On the method of reading a digital watermark in executable files

As part of this this research a method for reading a digital watermark is suggested for executable files. The watermark in question belongs to the category of semi-fragile, which is destroyed at a given percentage of changes in the program. Specified method can be used to control software integrity. The developed algorithm has a number of properties that make it possible to counteract code analysis. The program protected in this way reads the stored watermark by bytes in a pseudorandom order making it difficult to detect and destroy the integrity control mechanism. The proposed algorithm is an extension of the opaque predicate approach. The high complexity of attacking this method based on breakpoints with conditions and tracing is presented.

tamper proofing

1. Ahmadvand M., Pretschner A., Kelbert F. A taxonomy of software integrity protection techniques // Advances in Computers. Elsevier. 2019. V. 112. P. 413-486.

2. Abrath B., Coppens B., Volckaert B., Wijnant J., De Sutter B. Tightly-coupled selfdebugging software protection // Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, SSPREW ’16, New York, NY, USA, ACM, 2016. P. 7.

3. Baumann A., Peinado M., Hunt G. Shielding applications from an untrusted cloud with haven // ACM Transactions on Computer Systems (TOCS). 2015. V. 33, № 3. P. 8.

4. Banescu S., Ahmadvand M., Pretschner A., Shield R., Hamilton C. Detecting patching of executables without system calls // Proceedings of the Conference on Data and Application Security and Privacy, ACM, 2017. P. 185-196.

5. Blietz B., Tyagi A. Software tamper resistance through dynamic program monitoring // Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3919 LNCS, 2006. P. 146-163.

6. Dewan P., Durham D., Khosravi H., Long M., Nagabhushan G. A hypervisor-based system for protecting software runtime memory and persistent storage // Proceedings of the 2008 Spring simulation multiconference. Society for Computer Simulation International, 2008. P. 828-835.

7. Park S., Yoon J. N., Kang C., Kim K. H., Han T. TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients // 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, 2015. P. 99-108.

8. Morgan B., Alata E., Nicomette V., Kaaniche M., Averlant G. Design and implementation of a hardware assisted security architecture for software integrity monitoring // IEEE 21st Pacific Rim International Symposium on Dependable Computing (PRDC), 2015. P. 189-198.

9. Van Oorschot P. C., Somayaji A., Wurster G. Hardware-assisted circumvention of selfhashing software tamper resistance // IEEE Transactions on Dependable and Secure Computing, 2005. V. 2 (2). P. 82-92.

10. Banescu S., Collberg C., Ganesh V., Newsham Z., Pretschner A. Code obfuscation against symbolic execution attacks // Proceedings of the 32nd Annual Conference on Computer Security Applications, ACM, 2016. P. 189-200.

11. Madou M., Anckaert B., Moseley P., Debray S., De Sutter B., De Bosschere K. Software protection through dynamic code mutation // International Workshop on Information Security Applications, Springer, 2005. P. 194-206.

12. Likarish P., Jung E., Jo I. Obfuscated malicious javascript detection using classification techniques // 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), IEEE, 2009. P. 47-54.

13. Dedic N., Jakubowski M., Venkatesan R A graph game model for software tamper protection // International Workshop on Information Hiding, Springer, Berlin, Heidelberg, 2007. P. 80-95.

14. Официальный сайт программы OllyDbg [Электронный ресурс]. URL: http://www.ollydbg.de/ (дата обращения: 07.10.2019).

15. Официальный сайт программы IDAPro [Электронный ресурс]. URL: https://www.hex-rays.com/products/ida/index.shtml (дата обращения: 07.10.2019).

16. Официальный сайт программы WinDBG [Электронный ресурс]. URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/ (дата обращения: 07.10.2019).

17. Chen X., Andersen J., Mao Z. M., Bailey M., Nazario J. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware // IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (DSN), 2008. P. 177-186.