ABSTRACT: This Paper Mainly Reviews About the Legal Aspects Of
Total Page:16
File Type:pdf, Size:1020Kb
ABSTRACT: This paper mainly reviews about the legal aspects of reverse engineering while taking into consideration of its definitions and types of reverse engineering. It mainly concentrates on legal aspects of patent, copyright issues of reverse engineering like design copyrights and also discuss the laws according to some countries. While taking into consideration of its definition and types of reverse engineering and the tools used. DEFENITION OF REVERSE ENGINEERING: The process of systematically taking apart a chip or application program to discover how it works, with the aim of imitating or duplicating some or all of its functions. For example removing the body parts of a car to understand the mechanism of the car and refitting it. Or making another car that doesn’t resemble the model without copying anything from the original. Reverse engineering, as the name implies, in other words, the attempt to recapture the top level specification by analysing the product - "attempt" because it is not possible in practice, or even in theory, to recover everything in the original specification purely by studying the product. Reverse engineering is difficult and time consuming, but it is getting easier all the time thanks to IT, for two reasons: Firstly, as engineering techniques themselves become more computerised, more of the design is due to the computer. Thus, recognisable blocks of code, or groups of circuit elements on a substrate, often occur in many different designs produced by the same computer program. These are easier to recognise and interpret than a customised product would be. Secondly, artificial intelligence techniques for pattern recognition, and for parsing and interpretation, have advanced to the point where these and other structures within a product can be recognised automatically. However, whilst it is often possible to automate the generation of a higher level structural description of a product, recognising what it is doing is difficult and still requires human skills, and it may simply not be possible to recapture some parts of original specification to which the product was made by studying the product. Since reverse engineering still needs human input, at some stage the reverse engineering process needs to produce a complete system description of the product, to allow a human to work out how the product functions; it is only after this human analysis that the product can be split into its component parts. Thus, reverse engineering generally consists of the following stages: 1. Analysis of the product 2. Generation of an intermediate level product description 3. Human analysis of the product description to produce a specification 4. Generation of a new product using the specification. There is thus a chain of events between the underlying design specification and any intermediate level design documents lying behind the product, through the product itself, through the reverse engineered product description, through the reverse engineered specification, and into the new product itself. This raises at least the risk of infringement of copyright or similar design or chip protection rights. If the same person both reverse engineers the old product and designs the new product, and there are similarities, it is hard to avoid an assumption that some copying has taken place, and so reverse engineering "best practice" involves breaking the chain, so far as possible, at the specification stage. The specification is made as abstract and functional as possible by the reverse engineers, and is then handed over to a "clean room" design team who have no other contact with the old product, or the team who analysed it, and who will then design the new product using as little low-level information as possible from the old product. FIG 1: REVERSE ENGINEERING PROCEDURE (STEPS) WHO, WHAT AND WHY: USERS One group of reverse engineers are users of old products, who want to maintain them, but find that the original supplier may no longer exist, or may have dropped support for the product (1). Most users will want a subcontractor to re-engineer the software, rather than doing so themselves. To maintain an old product, it will often be necessary to understand how it works. Recently, the "Year 2000" problem has stimulated interest in maintaining old software. Reverse engineering may be needed if an old product is to work alongside, or within a new system. There is also a desire, amongst some software users, to re-engineer old software, to make it more modular, re-useable, accessible or reliable. COMPETITORS Genuine competitors may wish to use reverse engineering techniques, for one of two reasons: Firstly, they may wish to produce a product which operates with the product to be analysed (but does not compete with it), or Secondly, they may wish to produce a product which competes with the product to be analysed. Examples of interoperable products are applications which need to interoperate with operating systems; software controlled exchanges which need to operate with others; and programs which are locked by hardware "dongles". PIRATES Finally, pirates may occasionally use reverse engineering techniques. Pirates do not usually need to understand how a product works merely to copy it, but occasionally a product may include security features which the pirate needs to defeat. TYPES OF REVERSE ENGINEERING: 1. SOFTWARE REVERSE ENGINEERING. The essence of software re-engineering is to improve or transform existing software so that it can be understand, controlled, and used anew. The need for software re-engineering has increased greatly, as heritage software systems have become obsolescent in terms of their architecture, the platforms on which they run, and their suitability and stability to support evolution to support changing needs. Software re-engineering is important for recovering and reusing existing software assets, putting high software maintenance costs under control, and establishing a base for future software evolution. The growth in cost and importance of software to NASA, and the aging of many of the Agency's important software systems, has necessitated software reengineering efforts . FIG 2. GENERAL MODEL FOR REVERSE ENGINEERING 2. HARDWARE REVERSE ENGINEERING. Hardware reverse engineering involves taking apart a device to see how it works. For example, if a processor manufacturer wants to see how a competitor's processor works, they can purchase a competitor's processor, disassemble it, and then make a processor similar to it. However, this process is illegal in many countries. In general, hardware reverse engineering requires a great deal of expertise and is quite expensive. HARDWARE REVERSE ENGINEERING TECHNIQUES: ENGINEERING COMPONENTS Techniques now exist for visually scanning mechanical parts and generating CAD models from them, using machine vision technology; for example, the REFAB (Reverse Engineering - Feature Based) tool available from the Department of Computer Science of the University of Utah (2) and ARL's site. In REFAB, a laser digitiser is used to the scan the part, and the analysis software then analyses the shape of the part, using features which are based on typical machining operations, to generate a computerised manufacturing description which can be displayed, used to copy the product, or produce new products using the design. PRINTED CIRCUIT BOARDS (PCBS) Computer vision has been widely used to scan PCBs for quality control and inspection purposes, and based on this, there are a number of machine vision for analysing and reverse engineering PCBs (3). Several firms on the Internet offer a service of scanning a PCB and supplying a corresponding netlist. INTEGRATED CIRCUIT (IC) COMPONENTS This is much harder work, since everything is on a much smaller scale. The first step is to get through the encapsulating material into the product itself, by chemical etching or grinding. This can be tough in itself, since some manufacturers include hard particles such as carborundum or sapphire in the encapsulating the resin, so that mechanical grinding also destroys the chip. Once at the chip surface, each layer of components is photographed, then ground away to reveal the layer below. This process reveals the structure of the chip. Again, the process can be made more difficult, for example by providing some of the components vertically across several layers. Although these processes can reveal the structure of the chip, they do not indicate the voltages at each point. However, if the chip is undamaged, voltage contrast electron microscopy can be used to scan the chip in use, and watch the voltage level change over time. These processes are generally referred to as "stripping" or "peeling" the chip. Having stripped the chip, it can then be analysed using pattern recognition software and human inspection to get to a netlist and then a circuit diagram. Several firms on the Internet offer a service of scanning standard cell or gate to automatically generate a netlist (i.e. a low level circuit description which can be used to generate a new integrated circuit) REVERSE ENGINEERING TOOLS(HOUGLAND, MCGRAW 2003) : 1. DEBUGGER: A debugger is a software program that attaches to and controls other software programs. A debugger allows single stepping of code, debug tracing, setting breakpoints, and viewing variables and memory state in the target program as it executes in a stepwise fashion. Debuggers are invaluable in determining logical program flow. Debuggers fall into two categories: user-mode and kernel-mode debuggers. User-mode debuggers run like normal programs under the OS and are subject to the same rules as normal programs. Thus, user-mode debuggers can only debug other user-level processes. A kernel-mode debugger is part of the OS And can debug device drivers and even the OS itself. 2. FAULT INJECTION TOOLS: Tools that can supply malformed or improperly formatted input to a target software process to cause failures are one class of fault injection tool. Program failures can be analyzed to determine whether errors exist in the target software.