How to protect OpenCL code from stealing?

Question 1

It really depends on how determined an attacker you need to guard against. Generally any sufficiently determined attacker can reverse engineer your code if they have access to the compiled code, but it may not be worth the effort.

It might be a performance hit, but you could do things like have the binary image use some self-extracting encryption at runtime, like communicating with a licence server and only decrypting the rest of the code if a licence is valid. That can suffer from man-in-the-middle or replay attacks, etc (especially if the underlying hardware can be virtualized), unless you specifically guard against that too. Presumably you don't have cooperation of the hardware in keeping your code secure, but do you need to consider runtime vulnerability, or just in storage?

Chances are compilation is sufficient protection against casual IP theft; obfuscation is a slightly higher bar, then options get progressively more expensive to implement.

Question 2

Use a dynamic compilation method that authorizes using facebook account that has the original opencl string so youd known who stole it at least. Maybe even using an encryption of your own to mix the string into a meaningless clobbered char array.

Question 3

You can never protect against decompilation.

Question 4

Today, you can compile and ship binaries, but the format is different for each platform, and perhaps even devices within that platform, so you'd be shipping a lot of binaries.

In the future, you can use SPIR. It's nascent today but will be your solution in the future.

Question 5

If your app already has some protection (ofuscation, etc..) then as long as the OpenCL code is a static string inside your app it will be protected. However, clever attacker may be able to get it out as well.

The best way is to precompile and distribute the kernel binaries, but that will be tedious task, and it may be reversed by an attacker as well.