guided and influenced by The Innovator’s Dilemma and Are you The Innovator’s Solution. Now The Innovator’s DNA shows where it all starts. This book the next gives you the fundamental building blocks for becoming more innovative and changing Jeff Dyer is the Horace the world. One of the most important books to come out this year, and one that will Steve JobS? Beesley Professor of Strategy at remain pivotal reading for years to come.” the Marriott School, Brigham —mArC benioff, Chairman and CEO, salesforce.com; author, Behind the Cloud You can be as innovative and impactful— Young University. He is widely if you can change your behaviors to improve published in strategy and your creative impact. business journals and was the “ The Innovator’s DNA is the ‘how to’ manual to innovation, and to the fresh thinking that the innov In The Innovator’s DNA, authors Jeff Dyer, fourth most cited management scholar from is the root of innovation. It has dozens of simple tricks that any person and any team Hal Gregersen, and bestselling author Clayton 1996–2006. can use today to discover the new ideas that solve the important problems. Buy it now M. Christensen (The Innovator’s Dilemma, The and read it tonight. Tomorrow you will learn more, create more, inspire more.” Innovator’s Solution) build on what we know hAl GreGerSen is a —SCott D.
    [Show full text]
  • Addendum Naac Self Study & Evaluative Reports March 2017
    DA-IICT ADDENDUM NAAC SELF STUDY & EVALUATIVE REPORTS MARCH 2017 TABLE OF CONTENTS DA-IICT --------------------------------------------------------------------------------------------------------------------------- 1 SECTION B ------------------------------------------------------------------------------------------------------------------------- 2 PROFILE OF THE UNIVERSITY ------------------------------------------------------------------------------------------------ 2 EXECUTIVE SUMMARY -------------------------------------------------------------------------------------------------------- 9 CRITERION I: CURRICULAR ASPECTS -------------------------------------------------------------------------------------- 12 CRITERION II - TEACHING-LEARNING AND EVALUATION ----------------------------------------------------------- 14 CRITERION III: RESEARCH, CONSULTANCY AND EXTENSION ------------------------------------------------------ 18 CRITERION IV - INFRASTRUCTURE AND LEARNING RESOURCES: ------------------------------------------------ 46 CRITERION V: STUDENT SUPPORT AND PROGRESSION ------------------------------------------------------------ 54 CRITERION VI: GOVERNANCE, LEADERSHIP AND MANAGEMENT ----------------------------------------------- 66 CRITERION VII: INNOVATIONS AND -------------------------------------------------------------------------------------- 67 BEST PRACTICES ---------------------------------------------------------------------------------------------------------------- 67 STATEMENT OF COMPLIANCE ----------------------------------------------------------------------------------------------
    [Show full text]
  • Thomas-LDW-2013-Phd-Thesis.Pdf
    ECOSYSTEM EMERGENCE: AN INVESTIGATION OF THE EMERGENCE PROCESSES OF SIX DIGITAL SERVICE ECOSYSTEMS Llewellyn D W Thomas Submitted to Imperial College in fulfilment of the requirements for the degree of Doctor of Philosophy. Innovation & Entrepreneurship Group Imperial College Business School South Kensington London SW7 2AZ United Kingdom 2 For Isabel, Hydra and Guillem. 3 4 DECLARATION This is to certify that: (i) The thesis comprises only my original work towards the PhD except where indicated; (ii) Due acknowledgement has been made in the text to all other material used; (iii) Due acknowledgement has been made in the text to my co-authors with whom I have worked on research manuscripts; (iv) The thesis is less than 100,000 words in length, exclusive of bibliography and appendices. I authorise the Dean of the Business School to make or have made a copy of this thesis to any person judged to have an acceptable reason for access to the information, i.e., for research, study or instruction. _________________________________________ Llewellyn D W Thomas 17th September 2013, London _________________________________________ Date, Place 5 6 ABSTRACT This thesis investigates processes of ecosystem emergence. Ecosystem research has thus far focused on understanding the structure and dynamics of already existing ecosystems. However much less attention has been devoted to the emergence of ecosystems. I first theoretically develop an institutional approach to ecosystems, arguing that the ecosystem is an organisational field which has value co-creation as its recognised area of institutional life. Synthesising the theories of dominant design, social movements, and institutional entrepreneurship, I identify four activities that drive the processes of ecosystem emergence: resource, technological, institutional and contextual activities.
    [Show full text]