RopSteg: Program steganography with return oriented programming

Kangjie Lu, Siyang Xiong, Debin Gao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

32 Scopus citations

Abstract

Many software obfuscation techniques have been proposed to hide program instructions or logic and to make reverse engineering hard. In this paper, we introduce a new property in software obfuscation, namely program steganography, where certain instructions are "diffused" in others in such a way that they are non-existent until program execution. Program steganography does not raise suspicion in program analysis, and conforms to the W ⊕ X and mandatory code signing security mechanisms. We further implement Rop- Steg, a novel software obfuscation system, to provide (to a certain degree) program steganography using return-oriented programming. We apply RopSteg to eight Windows executables and evaluate the program steganography property in the corresponding obfuscated programs. Results show that RopSteg achieves program steganography with a small overhead in program size and execution time. RopSteg is the fist attempt of driving return-oriented programming from the "dark side", i.e., using return-oriented programming in a non-attack application. We further discuss limitations of RopSteg in achieving program steganography.

Original languageEnglish (US)
Title of host publicationCODASPY 2014 - Proceedings of the 4th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery
Pages265-272
Number of pages8
DOIs
StatePublished - Jan 1 2014
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: Mar 3 2014Mar 5 2014

Other

Other4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
Country/TerritoryUnited States
CitySan Antonio, TX
Period3/3/143/5/14

Keywords

  • Code obfuscation
  • Program steganography
  • Return-oriented programming
  • Watermarking

Fingerprint

Dive into the research topics of 'RopSteg: Program steganography with return oriented programming'. Together they form a unique fingerprint.

Cite this