Replacement Attacks on Behavior Based Software Birthmark
详细信息 查看全文
- 作者:Zhi Xin (1) zxin@nju.edu.cn
Huiyu Chen (1) mylobe.chen@gmail.com
Xinche Wang (1) xinchewang@gmail.com
Peng Liu (2) pliu@ist.psu.edu
Sencun Zhu (2) sxz16@psu.edu
Bing Mao (1) maobing@nju.edu.cn
Li Xie (1) - 关键词:software birthmark – ; replacement attack
- 刊名:Lecture Notes in Computer Science
- 出版年:2011
- 出版时间:2011
- 年:2011
- 卷:7001
- 期:1
- 页码:1-16
- 全文大小:396.9 KB
- 参考文献:1. Collberg, C., Thomborson, C.: Software watermarking: models and dynamic embeddings. In: POPL 1999: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York (1999)
2. Collberg, C., Carter, E., Debray, S., Huntwork, A., Kececioglu, J., Linn, C., Stepp, M.: Dynamic path-based software watermarking. SIGPLAN Not. (2004)
3. Myles, G., Collberg, C.S.: Detecting Software Theft via Whole Program Path Birthmarks. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 404–415. Springer, Heidelberg (2004)
4. Schuler, D., Dallmeier, V., Lindig, C.: A dynamic birthmark for java. In: ASE 2007: Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering. ACM, New York (2007)
5. Tamada, H., Nakamura, M., Monden, A.: Design and evaluation of birthmarks for detecting theft of Java programs, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.98.7502;http://se.naist.jp/jbirth/papers/tamada04iasted.pdf
6. Tamada, H., Okamoto, K., Nakamura, M., Monden, A., Matsumoto, K.-i.: Dynamic software birthmarks to detect the theft of Windows applications. In: Proc. Int. Symp. on Future Software Technology 2004 (2004)
7. Collberg, C., Thomborson, C.: A taxonomy of obfuscating transformations. Technical report 148, The University of Auckland (1999)
8. Males, G., Collberg, C.: K-gram based software birthmarks. In: SAC 2005: Proceedings of the 2005 ACM Symposium on Applied Computing. ACM, New York (2005)
9. Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: ESEC-FSE 2007: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. ACM, New York (2007)
10. Garey, M.R.: Practical Graph Isomorphism. Congressus Numerantium, Canberra (1981)
11. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)
12. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (Sub)Graph Isomorphism Algorithm for Matching Large Graphs. IEEE Transactions on Pattern Analysis and Machine Intelligence 26(10) (October 2004)
13. Collberg, C., Thomborson, C.: On the Limits of Software Watermarking, http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson98e/index.html
14. Richard Stevens, W.: Advanced Programming in the Unix Environment. Addison Wesley Longman Inc., Amsterdam (1992) ISBN: 0-201-56317-7
15. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York (2009)
16. Zelix Pty Ltd: The Zelix KlassMaster Java obfuscator, http://www.zelix.com/klassmaster/
17. Ullmann, J.R.: An Algorithm for Subgraph Isomorphism. Journal of the Association for Computing Machinery (1976)
18. ERESI team, the ERESI Reverse Engineering Software Interface (2011), http://www.eresi-project.org/
19. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York (2002)
20. Foggia, P., Sansone, C., Vento, M.: A Performance Comparison of Five Algorithms for Graph Isomorphism. Journal of the Association for Computing Machinery (1999)
21. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting Software Theft via System Call Based Birthmarks. In: Annual Computer Security Applications Conference, ACSAC 2009, December 7-11, pp. 149–158 (2009)
22. Zhang, X., Tallam, S., Gupta, R.: Dynamic slicing long running programs through execution fast forwarding. In: Processing of 14th ACM SIGSOFT Symposium on Foundations of Software Engineering (2006)
23. Networkx, the Python package for the creation, manipulation, and the study of complex networks (2011), http://networkx.lanl.gov/
24. Parrack, D.: Microsoft accuses Mexican drug cartel La Familia of selling bootleg Office software, http://vista.blorge.com/2011/02/05/microsoft-accuses-mexican-drug-cartel-la-familia-of-selling-bootleg-office-software/
25. International Planning and Research Corporation: Seventh annual BSA and IDC global software piracy study, http://portal.bsa.org/globalpiracy2009/studies/09_Piracy_Study_Report_A4_final_111010.pdf
26. Zhu, W., Thomborson, C., Wang, F.-Y.: A Survey of Software Watermarking. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D.D., Wang, F.-Y., Chen, H., Merkle, R.C. (eds.) ISI 2005. LNCS, vol. 3495, pp. 454–458. Springer, Heidelberg (2005)
27. Collberg, C.S., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Transactions on Software Engineering, 735–746 (2002)
28. Aucsmith, D.: Tamper Resistant Software: An Implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)
29. Forrest, S., Hofmeyr, S., Somayaji, A.: The Evolution of System-Call Monitoring. In: Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC 2008), pp. 418–430. IEEE Computer Society, Washington, DC, USA (2008)
30. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: Evaluating Performance of the VF Graph Matching Algorithm. Journal of the Association for Computing Machinery (1999)
31. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting Software Theft via System Call Based Birthmarks. In: Proc. of the 25th Annual Computer Security Applications Conference, ACSAC (December 2009)
32. Collberg, C., Myles, G., Huntwork, A.: SandMark - A Tool for Software Protection Research. IEEE Security and Privacy 1(4) (2003)
33. Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman & co., New York (1979) - 作者单位:1. State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology, Nanjing University, Nanjing, 210093 China2. The Pennsylvania State University, University Park, PA 16802, USA
- 刊物类别:Computer Science
- 刊物主题:Artificial Intelligence and Robotics
Computer Communication Networks
Software Engineering
Data Encryption
Database Management
Computation by Abstract Devices
Algorithm Analysis and Problem Complexity - 出版者:Springer Berlin / Heidelberg
- ISSN:1611-3349
文摘
Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.