Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
3-2014
Abstract
Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W⊕X and mandatory code signing security mechanisms. We further implement RopSteg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the first attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.
Keywords
code obfuscation, program steganography, return-oriented programming, watermarking
Discipline
Information Security
Research Areas
Cybersecurity
Publication
CODASPY '14: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy: March 3-5, San Antonio, TX
First Page
265
Last Page
272
ISBN
9781450322782
Identifier
10.1145/2557547.2557572
Publisher
ACM
City or Country
New York
Embargo Period
3-23-2022
Citation
LU, Kangjie; XIONG, Siyang; and GAO, Debin.
RopSteg: Program steganography with return oriented programming. (2014). CODASPY '14: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy: March 3-5, San Antonio, TX. 265-272.
Available at: https://ink.library.smu.edu.sg/sis_research/7033
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/2557547.2557572