research-article

Software Watermarking using Return-Oriented Programming

Authors:

Debin GaoAuthors Info & Claims

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Pages 369 - 380

https://doi.org/10.1145/2714576.2714582

Published: 14 April 2015 Publication History

Get Access

Abstract

We propose a novel dynamic software watermarking design based on Return-Oriented Programming (ROP). Our design formats watermarking code into well-crafted data arrangements that look like normal data but could be triggered to execute. Once triggered, the pre-constructed ROP execution will recover the hidden watermark message. The proposed ROP-based watermarking technique is more stealthy and resilient over existing techniques since the watermarking code is allocated dynamically into data region and therefore out of reach of attacks based on code analysis. Evaluations show that our design not only achieves satisfying stealth and resilience, but also causes significantly lower overhead to the watermarked program.

References

[1]

The llvm compiler infrastructure. http://llvm.org/.

Google Scholar

[2]

Upx: the ultimate packer for executables. http://upx.sourceforge.net/.

Google Scholar

[3]

Xenocode. http://www.xenocode.com.

Google Scholar

[4]

E. Buchanan, H. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to risc. In Proceedings of the 15th ACM conference on Computer and communications security (CCS), pages 27--38, 2008.

Digital Library

Google Scholar

[5]

S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In Proceedings of the 17th ACM conference on Computer and communications security (CCS), pages 559--572, 2010.

Digital Library

Google Scholar

[6]

P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie. Drop: Detecting return-oriented programming malicious code. In Proceedings of the 5th International Conference of Information Systems Security (ICISS), pages 163--177, 2009.

Digital Library

Google Scholar

[7]

Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng. Ropecker: A generic and practical approach for defending against rop attacks. In Symposium on Network and Distributed System Security (NDSS), 2014.

Crossref

Google Scholar

[8]

C. Collberg, E. Carter, S. Debray, A. Huntwork, J. Kececioglu, C. Linn, and M. Stepp. Dynamic path-based software watermarking. In Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation (PLDI), pages 107--118, 2004.

Digital Library

Google Scholar

[9]

C. Collberg and J. Nagra. Surreptitious Software Obfuscation, Watermarking, and Tamperproofing for Software Protection. Software Security Series. Addison-Wesley, 2009.

Digital Library

Google Scholar

[10]

C. Collberg and C. Thomborson. Software watermarking: models and dynamic embeddings. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 311--324, 1999.

Digital Library

Google Scholar

[11]

C. Collberg, C. Thomborson, and G. M. Townsend. Dynamic graph-based software watermarking. Technical Report TR04-08, Department of Computer Science, The University of Arizona, 2004.

Google Scholar

[12]

P. Cousot and R. Cousot. An abstract interpretation-based framework for software watermarking. In Proceedings of the 31th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 173--185, 2004.

Digital Library

Google Scholar

[13]

L. Davi, A. Sadeghiy, and M. Winandyz. Ropdefender: A detection tool to defend against return-oriented programming attacks. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pages 40--51, 2011.

Digital Library

Google Scholar

[14]

A. Francillon and C. Castelluccia. Code injection attacks on harvard-architecture devices. In Proceedings of the 15th ACM conference on Computer and communications security (CCS), pages 15--26, 2008.

Digital Library

Google Scholar

[15]

T. Holz and F. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 19nd USENIX conference on Security (USENIX Security), pages 383--398, 2009.

Digital Library

Google Scholar

[16]

T. Kornau. Return oriented programming for the arm architecture. Master's thesis, Ruhr-Universität, Bochum, 2010.

Google Scholar

[17]

K. Lu, S. Xiong, and D. Gao. Ropsteg: Program steganography with return oriented programming. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY), pages 265--272, 2014.

Digital Library

Google Scholar

[18]

G. Myles and C. Collberg. Software watermarking through register allocation: Implementation, analysis, and attacks. In Proceedings of the 6th International Conference of Information Security and Cryptology (ICISC), pages 274--293, 2003.

Google Scholar

[19]

G. Myles and C. Collberg. Software watermarking via opaque predicates: Implementation, analysis, and attacks. Electronic Commerce Research, 6(2):155--171, 2006.

Digital Library

Google Scholar

[20]

G. Myles and H. Jin. Self-validating branch-based software watermarking. In Proceedings of the 7th International Workshop of Information Hiding (IH), pages 342--356, 2005.

Digital Library

Google Scholar

[21]

J. Nagra and C. Thomborson. Threading software watermarks. In Proceedings of the 6th International Workshop of Information Hiding (IH), pages 208--223, 2004.

Digital Library

Google Scholar

[22]

K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-free: defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pages 49--58, 2010.

Digital Library

Google Scholar

[23]

J. Palsberg, S. Krishnaswamy, M. Kwon, D. Ma, Q. Shao, and Y. Zhang. Experience with software watermarking. In Proceedings of the 16th Annual Conference of Computer Security Applications (ACSAC), pages 308--316, 2000.

Digital Library

Google Scholar

[24]

V. Pappas. kbouncer: Efficient and transparent rop mitigation. Technical report, Columbia University, 2012.

Google Scholar

[25]

C. Ren, K. Chen, and P. Liu. Droidmarking: Resilient software watermarking for impeding android application repackaging. In Proceedings of the 29th ACM/IEEE international conference on Automated software engineering (ASE), pages 635--646, 2014.

Digital Library

Google Scholar

[26]

R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM Transactions on Information and System Security (TISSEC), 15(1):2, 2012.

Digital Library

Google Scholar

[27]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security (CCS), pages 552--561, 2007.

Digital Library

Google Scholar

[28]

M. Sharif, A. Lanzi, J. Giffin, and W. Lee. Impeding malware analysis using conditional code obfuscation. In Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS), 2008.

Google Scholar

[29]

K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and C. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proceedings of the 34rd IEEE Symposium on Security and Privacy (S&P), pages 574--588, 2013.

Digital Library

Google Scholar

[30]

D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. Bitblaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security (ICISS), pages 1--25, 2008.

Digital Library

Google Scholar

[31]

R. Venkatesan, V. Vazirani, and S.Sinha. A graph theoretic approach to software watermarking. In Proceedings of the 4th International Workshop of Information Hiding (IH), pages 157--168, 2001.

Digital Library

Google Scholar

[32]

T. Wang, K. Lu, L. Lu, S. Chung, and W. Lee. Jekyll on ios: When benign apps become evil. In Proceedings of the 22nd USENIX conference on Security (USENIX Security), pages 559--572, 2013.

Digital Library

Google Scholar

[33]

C. Zhang, T. Wei, Z. Chen, L. Duan, S. McCamant, L. Szekeres, D. Song, and W. Zou. Practical control flow integrity & randomization for binary executables. In Proceedings of the 34rd IEEE Symposium on Security and Privacy (S&P), pages 559--573, 2013.

Digital Library

Google Scholar

[34]

W. Zhou, X. Zhang, and X. Jiang. Appink: Watermarking android apps for repackaging deterrence. In Proceedings of the 8th ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS), pages 1--12, 2013.

Digital Library

Google Scholar

Cited By

View all

Kim TJang YLee CKoo HKim H(2023)Smartmark: Software Watermarking Scheme for Smart Contracts2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00035(283-294)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00035
Kosolapov Y(2021)On Detecting Code Reuse AttacksAutomatic Control and Computer Sciences10.3103/S014641162007011154:7(573-583)Online publication date: 8-Feb-2021
https://doi.org/10.3103/S0146411620070111
Uroz DRodriguez R(2021)Evaluation of the Executional Power in Windows using Return Oriented Programming2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00056(361-372)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00056
Show More Cited By

Index Terms

Software Watermarking using Return-Oriented Programming
1. Social and professional topics
  1. Computing / technology policy
    1. Intellectual property

Recommendations

Return-Oriented Programming: Systems, Languages, and Applications
Special Issue on Computer and Communications Security

We introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences ...
A Fragile Software Watermarking for Tamper-Proof
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01

A fragile software watermarking scheme for integrity verification of software is proposed in this paper. The algorithm uses the idea of semantic-preserving code substitution for embedding the watermark. With the system, the generated watermark relates ...
Survey of return-oriented programming defense mechanisms

A prominent software security violation-buffer overflow attack has taken various forms and poses serious threats until today. One such vulnerability is return-oriented programming attack. An return-oriented programming attack circumvents the dynamic ...

Reviews

Reviewer: Brad D. Reid

Watermarking is a technique for embedding an identifying message into software that may later be retrieved to recognize ownership or authenticate information. Return-oriented programming (ROP) allows a malicious attacker to manipulate the call stack (storing information about active subroutines), making it more difficult to defend against. These researchers have merged watermarking and ROP to stealthily allow the recovery of a hidden watermark message. This paper, for advanced researchers, indicates how malicious methodologies may be utilized for creative purposes. The paper is well organized, beginning with an overview and introduction to software watermarking and ROP. The researchers provide a simple example of how ROP-based watermarking functions. Their design "splits the watermarking payload into small segments to be constructed in [various] functions of the program which [they] called 'carriers.'" This reduces suspicion and possible detection. The methodology is discussed in some detail. The technique was tested on a number of programs from the SPECint-2006 test suite. The parameters of stealth, credibility, and resilience were evaluated with positive results. Reduced runtime was also apparent. Their technique compared favorably to RopStep, "a general tool for hiding code portions ... with ROP." However, the researchers note that their technique would be vulnerable to a library replacement attack in which the original libraries that linked to the watermarked program would be replaced. Additional research will address this issue. With good organization, figures, and a list of references, this 11-page report is well done. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

April 2015

698 pages

ISBN:9781450332453

DOI:10.1145/2714576

General Chairs:
Feng Bao
Huawei Technologies Pte Ltd, Singapore
,
Steven Miller
Singapore Management University, Singapore
,
Program Chairs:
Jianying Zhou
Institute for Infocomm Research, Singapore
,
Gail-Joon Ahn
Arizona State University, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Natural Science Foundation of China
National Key Basic Research Program of China
Natural Science Foundation of Tianjin

Conference

ASIA CCS '15

Sponsor:

SIGSAC

ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security

April 14 - March 17, 2015

Singapore, Republic of Singapore

Acceptance Rates

ASIA CCS '15 Paper Acceptance Rate 48 of 269 submissions, 18%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
317
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kim TJang YLee CKoo HKim H(2023)Smartmark: Software Watermarking Scheme for Smart Contracts2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00035(283-294)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00035
Kosolapov Y(2021)On Detecting Code Reuse AttacksAutomatic Control and Computer Sciences10.3103/S014641162007011154:7(573-583)Online publication date: 8-Feb-2021
https://doi.org/10.3103/S0146411620070111
Uroz DRodriguez R(2021)Evaluation of the Executional Power in Windows using Return Oriented Programming2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00056(361-372)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00056
Borrello PCoppa ED'Elia D(2021)Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00064(555-568)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00064
Lyvas CNtantogian CXenakis C(2021)[m]allotROPism: a metamorphic engine for malicious software variation developmentInternational Journal of Information Security10.1007/s10207-021-00541-yOnline publication date: 3-Mar-2021
https://doi.org/10.1007/s10207-021-00541-y
Iwendi CJalil ZJaved AG. TKaluri RSrivastava GJo O(2020)KeySplitWatermark: Zero Watermarking Algorithm for Software Protection Against Cyber-AttacksIEEE Access10.1109/ACCESS.2020.29881608(72650-72660)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2988160
Qian CHu HAlharthi MChung PKim TLee WHeninger NTraynor P(2019)RAZORProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361459(1733-1750)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361459
Kosolapov Y(2019)About Detection of Code Reuse AttacksModeling and Analysis of Information Systems10.18255/1818-1015-2019-2-213-22826:2(213-228)Online publication date: 20-Jun-2019
https://doi.org/10.18255/1818-1015-2019-2-213-228
Ma HJia CLi SZheng WWu D(2019)Xmark: Dynamic Software Watermarking Using Collatz ConjectureIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.290807114:11(2859-2874)Online publication date: Nov-2019
https://doi.org/10.1109/TIFS.2019.2908071
Ntantogian CPoulios GKaropoulos GXenakis C(2019)Transforming malicious code to ROP gadgets for antivirus evasionIET Information Security10.1049/iet-ifs.2018.538613:6(570-578)Online publication date: Nov-2019
https://doi.org/10.1049/iet-ifs.2018.5386
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Return-Oriented Programming: Systems, Languages, and Applications

A Fragile Software Watermarking for Tamper-Proof

Survey of return-oriented programming defense mechanisms

Reviews

Access critical reviews of Computing literature here