Upload
daniela-booth
View
212
Download
0
Embed Size (px)
Citation preview
Back to the Basics
The Ethical Aspect of Reverse Engineering
What Is Reverse Engineering?
What Is Reverse Engineering?
“The process of analyzing a system's code, documentation, and behavior to identify its current components and their dependencies to extract and create system abstractions and design information. The subject system is not altered; however, additional knowledge about the system is produced.”
–Software Technology Review, http://www.sei.cmu.edu/str/indexes/glossary/reverse-engineering.html 2/26/00
Why Reverse Engineering? Produce compatible product Produce competing product Academic use Hacking/cracking
Why Reverse Engineering?
Specifically: Discern specifications Ensure compatibility Understand program operation Understand solutions to programming
problems Understand concepts
What’s Wrong With Reverse Engineering? Copyright violation
Temporary copies of code in RAM Copying portions of code (BIOS,
ROMs) Copying “non-literal” elements (look
and feel) Both literal and non-literal parts of
software protected by law
What’s Wrong With Reverse Engineering? Patent infringement
Intermediate copies may violate patents
Hacking/cracking Exploit security holes Disable copy-protection Modification and redistribution of
copyrighted material
Ethical Considerations Consider purpose of reverse
engineering Fair use vs. Unethical/criminal use Healthy competition vs. Monopoly
US Law Digital Millennium Copyright Act
Circumventing anti-piracy controls is illegal
Hardware and software for unauthorized duplication is illegal
Cracking is legal for assessing product security and compatibility
Cracking is legal for academic use
Specific Cases AOL vs. Microsoft: the instant
messenger wars Microsoft reverse-engineered AOL
Instant Messenger to provide compatibility
AOL repeatedly changed protocols In similar incident, AOL reportedly
asked Prodigy to license IM protocol Did either company act ethically?
Specific Cases Sony vs. Connectix
Playstation emulator for Macintosh Sony claimed copyright infringement,
damage to Playstation name Initial injunction against Connectix
recently overturned Is Connectix capitalizing on
Playstation name?
The “Newspaper Test” Texas Instruments’ solution: the
Ethics Quick Test Is the action legal? Does it comply with our values? If you do it, will you feel bad? How will it look in the newspaper?
http://www.onlineethics.org/text/corp/bench.html 2/27/00
TI’s stance“Reverse engineering is a very common, accepted, and expected practice in our business world today. When we put a product on the market, we assume that it will be reverse engineered by competitors and others. Once it is on the market, there are few secrets left…perhaps some in our manufacturing process. That is one reason we so vigorously defend infringements on our patents. But this philosophy allows reverse engineering to pass the last three quick tests”
http://www.onlineethics.org/text/corp/bench.html 2/27/00
Summary Reverse engineering can be used
for ethical and non-ethical purposes
Use newspaper test to evaluate Laws protect against improper use