<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">sibsutis</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник СибГУТИ</journal-title><trans-title-group xml:lang="en"><trans-title>The Herald of the Siberian State University of Telecommunications and Information Science</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6920</issn><publisher><publisher-name>СибГУТИ</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">sibsutis-3</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Статьи</subject></subj-group></article-categories><title-group><article-title>О методе считывания цифрового водяного знака в исполняемых файлах</article-title><trans-title-group xml:lang="en"><trans-title>On the method of reading a digital watermark in executable files</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Нечта</surname><given-names>И. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Nechta</surname><given-names>I. ..</given-names></name></name-alternatives><email xlink:type="simple">ivannechta@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff xml:lang="ru" id="aff-1"><institution>СибГУТИ</institution><country>Russian Federation</country></aff><pub-date pub-type="collection"><year>2020</year></pub-date><pub-date pub-type="epub"><day>18</day><month>04</month><year>2022</year></pub-date><volume>0</volume><issue>1</issue><fpage>3</fpage><lpage>10</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Нечта И.В., 2022</copyright-statement><copyright-year>2022</copyright-year><copyright-holder xml:lang="ru">Нечта И.В.</copyright-holder><copyright-holder xml:lang="en">Nechta I...</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.sibsutis.ru/jour/article/view/3">https://vestnik.sibsutis.ru/jour/article/view/3</self-uri><abstract><p>В рамках исследования предлагается метод считывания цифрового водяного знака в исполняемом файле. Рассматриваемый водяной знак относится к разряду полухрупких, которые разрушаются при заданной доле изменений в программе. Указанный метод может быть применён для контроля целостности программного обеспечения. Разработанный алгоритм обладает рядом свойств, позволяющих противодействовать анализу кода. Защищенная таким образом программа считывает хранимый водяной знак по байтам в псевдослучайном порядке, что затрудняет выявление и последующее разрушение механизма контроля целостности. Предложенный алгоритм является расширением подхода непрозрачных предикатов. Показана высокая трудоёмкость атаки на данный метод при использовании точек остановки с условиями и трассировки.</p></abstract><trans-abstract xml:lang="en"><p>As part of this this research a method for reading a digital watermark is suggested for executable files. The watermark in question belongs to the category of semi-fragile, which is destroyed at a given percentage of changes in the program. Specified method can be used to control software integrity. The developed algorithm has a number of properties that make it possible to counteract code analysis. The program protected in this way reads the stored watermark by bytes in a pseudorandom order making it difficult to detect and destroy the integrity control mechanism. The proposed algorithm is an extension of the opaque predicate approach. The high complexity of attacking this method based on breakpoints with conditions and tracing is presented.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>цифровые водяные знаки</kwd><kwd>защита авторских прав</kwd><kwd>контроль целостности</kwd><kwd>непрозрачные предикаты</kwd></kwd-group><kwd-group xml:lang="en"><kwd>tamper proofing</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Ahmadvand M., Pretschner A., Kelbert F. A taxonomy of software integrity protection techniques // Advances in Computers. Elsevier. 2019. V. 112. P. 413-486.</mixed-citation><mixed-citation xml:lang="en">Ahmadvand M., Pretschner A., Kelbert F. A taxonomy of software integrity protection techniques // Advances in Computers. Elsevier. 2019. V. 112. P. 413-486.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Abrath B., Coppens B., Volckaert B., Wijnant J., De Sutter B. Tightly-coupled selfdebugging software protection // Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, SSPREW ’16, New York, NY, USA, ACM, 2016. P. 7.</mixed-citation><mixed-citation xml:lang="en">Abrath B., Coppens B., Volckaert B., Wijnant J., De Sutter B. Tightly-coupled selfdebugging software protection // Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, SSPREW ’16, New York, NY, USA, ACM, 2016. P. 7.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Baumann A., Peinado M., Hunt G. Shielding applications from an untrusted cloud with haven // ACM Transactions on Computer Systems (TOCS). 2015. V. 33, № 3. P. 8.</mixed-citation><mixed-citation xml:lang="en">Baumann A., Peinado M., Hunt G. Shielding applications from an untrusted cloud with haven // ACM Transactions on Computer Systems (TOCS). 2015. V. 33, № 3. P. 8.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Banescu S., Ahmadvand M., Pretschner A., Shield R., Hamilton C. Detecting patching of executables without system calls // Proceedings of the Conference on Data and Application Security and Privacy, ACM, 2017. P. 185-196.</mixed-citation><mixed-citation xml:lang="en">Banescu S., Ahmadvand M., Pretschner A., Shield R., Hamilton C. Detecting patching of executables without system calls // Proceedings of the Conference on Data and Application Security and Privacy, ACM, 2017. P. 185-196.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Blietz B., Tyagi A. Software tamper resistance through dynamic program monitoring // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3919 LNCS, 2006. P. 146-163.</mixed-citation><mixed-citation xml:lang="en">Blietz B., Tyagi A. Software tamper resistance through dynamic program monitoring // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3919 LNCS, 2006. P. 146-163.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Dewan P., Durham D., Khosravi H., Long M., Nagabhushan G. A hypervisor-based system for protecting software runtime memory and persistent storage // Proceedings of the 2008 Spring simulation multiconference. Society for Computer Simulation International, 2008. P. 828-835.</mixed-citation><mixed-citation xml:lang="en">Dewan P., Durham D., Khosravi H., Long M., Nagabhushan G. A hypervisor-based system for protecting software runtime memory and persistent storage // Proceedings of the 2008 Spring simulation multiconference. Society for Computer Simulation International, 2008. P. 828-835.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Park S., Yoon J. N., Kang C., Kim K. H., Han T. TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients // 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, 2015. P. 99-108.</mixed-citation><mixed-citation xml:lang="en">Park S., Yoon J. N., Kang C., Kim K. H., Han T. TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients // 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, 2015. P. 99-108.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Morgan B., Alata E., Nicomette V., Kaaniche M., Averlant G. Design and implementation of a hardware assisted security architecture for software integrity monitoring // IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), 2015. P. 189-198.</mixed-citation><mixed-citation xml:lang="en">Morgan B., Alata E., Nicomette V., Kaaniche M., Averlant G. Design and implementation of a hardware assisted security architecture for software integrity monitoring // IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), 2015. P. 189-198.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Van Oorschot P. C., Somayaji A., Wurster G. Hardware-assisted circumvention of selfhashing software tamper resistance // IEEE Transactions on Dependable and Secure Computing, 2005. V. 2 (2). P. 82-92.</mixed-citation><mixed-citation xml:lang="en">Van Oorschot P. C., Somayaji A., Wurster G. Hardware-assisted circumvention of selfhashing software tamper resistance // IEEE Transactions on Dependable and Secure Computing, 2005. V. 2 (2). P. 82-92.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Banescu S., Collberg C., Ganesh V., Newsham Z., Pretschner A. Code obfuscation against symbolic execution attacks // Proceedings of the 32nd Annual Conference on Computer Security Applications, ACM, 2016. P. 189-200.</mixed-citation><mixed-citation xml:lang="en">Banescu S., Collberg C., Ganesh V., Newsham Z., Pretschner A. Code obfuscation against symbolic execution attacks // Proceedings of the 32nd Annual Conference on Computer Security Applications, ACM, 2016. P. 189-200.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Madou M., Anckaert B., Moseley P., Debray S., De Sutter B., De Bosschere K. Software protection through dynamic code mutation // International Workshop on Information Security Applications, Springer, 2005. P. 194-206.</mixed-citation><mixed-citation xml:lang="en">Madou M., Anckaert B., Moseley P., Debray S., De Sutter B., De Bosschere K. Software protection through dynamic code mutation // International Workshop on Information Security Applications, Springer, 2005. P. 194-206.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Likarish P., Jung E., Jo I. Obfuscated malicious javascript detection using classification techniques // 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), IEEE, 2009. P. 47-54.</mixed-citation><mixed-citation xml:lang="en">Likarish P., Jung E., Jo I. Obfuscated malicious javascript detection using classification techniques // 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), IEEE, 2009. P. 47-54.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Dedic N., Jakubowski M., Venkatesan R A graph game model for software tamper protection // International Workshop on Information Hiding, Springer, Berlin, Heidelberg, 2007. P. 80-95.</mixed-citation><mixed-citation xml:lang="en">Dedic N., Jakubowski M., Venkatesan R A graph game model for software tamper protection // International Workshop on Information Hiding, Springer, Berlin, Heidelberg, 2007. P. 80-95.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Официальный сайт программы OllyDbg [Электронный ресурс]. URL: http://www.ollydbg.de/ (дата обращения: 07.10.2019).</mixed-citation><mixed-citation xml:lang="en">Официальный сайт программы OllyDbg [Электронный ресурс]. URL: http://www.ollydbg.de/ (дата обращения: 07.10.2019).</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Официальный сайт программы IDAPro [Электронный ресурс]. URL: https://www.hex-rays.com/products/ida/index.shtml (дата обращения: 07.10.2019).</mixed-citation><mixed-citation xml:lang="en">Официальный сайт программы IDAPro [Электронный ресурс]. URL: https://www.hex-rays.com/products/ida/index.shtml (дата обращения: 07.10.2019).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Официальный сайт программы WinDBG [Электронный ресурс]. URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/ (дата обращения: 07.10.2019).</mixed-citation><mixed-citation xml:lang="en">Официальный сайт программы WinDBG [Электронный ресурс]. URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/ (дата обращения: 07.10.2019).</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Chen X., Andersen J., Mao Z. M., Bailey M., Nazario J. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware // IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (DSN), 2008. P. 177-186.</mixed-citation><mixed-citation xml:lang="en">Chen X., Andersen J., Mao Z. M., Bailey M., Nazario J. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware // IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (DSN), 2008. P. 177-186.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
