DOCSLIB.ORG

Authorship Analysis: Identifying the Author of a Program1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Authorship Analysis: Identifying the Author of a Program1 Authorship Analysis: Identifying The 1 Author of a Program Ivan Krsul The COAST Pro ject Department of Computer Sciences Purdue University West Lafayette, IN 47907{1398 [email protected] May 3, 1994 Technical Rep ort CSD{TR{94{030 1 This pap er was originally written as a Master's thesis at Purdue University. Abstract In this pap er we show thatitispossibletoidentify the author of a piece of software by lo oking at stylistic characteristics of C source co de. Wealsoshow that there exist a set of characteristics within a program that are helpful in the identi cation of a programmer, and whose computation can b e automated with a reasonable cost. There are four areas that b ene t directly from the ndings we present herein: the legal community can count on empirical evidence to supp ort authorship claims, the academic communitycancount on evidence that sup- p orts authorship claims of students, industry can count on identifying the author of previously un-identi able software mo dules, and real time intru- sion detection systems can b e enhanced to include information regarding the authorship of all lo cally compiled programs. We show that it is p ossible to identify the author of a piece of software by collecting and identifying eighty-eight programs for twenty nine students, sta and faculty memb ers at Purdue University. Chapter 1 Intro duction. There are many o ccasions in whichwewould liketoidentify the source of some piece of software. For example, if after an attack to a system bysome software we are presented with a piece of the software used for the attack, we mightwant to identify the source of the software. Typical examples of 1 2 3 such software are Tro jan horses , viruses , and logic b ombs . Other typical circumstances will require that we trace the source of a program. Pro of of co de re-engineering, resolution of authorship disputes and pro of of authorship in courts are but a few of the more typical examples of such circumstances. Often, tracing the origins of the source requires that we identify the author of the program. This seems at rst an imp ossible task, and convincing arguments can b e given ab out the intractability of this problem. Consider, for example, the following short list of p otential problems with the identi cation of authors: 1. Given that millions of p eople write software, it seems unlikely that, given a piece of software, we will nd the programmer who wrote it. 2. Software evolves over time. As time passes, programmers vary their programming habits and their choice of programming languages. The 1 Tro jan horses are de ned in [GS92] as programs that app ear to have one function but actually p erform another function. 2 Viruses are de ned in [GS92] as programs that mo dify other programs in a computer, inserting copies of themselves. 3 Logic b ombs are de ned in [GS92] as hidden features in programs that go o after certain conditions are met. 1 development of new software engineering metho ds, the intro duction of formal metho ds for program veri cation, and the development of user- friendly, graphic oriented co de pro cessing systems and debuggers all contribute to making programming a highly dynamic eld. 3. Software gets reused. In recentyears, and with the developmentofob- ject oriented programming metho dologies, programmers have come to dep end on reusing large p ortions of co de; similar to the co de pro duced 4 by the GNU/Free Software Foundation ,much of it is public domain. Commerciallyavailable prototyp ers, like the Builder Xcessory by In- tegrated Computer Solutions, Inc., pro duce thousands of lines of co de that are used to develop Motif interfaces. Similar development to ols are available for hundreds of development platforms. Similar arguments could b e given for ngerprinting: Fingerprintmatching is an exp ensive pro cess and it seems unlikely that government agencies will ever b e able to classify every citizen in their lifetime. It is also unlikely that given a ngerprint, we will b e able to pick from a p o ol of several million p eople the correct p erson every time. The identi cation pro cess in computer software can b e made reliable for a subset of the programmers and programs. Programmers that are involved in high security pro jects or programmers that have b een known to break the law are attractive candidates for classi cation. 1.1 Statement of the Problem. Authorship analysis in literature has b een widely debated for hundreds of years, and a large b o dy of knowledge has b een develop ed [Dau90 ]. Author- ship analysis on computer software, however, is di erent and more dicult than in literature. Several reasons make this problem dicult. Authorship analysis in com- puter software do es not have the same stylistic characteristics as authorship analysis in literature. Furthermore, p eople reuse co de, programs are de- velop ed by teams of programmers, and programs can b e altered bycode formatters and pretty printers. 4 The Free Software Foundation is a group started byRichard Stallman to emb o dy his ideas of p ersonal freedom and how software should b e pro duced. 2 Our ob jective is to classify the programmer and to try to nd a set of characteristics that remain constant for a signi cant p ortion of the programs that this programmer might pro duce. This is analogous to attempting to nd characteristics in humans that can b e used later to identify a p erson. Eye and hair coloring, height, weight, name and voice pattern are but a few of the characteristics that weuseonaday-to-day basis to identify p ersons. It is, of course, p ossible to alter our app earance to matchthatof another p erson. Hence, more elab orate identi cation techniques like nger- printing, retinal scans and DNA prints are also available, but the cost of gathering and pro cessing this information in large quantities is prohibitively exp ensive. Similarly,wewould like to nd the set of characteristics within a program that will b e helpful in the identi cation of a corresp onding pro- grammer, and whose computation can b e automated with a reasonable cost. What makes us b elieve that identi cation of authorship in computer soft- ware is p ossible? People work within certain frameworks that rep eat them- selves. They use those things that they are more comfortable with or are accustomed to. Programmers are humans. Humans are creatures of habit, and habits tend to p ersist. That is why, for example, wehave a handwriting style that is consistent during p erio ds of our life, although the style mayvary as we grow older. Patterns of b ehavior are all around us. Likewise for programming, we can ask: which are the programming con- structs that a programmer uses all the time? These are the habits that will b e more likely entrenched, the things he consistently and constantly do es and that are likely to b ecome ingrained. 1.2 Motivation. Four basic areas can b ene t considerably by the development of solid author- ship analysis to ols: 1. For authorship disputes, the legal community is in need of solid metho d- ologies that can b e used to provide empirical evidence to showthattwo or more programs are written by the same p erson. 2. In the academic community, it is considered unethical to copy pro- gramming assignments. While plagiarism detection can show that two 3 programs are equivalent, authorship analysis can b e used to showthat some co de fragmentwas indeed written by the p erson who claims au- thorship of it. 3. In industry, where there are large software pro ducts that typically run for years, and millions of lines of co de, it is a common o ccurrence that authorship information ab out programs or program fragments is nonexistent, inaccurate or misleading. Whenever a particular program mo dule or program needs to b e rewritten, the author mayneedtobe lo cated. It would b e convenient to b e able to determine the name of the pro- grammer who wrote a particular piece of co de from a set of several hundred programmers so he can b e lo cated to assist in the upgrade pro cess. 4. Real-time intrusion detection systems could b e enhanced to include authorship information. Dorothy Denning writes in [Den87] ab out a prop osed real-time intrusion detection system: The mo del is based on the hyp othesis that exploitation of a system's vulnerabilities involves abnormal use of the system; therefore, security violations could b e detected from abnor- mal patterns of system usage. Obviously, a programmer signature constructed from the identifying characteristics of programs constitutes such a pattern. For example, consider the student who retrieves a copyofapassword cracking pro- gram and compiles it in his university account. Once the compiler collects the identifying features of the program, the op erating system could immediately recognize the compiling of this program as an ab- normal event. Of course we realize that it is theoretically p ossible for a programmer to fo ol or bypass the system by altering his programming metho ds. The change would have to b e gradual, subtle and ingenious for the system not to record the change. However, we exp ect that mo difying a user's pro le to meet the characteristics of a sp eci c program (a password 4 cracking program, for example) will b e a dicult and time consuming pro cess.
Load more

Recommended publications
  • "This Book Was a Joy to Read. It Covered All Sorts of Techniques for Debugging, Including 'Defensive' Paradigms That Will Eliminate Bugs in the First Place
    Perl Debugged By Peter Scott, Ed Wright Publisher : Addison Wesley Pub Date : March 01, 2001 ISBN : 0-201-70054-9 Table of • Pages : 288 Contents "This book was a joy to read. It covered all sorts of techniques for debugging, including 'defensive' paradigms that will eliminate bugs in the first place. As coach of the USA Programming Team, I find the most difficult thing to teach is debugging. This is the first text I've even heard of that attacks the problem. It does a fine job. Please encourage these guys to write more." -Rob Kolstad Perl Debugged provides the expertise and solutions developers require for coding better, faster, and more reliably in Perl. Focusing on debugging, the most vexing aspect of programming in Perl, this example-rich reference and how-to guide minimizes development, troubleshooting, and maintenance time resulting in the creation of elegant and error-free Perl code. Designed for the novice to intermediate software developer, Perl Debugged will save the programmer time and frustration in debugging Perl programs. Based on the authors' extensive experience with the language, this book guides developers through the entire programming process, tackling the benefits, plights, and pitfalls of Perl programming. Beginning with a guided tour of the Perl documentation, the book progresses to debugging, testing, and performance issues, and also devotes a chapter to CGI programming in Perl. Throughout the book, the authors espouse defensible paradigms for improving the accuracy and performance of Perl code. In addition, Perl Debugged includes Scott and Wright's "Perls of Wisdom" which summarize key ideas from each of the chapters, and an appendix containing a comprehensive listing of Perl debugger commands.
    [Show full text]
  • A Style Guide
    How to Program Racket: a Style Guide Version 6.11 Matthias Felleisen, Matthew Flatt, Robby Findler, Jay McCarthy October 30, 2017 Since 1995 the number of “repository contributors” has grown from a small handful to three dozen and more. This growth implies a lot of learning and the introduction of inconsistencies of programming styles. This document is an attempt leverage the former and to start reducing the latter. Doing so will help us, the developers, and our users, who use the open source code in our repository as an implicit guide to Racket programming. To help manage the growth our code and showcase good Racket style, we need guidelines that shape the contributions to the code base. These guidelines should achieve some level of consistency across the different portions of the code base so that everyone who opens files can easily find their way around. This document spells out the guidelines. They cover a range of topics, from basic work (commit) habits to small syntactic ideas like indentation and naming. Many pieces of the code base don’t live up to the guidelines yet. Here is how we get started. When you start a new file, stick to the guidelines. If you need to edit a file, you will need to spend some time understanding its workings. If doing so takes quite a while due to inconsistencies with the guidelines, please take the time to fix (portions of) the file. After all, if the inconsistencies throw you off for that much time, others are likely to have the same problems.
    [Show full text]
  • Coding Style Guidelines
    Coding Style Guidelines Coding Style Guidelines Introduction This document was created to provide Xilinx users with a guideline for producing fast, reliable, and reusable HDL code. Table of Contents Top-Down Design ⎯ Section 1 ................................................................13-4 Behavioral and Structural Code...................................................................13-4 Declarations, Instantiations, and Mappings.................................................13-5 Comments ...................................................................................................13-6 Indentation...................................................................................................13-9 Naming Conventions ...................................................................................13-10 Signals and Variables ⎯ Section 2..........................................................13-13 Signals.........................................................................................................13-13 Casting.........................................................................................................13-13 Inverted Signals...........................................................................................13-13 Rule for Signals ...........................................................................................13-14 Rules for Variables and Variable Use .........................................................13-15 Packages ⎯ Section 3 ..............................................................................13-17
    [Show full text]
  • Coding Style
    Coding Style by G.A. (For internal Use Only. Do not distribute) April 23, 2018 1 Organizational 1.1 Codes and Automation Codes to which these rules apply are the following. DMRG++, PsimagLite, Lanczos++, FreeFermions, GpusDoneRight, SPFv7, and MPS++. The script indentStrict.pl can be used to automate the application of these rules, as shown in Listing1, where the option -fix will fix most problems in place. Listing 1: Use of the indentStrict.pl script. PsimagLite/scripts/indentStrict.pl -file file.h [-fix] 1.2 Indentation Indent using “hard” tabs and Kernighan and Ritchie indentation. This is the indentation style used by the Linux Kernel. Note that the tab character is octal 011, decimal 9, hex. 09, or “nt” (horizontal tab). You can represent tabs with any number of spaces you want. Regardless, a tab is saved to disk as a single character: hex. 09, and *not* as 8 spaces. When a statement or other line of code is too long and follows on a separate line, do not add an indentation level with tab(s), but use spaces for aligment. For an example see Listing2, where tabs (indentation levels) are indicated by arrows. Listing 2: Proper use of continuation lines. class␣A␣{ −−−−−−−!void␣thisIsAVeryVeryLongFunction(const␣VeryVeryLongType&␣x, −−−−−−−!␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣␣const␣VeryVeryLongType&␣y) −−−−−−−!{ −−−−−−−→−−−−−−−!//␣code␣here −−−−−−−!} I repeat the same thing more formally now: Indent following the Linux coding style, with exceptions due to the Linux style applying to C, but here we’re talking about code written in C++. 1. Classes are indented like this: 1 1.2 Indentation class A { }; That is, they are indented as for loops and not as functions.
    [Show full text]
  • The Pascal Programming Language
    The Pascal Programming Language http://pascal-central.com/ppl/chapter2.html The Pascal Programming Language Bill Catambay, Pascal Developer Chapter 2 The Pascal Programming Language by Bill Catambay Return to Table of Contents II. The Pascal Architecture Pascal is a strongly typed, block structured programming language. The "type" of a Pascal variable consists of its semantic nature and its range of values, and can be expressed by a type name, an explicit value range, or a combination thereof. The range of values for a type is defined by the language itself for built-in types, or by the programmer for programmer defined types. Programmer-defined types are unique data types defined within the Pascal TYPE declaration section, and can consist of enumerated types, arrays, records, pointers, sets, and more, as well as combinations thereof. When variables are declared as one type, the compiler can assume that the variable will be used as that type throughout the life of the variable (whether it is global to the program, or local to a function or procedure). This consistent usage of variables makes the code easier to maintain. The compiler detects type inconsistency errors at compile time, catching many errors and reducing the need to run the code through a debugger. Additionally, it allows an optimizer to make assumptions during compilation, thereby providing more efficient executables. As John Reagan, the architect of Compaq Pascal, writes, "it was easy to write Pascal programs that would generate better code than their C equivalents" because the compiler was able to optimize based on the strict typing.
    [Show full text]
  • Application Note C/C++ Coding Standard
    Application Note C/C++ Coding Standard Document Revision J April 2013 Copyright © Quantum Leaps, LLC www.quantum-leaps.com www.state-machine.com Table of Contents 1 Goals..................................................................................................................................................................... 1 2 General Rules....................................................................................................................................................... 1 3 C/C++ Layout........................................................................................................................................................ 2 3.1 Expressions................................................................................................................................................... 2 3.2 Indentation..................................................................................................................................................... 3 3.2.1 The if Statement.................................................................................................................................. 4 3.2.2 The for Statement............................................................................................................................... 4 3.2.3 The while Statement........................................................................................................................... 4 3.2.4 The do..while Statement.....................................................................................................................5
    [Show full text]
  • TT284 Web Technologies Block 2 Web Architecture an Introduction to Javascript
    TT284 Web technologies Block 2 Web Architecture An Introduction to JavaScript Prepared for the module team by Andres Baravalle, Doug Briggs, Michelle Hoyle and Neil Simpkins Introduction 3 Starting with JavaScript “Hello World” 3 Inserting JavaScript into Web Pages 3 Editing tools 4 Browser tools 5 Lexical structure of JavaScript 5 Semicolons 6 Whitespace 6 Case sensitivity 6 Comments 7 Literals 8 Variables and data types 8 Variables as space for data 9 Declaring variables and storing values 10 Expressions 11 Operators 11 Assignment operators 11 Arithmetic operators 12 Comparison operators 12 Logical operators 12 String operators 13 Operator precedence 14 Operators and type conversions 15 Debugging JavaScript 16 Statements 17 Copyright © 2012 The Open University TT284 Web technologies Conditional statements 18 Loop statements 19 Arrays 20 Working with arrays 21 Objects 22 Functions 23 Writing functions 24 Variable scope 25 Constructors 26 Methods 27 Coding guidelines 28 Why do we have coding guidelines? 28 Indentation style and layout 28 ‘Optional’ semicolons and ‘var’s 29 Consistent and mnemonic naming 29 Make appropriate comments 30 Reusable code 30 Other sources of information 31 Web resources 31 TT284 Block 2 An Introduction to JavaScript | 2 TT284 Web technologies Introduction This guide is intended as an aid for anyone unfamiliar with basic JavaScript programming. This guide doesn’t include information beyond that required to complete TT284 (there is very little on object orientated coding for example). To use this guide you must be fully familiar with HTML and use of a web browser. For many TT284 students this guide will be unnecessary or will serve perhaps as a refresher on programming after completing a module such as TU100, perhaps some time ago.
    [Show full text]
  • Library of Congress Cataloging-In-Publication Data
    Library of Congress Cataloging-in-Publication Data Carrano, Frank M. 39 Data abstraction and problem solving with C++: walls and mirrors / Frank M. Carrano, Janet J. Prichard.—3rd ed. p. cm. ISBN 0-201-74119-9 (alk. paper) 1. C++ (Computer program language) 2. Abstract data types. 3. Problem solving—Data Processing. I. Prichard, Janet J. II. Title. QA76.73.C153 C38 2001 005.7'3—dc21 2001027940 CIP Copyright © 2002 by Pearson Education, Inc. Readability. For a program to be easy to follow, it should have a good structure and design, a good choice of identifiers, good indentation and use of blank lines, and good documentation. You should avoid clever programming tricks that save a little computer time at the expense of much human time. You will see examples of these points in programs throughout the book. Choose identifiers that describe their purpose, that is, are self- documenting. Distinguish between keywords, such as int, and user- defined identifiers. This book uses the following conventions: • Keywords are lowercase and appear in boldface. Identifier style • Names of standard functions are lowercase. • User-defined identifiers use both upper- and lowercase letters, as follows: • Class names are nouns, with each word in the identifier capi- talized. • Function names within a class are verbs, with the first letter lowercase and subsequent internal words capitalized. • Variables begin with a lowercase letter, with subsequent words in the identifier capitalized. • Data types declared in a typedef statement and names of structures and enumerations each begin with an uppercase letter. • Named constants and enumerators are entirely uppercase and use underscores to separate words.
    [Show full text]
  • A Brief Emacs Walkthrough
    Lab Handout: Debugging A Brief Emacs Walkthrough Handout 0. Objectives & Topics This document is designed to give an overview of some of the more advanced features of Emacs, including: 1. A review of basic commands (save, close, open, etc.) 2. Movement commands 3. Handy Tools 4. Configuration Files A thorough understanding of the commands in this walkthrough should allow you to create, compile, and run your programs without ever needing to close Emacs. This is by no means a comprehensive look at Emacs, but it should be enough to get you started with some of the more advanced features of the program. For more information, checkout the online Emacs manual: http://www.gnu.org/software/emacs/manual/. 1. The Basics Autocompleting Commands Before you start reading anything else, there’s one tangentially related tip that’s incredibly useful for navigating both UNIX and Emacs: tab completion. Tab completion is just a fancy name for auto completing prompts by typing in a partial name, hitting tab, and letting the computer do the rest of the work for you. For example, if there were three folders in the current directory named “HelloWorld.c”, “HelloWorld.h”, and “SomeFolder”, then you could type ‘cd So’ and hit tab. This would fill in the rest of the command for you since there’s only one possible folder that begins with ‘So’. Now consider typing “emacs He” and hitting tab. This will autocomplete the file name until it’s ambiguous. That is, because there are two files that start with “He”, UNIX will fill in as much of the prompt as it can (“emacs HelloWorld.”) leaving you to type either “c” or “h” to complete the name the rest of the way.
    [Show full text]
  • Programming Domains Programming Domains (2)
    Topics • Big Picture Programming Languages • Where Scheme, C, C++, Java fit in History • Fortran • Algol 60 CSE 413, Autumn 2007 11-02-2007 Donald Knuth: » Programming is the art of telling another human being what one wants the computer to do. 1 2 Programming Domains Programming Domains (2) • Scientific Applications: • Parallel Programming: » Using The Computer As A Large Calculator » Parallel And Distributed Systems » FORTRAN, Mathematica » Ada, CSP, Modula • Artificial Intelligence: • Business Applications: » uses symbolic rather than numeric computations » Data Processing And Business Procedures » lists as main data structure, flexibility (code = data) » COBOL, Some PL/I, Spreadsheets » Lisp 1959, Prolog 1970s • Systems Programming: • Scripting Languages: » Building Operating Systems And Utilities » A list of commands to be executed » C, C++ » UNIX shell programming, awk, tcl, perl 3 4 Programming Domains (3) C History • Education: • Developed in early 1970s » Languages Designed Just To Facilitate Teaching • Purpose: implementing the Unix operating » Pascal, BASIC, Logo system • The C Programming Language, aka `K&R‘, for its authors Brian Kernighan & Dennis Ritchie, is canonical reference (1978) • Evolution: ANSI, C99 5 6 1 Lisp & Scheme History Lisp: • McCarthy (1958/1960) for symbolic processing • Based on Chruch’s Lambda Calculus • 2 main Dialects: Scheme & Common Lisp • Aside: Assembly language macros for the IBM 704 : car (Contents of Address Register) and cdr (Contents of Decrement Register) Scheme: • Developed by Guy Steele and Gerald Sussman in the 1970s • Smaller & cleaner than Lisp • Static scoping, tail recursion implemented efficiently 7 8 Before High Level Languages • Early computers (40’s) programmed directly using numeric codes Fortran • Then move to assembly language (requires an assembler) • Assembly language – slightly more friendly version of machine code.
    [Show full text]
  • Princeton University COS 217: Introduction to Programming Systems Emacs Tutorial and Reference
    Princeton University COS 217: Introduction to Programming Systems Emacs Tutorial and Reference Part 1: Tutorial This tutorial describes how to use a minimal subset of the emacs editor. See the emacs reference in Part 2 of this document for more information. Also see the GNU Emacs Tutorial document at http://www.gnu.org/software/emacs/tour. Throughout the tutorial text in boldface indicates hands-on activities. The tutorial assumes that you've copied the file /u/cos217/.emacs to your home directory, as described in the A Minimal COS 217 Computing Environment handout from our first precept. It also assumes that you've copied files named hello.c, circle.c, and testintmath.c into your working directory. (Those files contain C programs that we'll describe in upcoming precepts.) Those files are available in the directory /u/cos217/emacstestfiles. You can issue this command to copy them to your working directory: cp /u/cos217/emacstestfiles/* . Background The emacs editor was created in the mid 1970s by Richard Stallman. Originally it was a set of "editing macros" for an editor that now is extinct. The emacs editor is popular, for a few reasons. It is: • Free. It's a component of the GNU tool set from the Free Software Foundation. • Highly customizable. Emacs is written in the LISP programming language, and is easy to customize via that language. • Integrated with other GNU software. In particular, emacs is integrated with the Bash history mechanism. Essentially you can think of the Bash history list as a "file"; you can use Emacs commands to scroll through and edit that file, and thereby easily reissue previous commands or variants thereof.
    [Show full text]
  • Code Style Guide
    CS 105 & CS106 Introduction to Computer Programming 1 & 2 Code Style Guide Last revised: September 30, 2019 Introduction The code you submit for labs and assignments is made more readable by paying attention to style. This includes using semicolons, declaring variables, whitespace, placement of comments, and choice of variable and function names. None of these affect the way the program executes, but they do affect the readability of your code. Just like English, computer code is a language. The main goal of all languages is to facilitate communication. When writing code, you are not only communicating with a computer, but also with yourself (often your “future” self) and other people reading your code. In industry, those other people are typically other programmers. In this course, those other people will be your instructor and your TAs who are leading labs and marking your work. This is why it is important to consider the needs of human readers and present code in a way that most clearly communicates what the program does. This is just like how we use indentations, commas, and periods to signify the start of a new paragraph, a pause in a sentence, or the end of a sentence. Here is an example of the last two paragraphs without any common English language style rules (capital letters, commas, periods, breaks for paragraphs, etc.). Try reading it: just like english computer code is a language the main goal of all languages is to facilitate communication when writing code you are not only communicating with a computer but also with yourself
    [Show full text]