worley@compass.com (Dale Worley) (05/16/89)
It seems to me that this would not be workable, because the "trusted"
compiler not only contains the decryption key, but of necessity
contains a decryption algorithm! Since one can create a totally
virtualized environment to run the compiler in (by writing a machine
language interpreter if necessary), one only needs to find where the
decrypter feeds characters to the lexer, and monitor the transfer of
data. It would run slowly, but that wouldn't be a problem, and if
extracting source code were profitable, you could easily hire a few
hackers to figure out how to cut into the compiler's operations.
The most interesting ANDF-type work I've seen is the concept of
"shrouded source code", that is, compilable source that has been
deliberately uglified by removing comments, renaming variables, etc.
Since in most cases the value of the software is not in the algorithms
(how many compilers contain *ideas* not already published?) but in the
code that implements them, shrouding makes it very hard to steal the
code for commercial use, since the stolen code is unmaintainable.
This ties in with the facts that (1) copyright is sufficient
protection for most software, and (2) maintanance is the bulk of the
development expense of any software system.
A more extreme form of the shrouded source code idea (which I have not
seen in practice) would be to write the software in a relatively high
level language (Ada, Lisp, and Algol come to mind) and have it be
translated into C. Only the original developer would have the
efficiency of working in the higher level language, even if the C were
comprehensible.
--
Dale Worley, Compass, Inc. worley@compass.com
--
Send compilers articles to compilers@ima.isc.com or, perhaps, Levine@YALE.EDU
Plausible paths are { decvax | harvard | yale | bbn}!ima
Please send responses to the originator of the message -- I cannot forward
mail accidentally sent back to compilers. Meta-mail to ima!compilers-requestamos@nsc.com (Amos Shapir) (05/20/89)
In article <3935@ima.ima.isc.com> you write: >A more extreme form of the shrouded source code idea (which I have not >seen in practice) would be to write the software in a relatively high >level language (Ada, Lisp, and Algol come to mind) and have it be >translated into C. Only the original developer would have the >efficiency of working in the higher level language, even if the C were >comprehensible. I have heard an urban legend that before the days of ADA, any project for the DoD should have been provided with source code in either FORTRAN or assembler; contractors used to program in PASCAL or another HLL, use the compiler to generated assembly code, and deliver that to the DoD. -- Amos Shapir amos@nsc.com National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322 34 48 E / 32 10 N (My other cpu is a NS32532) -- Send compilers articles to compilers@ima.isc.com or, perhaps, Levine@YALE.EDU Plausible paths are { decvax | harvard | yale | bbn}!ima Please send responses to the originator of the message -- I cannot forward mail accidentally sent back to compilers. Meta-mail to ima!compilers-request