RopSteg: Program Steganography with Return Oriented Programming

RopSteg: Program Steganography with Return Oriented Programming

Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such...

Full description

Saved in:
Bibliographic Details
Main Authors: Lu, Kangjie, Xiong, Siyang, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
code obfuscation
program steganography
return-oriented programming
watermarking
Computer Sciences
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research_smu/50
https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1049&context=sis_research_smu
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research_smu-1049
record_format dspace
spelling sg-smu-ink.sis_research_smu-10492018-07-09T06:02:47Z RopSteg: Program Steganography with Return Oriented Programming Lu, Kangjie Xiong, Siyang GAO, Debin Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography. 2014-03-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research_smu/50 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1049&context=sis_research_smu http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Information Systems (SMU Access Only) eng Institutional Knowledge at Singapore Management University code obfuscation program steganography return-oriented programming watermarking Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic code obfuscation
program steganography
return-oriented programming
watermarking
Computer Sciences
Information Security
spellingShingle code obfuscation
program steganography
return-oriented programming
watermarking
Computer Sciences
Information Security
Lu, Kangjie
Xiong, Siyang
GAO, Debin
RopSteg: Program Steganography with Return Oriented Programming
description Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.
format text
author Lu, Kangjie
Xiong, Siyang
GAO, Debin
author_facet Lu, Kangjie
Xiong, Siyang
GAO, Debin
author_sort Lu, Kangjie
title RopSteg: Program Steganography with Return Oriented Programming
title_short RopSteg: Program Steganography with Return Oriented Programming
title_full RopSteg: Program Steganography with Return Oriented Programming
title_fullStr RopSteg: Program Steganography with Return Oriented Programming
title_full_unstemmed RopSteg: Program Steganography with Return Oriented Programming
title_sort ropsteg: program steganography with return oriented programming
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research_smu/50
https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=1049&context=sis_research_smu
_version_ 1712300667022868480

Similar Items