Abstract
Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W ⊕ X and mandatory code signing security mechanisms. We further implement Rop- Steg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the fist attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.
| Original language | English (US) |
|---|---|
| Title of host publication | CODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy |
| Publisher | Association for Computing Machinery |
| Pages | 265-272 |
| Number of pages | 8 |
| DOIs | |
| State | Published - Jan 1 2014 |
| Event | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States Duration: Mar 3 2014 → Mar 5 2014 |
Other
| Other | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 |
|---|---|
| Country/Territory | United States |
| City | San Antonio, TX |
| Period | 3/3/14 → 3/5/14 |
Keywords
- Code obfuscation
- Program steganography
- Return-oriented programming
- Watermarking