RopSteg: Program steganography with return oriented programming

RopSteg: Program steganography with return oriented programming

Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such...

Full description

Saved in:
Bibliographic Details
Main Authors: LU, Kangjie, XIONG, Siyang, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
code obfuscation
program steganography
return-oriented programming
watermarking
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/7033
https://ink.library.smu.edu.sg/context/sis_research/article/8036/viewcontent/RopSteg_pv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8036
record_format dspace
spelling sg-smu-ink.sis_research-80362022-03-24T06:22:53Z RopSteg: Program steganography with return oriented programming LU, Kangjie XIONG, Siyang GAO, Debin Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography. 2014-03-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7033 info:doi/10.1145/2557547.2557572 https://ink.library.smu.edu.sg/context/sis_research/article/8036/viewcontent/RopSteg_pv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University code obfuscation program steganography return-oriented programming watermarking Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic code obfuscation
program steganography
return-oriented programming
watermarking
Information Security
spellingShingle code obfuscation
program steganography
return-oriented programming
watermarking
Information Security
LU, Kangjie
XIONG, Siyang
GAO, Debin
RopSteg: Program steganography with return oriented programming
description Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.
format text
author LU, Kangjie
XIONG, Siyang
GAO, Debin
author_facet LU, Kangjie
XIONG, Siyang
GAO, Debin
author_sort LU, Kangjie
title RopSteg: Program steganography with return oriented programming
title_short RopSteg: Program steganography with return oriented programming
title_full RopSteg: Program steganography with return oriented programming
title_fullStr RopSteg: Program steganography with return oriented programming
title_full_unstemmed RopSteg: Program steganography with return oriented programming
title_sort ropsteg: program steganography with return oriented programming
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research/7033
https://ink.library.smu.edu.sg/context/sis_research/article/8036/viewcontent/RopSteg_pv.pdf
_version_ 1770576191672025088

Similar Items