Replacement attacks on behavior based software birthmark

Authors:
Zhi Xin;Huiyu Chen;Xinche Wang;Peng Liu;Sencun Zhu;Bing Mao;Li Xie
Affiliations:
Department of Computer Science and Technology, Nanjing University, Nanjing, China;Department of Computer Science and Technology, Nanjing University, Nanjing, China;Department of Computer Science and Technology, Nanjing University, Nanjing, China;The Pennsylvania State University, University Park, PA;The Pennsylvania State University, University Park, PA;Department of Computer Science and Technology, Nanjing University, Nanjing, China;Department of Computer Science and Technology, Nanjing University, Nanjing, China
Venue:
ISC'11 Proceedings of the 14th international conference on Information security
Year:
2011

Citing 18
Cited 0

Advanced programming in the UNIX environment

Advanced programming in the UNIX environment
Software watermarking: models and dynamic embeddings

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Algorithm for Subgraph Isomorphism

Journal of the ACM (JACM)
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security
Watermarking, tamper-proffing, and obfuscation: tools for software protection

IEEE Transactions on Software Engineering
Tamper Resistant Software: An Implementation

Proceedings of the First International Workshop on Information Hiding
Sandmark--A Tool for Software Protection Research

IEEE Security and Privacy
Dynamic path-based software watermarking

Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
A (Sub)Graph Isomorphism Algorithm for Matching Large Graphs

IEEE Transactions on Pattern Analysis and Machine Intelligence
K-gram based software birthmarks

Proceedings of the 2005 ACM symposium on Applied computing
Dynamic slicing long running programs through execution fast forwarding

Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Mining specifications of malicious behavior

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A dynamic birthmark for java

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
The Evolution of System-Call Monitoring

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Behavior based software theft detection

Proceedings of the 16th ACM conference on Computer and communications security
Detecting Software Theft via System Call Based Birthmarks

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A survey of software watermarking

ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.