Computer Security and Software Watermarking Based on Return-oriented Programming

Full Text (PDF, 497KB), PP.28-36

Views: 0 Downloads: 0

Author(s)

Ashwag Alrehily 1,* Vijey Thayananthan 1

1. Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2018.05.04

Received: 18 Dec. 2017 / Revised: 11 Jan. 2018 / Accepted: 9 Feb. 2018 / Published: 8 May 2018

Index Terms

Computer security, Software watermark, Gadgets, Return-oriented programming and Secure Hash Algorithm

Abstract

Applications of computer security issues are limited to the operating systems and gadgets used within the computers and all other devices integrated with supercomputers. With the growing number of users, software developers face the software piracy which could affect the computer systems. Currently, the major problem for computers in the different industries is software piracy. Despite many computer security techniques, we have proposed a software watermark design based on return-oriented programming (ROP). Here, the new design of the software watermark is considered as a method in which secure Hash algorithm plays an important role to enhance the performance of the computer security. In this method, we focused on gadgets analysis gadgets categories and a large number of gadgets. In this analysis, we selected Sjeng benchmark and ROP with different approaches. As a theoretical result, resilience and stealthy are compared with existing results. This approach can be useful to improve the application of the computer security laws with legal procedures depended on the proposed computer security algorithms and analysis.

Cite This Paper

Ashwag Alrehily, Vijey Thayananthan, "Computer Security and Software Watermarking Based on Return-oriented Programming", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.5, pp.28-36, 2018. DOI:10.5815/ijcnis.2018.05.04

Reference

[1]Creech, Gideon. "New approach to return-oriented programming exploitation mitigation." Information Security Journal: A Global Perspective (2017): 1-16.
[2]Tang, Zhanyong, and Dingyi Fang. "A tamper-proof software watermark using code encryption." In Intelligence and Security Informatics (ISI), 2011 IEEE International Conference on, pp. 156-160. IEEE, 2011.
[3]Ma, Haoyu, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, and Debin Gao. "Software Watermarking using Return-Oriented Programming." In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 369-380. ACM, 2015.
[4]Alrehily, Ashwag, and Vijey Thayananthan. "Software Watermarking based on Return-Oriented Programming for Computer Security." International Journal of Computer Applications 166, no. 8 (2017).
[5]BSA, Seizing Opportunity Through License Compliance. BSA, Software Alliance, 2016.
[6]Chionis, Ioannis, Maria Chroni, and Stavros D. Nikolopoulos. "WaterRPG: A Graph-based Dynamic Watermarking Model for Software Protection." arXiv preprint arXiv:1403.6658 (2014).
[7]Sha, Zonglu, Hua Jiang, and Aicheng Xuan. "Software watermarking algorithm by coefficients of the equation." In Genetic and Evolutionary Computing, 2009. WGEC'09. 3rd International Conference on, pp. 410-413. IEEE, 2009.
[8]Jiang, Hua, Hanlei He, and Xin Wang. "Software watermark algorithm based on Chinese remainder theorem." In Conference Anthology, IEEE, pp. 1-4. IEEE, 2013.
[9]Collberg, Christian, and Clark Thomborson. "Software Watermarking: Models and dynamic embeddings." In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages, pp. 311-324. ACM, 1999.
[10]Tu, Ronghui, Feiyuan Wang, Jiying Zhao, and Abdulmotaleb El Saddik. "Copyright Protection of Web Applications through Watermarking." In Innovative Computing, Information and Control, 2006. ICICIC'06. First International Conference on, vol. 3, pp. 78-82. IEEE, 2006.
[11]Shirali-Shahreza, Mohammad, and Sajad Shirali-Shahreza. "Software watermarking by equation reordering." In Information and Communication Technologies: From Theory to Applications, 2008. ICTTA 2008. 3rd International Conference on, pp. 1-4. IEEE, 2008.
[12]Gupta, Gaurav, and Josef Pieprzyk. "Source code watermarking based on function dependency oriented sequencing." In Intelligent Information Hiding and Multimedia Signal Processing, 2008. IIHMSP'08 International Conference on, pp. 965-968. IEEE, 2008.
[13]Zhang, Xuesong, Fengling He, and Wanli Zuo. "Hash function based software watermarking." In Advanced Software Engineering and Its Applications, 2008. ASEA 2008, pp. 95-98. IEEE, 2008.
[14]Jian-qi, Zhu, Liu Yan-heng, Yin Ke, and Yin Ke-xin. "A Robust Dynamic Watermarking Scheme based on STBDW." In Computer Science and Information Engineering, 2009 WRI World Congress on, vol. 7, pp. 602-606. IEEE, 2009.
[15]Pervez, Zeeshan, Yasir Mahmood, and Hafiz Farooq Ahmad. "Semblance based dis-seminated software watermarking algorithm." In Computer and Information Sciences, 2008. ISCIS'08. 23rd International Symposium on, pp. 1-4. IEEE, 2008.
[16]Chen, Liang, and Chaoquan Zhang. "A novel algorithm for. NET programs are watermarking based on obfuscation." In Instrumentation & Measurement, Sensor Network and Automation (IMSNA), 2012 International Symposium on, vol. 2, pp. 583-586. IEEE, 2012.
[17]JIANG Hua SHA Zong-lu XUAN Ai-cheng Software watermarking algorithm based on inverse number of expression [J] Journal of Computer Applications 2009 29(12) 3188-3190
[18]Roemer, Ryan, Erik Buchanan, Hovav Shacham, and Stefan Savage. "Re-turn-oriented programming: Systems, languages, and applications." ACM Transactions on Information and System Security (TISSEC) 15, no. 1 (2012): 2.
[19]Zeng, Ying, Fenlin Liu, Xiangyang Luo, and Chunfang Yang. "Robust software watermarking scheme based on obfuscated interpretation." In Multimedia Information Networking and Security (MINES), 2010 International Conference on, pp. 671-675. IEEE, 2010.
[20]Muthana, Abdulrahman A., and Mamoon M. Saeed. "Analysis of User Identity Privacy in LTE and Proposed Solution." International Journal of Computer Network and Information Security 9, no. 1 (2017): 54.
[21]Tiwari, Archana, and Manisha Sharma. "Semi-fragile Watermarking Schemes for Image Authentication-A Survey." International Journal of Computer Network and Information Security 4, no. 2 (2012): 43.
[22]Singh, Siddharth, and Tanveer J. Siddiqui. "Copyright Protection for Digital Images using Singular Value Decomposition and Integer Wavelet Transform." International Journal of Computer Network and Information Security 8, no. 4 (2016): 14.
[23]Lone, Auqib Hamid, and Moin Uddin. "A Novel Scheme for Image Authentication and Secret Data Sharing." International Journal of Computer Network and Information Security 8, no. 9 (2016): 10.
[24]Anley, Chris, John Heasman, Felix Lindner, and Gerardo Richarte. The shellcoder's handbook: discovering and exploiting security holes. John Wiley & Sons, 2011.
[25]Buchanan, Erik, Ryan Roemer, Hovav Shacham, and Stefan Savage. "When good instructions go bad: Generalizing return-oriented programming to RISC." In Proceedings of the 15th ACM conference on Computer and communications security, pp. 27-38. ACM, 2008.
[26]Shacham, Hovav. "The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)." In Proceedings of the 14th ACM conference on Computer and communications security, pp. 552-561. ACM, 2007.
[27]Palsberg, Jens, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang. "Experience with software watermarking." In Computer Security Applications, 2000. ACSAC'00. 16th Annual Conference, pp. 308-316. IEEE, 2000.
[28]Collberg, Christian, Stephen Kobourov, Edward Carter, and Clark Thomborson. "Error-correcting graphs for software watermarking." In Proceedings of the 29th Workshop on Graph-Theoretic Concepts in Computer Science, pp. 156-167. 2003.
[29]Ashwag Alrehily and Vijey Thayananthan, “Software Watermarking based on Re-turn-Oriented Programming for Computer Security,” International Journal of Computer Applications, Volume 166 – No.8, pp. 21-28, May 2017.
[30]Checkoway, Stephen, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. "Return-oriented programming without returns." In Proceedings of the 17th ACM conference on Computer and communications security, pp. 559-572. ACM, 2010.
[31]Zhu, William, Clark Thomborson, and Fei-Yue Wang. "A survey of software watermarking." In International Conference on Intelligence and Security Informatics, pp. 454-458. Springer Berlin Heidelberg, 2005.
[32]Joshi, Harshvardhan P., Aravindhan Dhanasekaran, and Rudra Dutta. "Impact of software obfuscation on susceptibility to Return-Oriented Programming attacks." In Sarnoff Symposium, 2015 36th IEEE, pp. 161-166. IEEE, 2015.
[33]Anna Romanou, The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise, Computer law & Security Review: The International Journal of Technology law and Practice (2017), doi: 10.1016/j.clsr.2017.05.021.