Global Sources
EE Times-India
EE Times-India > EDA/IP

Using software forensics to protect embedded systems

Posted: 23 Aug 2011     Print Version  Bookmark and Share

Keywords:software  forensic  Digital forensics 

In copyright and trade secret cases, software source code may have been copied but, because of the normal development process or through attempts to hide the copying, may end up looking very different. Digital forensic processes will not find functionally similar programs; software forensic processes will. Digital forensic processes will not find code that has been significantly modified; software forensic processes will.

Testifying requirements
In recent years I have been frequently disturbed by the poor job done by some experts on the opposing side of cases I have worked on. Sometimes the experts do not seem to have spent enough time on the analysis, most certainly because of some cost constraints of their client. Other times the experts do not actually have the qualifications to perform the analysis.

For example, I have been across from experts who use hashing to "determine" that a file was not copied because the files have different hashes. If you are familiar with hashes, changing even a single space inside a source code file will result in a completely different hash. While hashing is a great way to find exact copies, it cannot be used to make any statement about copyright infringement.

Most disturbing is when an expert makes a statement that is unquestionably false and the only reason it could be made is that the expert is knowingly lying to support the client. In one case an expert justified scrubbing all data from all company disks (overwriting the data so that it could not be retrieved), the weekend after a subpoena was received to turn over all computer hard drives, as a normal, regular procedure at the company.

Another time an experienced programmer—the author of several programming textbooks—claimed that she could determine that trade secrets were implemented in certain source code files simply by looking at the file paths and file names. Yet another time a very experienced expert, after hours at deposition trying to explain a concept that was simply and obviously wrong, finally admitted that the lawyers had written his expert report for him.

Although I was often successful, working with the attorneys for my client, in discrediting the results of the opposing expert, there were times when the judge simply did not understand the issues well enough to differentiate the other expert's opinions from mine.

Is there a way to ensure that experts actually know the areas about which they opine and a way to encourage them to give honest testimony and strongly -discourage them from giving false testimony?

Following are a few ideas about this, though each one carries with it potential problems. Perhaps not all of these ideas can definitely be implemented, but if some or all of them were adopted in the current legal system, we might have just results a higher percentage of the time. And applying these ideas to criminal cases might be a good idea, where an expert's opinion can be the difference between life and death for a person accused of a crime.

Certain states require that experts be certified in a field of engineering before being allowed to testify about that field in court. My understanding is that few states require certification, and it is rare in those states that an expert is actually disqualified from testifying because of lack of certification.

Perhaps if certification were required, there would be fewer "experts" who are simply looking for ways to do extra work on the side. Similarly, it might be more difficult for attorneys to find "experts" who support their case only because they are not sophisticated enough to understand the technical issues in depth.

One important question would be who runs the certification program? There would certainly be some competition and fighting among organisations to implement the certification. Organisations definitely exist, such as the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE), that could set certification standards for computer scientists and electrical engineers respectively.

Other engineering groups could set standards for their own engineers. Perhaps the American Bar Association (ABA) or the American Intellectual Property Law Association (AIPLA) as well as state and central government offices could also be involved.

A very important consideration would be under what circumstances certification could be revoked. There would have to be a hierarchy of actions and ramifications ranging from fines to revocation. In reality, many penalties short of revocation would almost certainly result in the end of an expert's career. Few attorneys would want to put an expert on the stand who had a record of having been found to be unqualified or dishonest. Also, would any behaviours lead to criminal charges against the expert? Perhaps unethical behaviour in a criminal trial should carry stronger punishment, including criminal charges, than similar behaviour in a civil trial.

There should be a no-tolerance policy for dishonest, unethical, or illegal behaviour by an expert. At a recent conference on digital forensics, a professor gave an example of a student who cheated on a test.

The professor discovered the cheating and confronted the student. The student was sufficiently remorseful, according to the teacher (in my experience most criminals are remorseful once they are caught), and so the professor gave the student a second chance. This was simply a wrong decision.

Remember that digital forensics is the study of sophisticated ways to hack into systems, so this professor could very well be training a criminal. Unfortunately, only about half of the faculty members at the conference agreed with me, and not all of the colleges had official policies regarding cheating. For sure, all forensics education programs must have zero-tolerance policies, in writing, and any certification program must, too.

 First Page Previous Page 1 • 2 • 3 • 4 • 5 Next Page Last Page

Comment on "Using software forensics to protect ..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top