Skip to main content
SpringerLink
Log in

Replacement Attacks on Behavior Based Software Birthmark

  • Conference paper
Information Security (ISC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7001))

Included in the following conference series:

Abstract

Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Collberg, C., Thomborson, C.: Software watermarking: models and dynamic embeddings. In: POPL 1999: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York (1999)

    Google Scholar 

  2. Collberg, C., Carter, E., Debray, S., Huntwork, A., Kececioglu, J., Linn, C., Stepp, M.: Dynamic path-based software watermarking. SIGPLAN Not. (2004)

    Google Scholar 

  3. Myles, G., Collberg, C.S.: Detecting Software Theft via Whole Program Path Birthmarks. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 404–415. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Schuler, D., Dallmeier, V., Lindig, C.: A dynamic birthmark for java. In: ASE 2007: Proceedings of the Twenty-Second IEEE/ACM International Conference on Automated Software Engineering. ACM, New York (2007)

    Google Scholar 

  5. Tamada, H., Nakamura, M., Monden, A.: Design and evaluation of birthmarks for detecting theft of Java programs, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.98.7502;http://se.naist.jp/jbirth/papers/tamada04iasted.pdf

  6. Tamada, H., Okamoto, K., Nakamura, M., Monden, A., Matsumoto, K.-i.: Dynamic software birthmarks to detect the theft of Windows applications. In: Proc. Int. Symp. on Future Software Technology 2004 (2004)

    Google Scholar 

  7. Collberg, C., Thomborson, C.: A taxonomy of obfuscating transformations. Technical report 148, The University of Auckland (1999)

    Google Scholar 

  8. Males, G., Collberg, C.: K-gram based software birthmarks. In: SAC 2005: Proceedings of the 2005 ACM Symposium on Applied Computing. ACM, New York (2005)

    Google Scholar 

  9. Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: ESEC-FSE 2007: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. ACM, New York (2007)

    Google Scholar 

  10. Garey, M.R.: Practical Graph Isomorphism. Congressus Numerantium, Canberra (1981)

    Google Scholar 

  11. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)

    Google Scholar 

  12. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (Sub)Graph Isomorphism Algorithm for Matching Large Graphs. IEEE Transactions on Pattern Analysis and Machine Intelligence 26(10) (October 2004)

    Google Scholar 

  13. Collberg, C., Thomborson, C.: On the Limits of Software Watermarking, http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson98e/index.html

  14. Richard Stevens, W.: Advanced Programming in the Unix Environment. Addison Wesley Longman Inc., Amsterdam (1992) ISBN: 0-201-56317-7

    MATH  Google Scholar 

  15. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York (2009)

    Google Scholar 

  16. Zelix Pty Ltd: The Zelix KlassMaster Java obfuscator, http://www.zelix.com/klassmaster/

  17. Ullmann, J.R.: An Algorithm for Subgraph Isomorphism. Journal of the Association for Computing Machinery (1976)

    Google Scholar 

  18. ERESI team, the ERESI Reverse Engineering Software Interface (2011), http://www.eresi-project.org/

  19. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York (2002)

    Google Scholar 

  20. Foggia, P., Sansone, C., Vento, M.: A Performance Comparison of Five Algorithms for Graph Isomorphism. Journal of the Association for Computing Machinery (1999)

    Google Scholar 

  21. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting Software Theft via System Call Based Birthmarks. In: Annual Computer Security Applications Conference, ACSAC 2009, December 7-11, pp. 149–158 (2009)

    Google Scholar 

  22. Zhang, X., Tallam, S., Gupta, R.: Dynamic slicing long running programs through execution fast forwarding. In: Processing of 14th ACM SIGSOFT Symposium on Foundations of Software Engineering (2006)

    Google Scholar 

  23. Networkx, the Python package for the creation, manipulation, and the study of complex networks (2011), http://networkx.lanl.gov/

  24. Parrack, D.: Microsoft accuses Mexican drug cartel La Familia of selling bootleg Office software, http://vista.blorge.com/2011/02/05/microsoft-accuses-mexican-drug-cartel-la-familia-of-selling-bootleg-office-software/

  25. International Planning and Research Corporation: Seventh annual BSA and IDC global software piracy study, http://portal.bsa.org/globalpiracy2009/studies/09_Piracy_Study_Report_A4_final_111010.pdf

  26. Zhu, W., Thomborson, C., Wang, F.-Y.: A Survey of Software Watermarking. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D.D., Wang, F.-Y., Chen, H., Merkle, R.C. (eds.) ISI 2005. LNCS, vol. 3495, pp. 454–458. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Collberg, C.S., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Transactions on Software Engineering, 735–746 (2002)

    Google Scholar 

  28. Aucsmith, D.: Tamper Resistant Software: An Implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  29. Forrest, S., Hofmeyr, S., Somayaji, A.: The Evolution of System-Call Monitoring. In: Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC 2008), pp. 418–430. IEEE Computer Society, Washington, DC, USA (2008)

    Chapter  Google Scholar 

  30. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: Evaluating Performance of the VF Graph Matching Algorithm. Journal of the Association for Computing Machinery (1999)

    Google Scholar 

  31. Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting Software Theft via System Call Based Birthmarks. In: Proc. of the 25th Annual Computer Security Applications Conference, ACSAC (December 2009)

    Google Scholar 

  32. Collberg, C., Myles, G., Huntwork, A.: SandMark - A Tool for Software Protection Research. IEEE Security and Privacy 1(4) (2003)

    Google Scholar 

  33. Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman & co., New York (1979)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology, Nanjing University, Nanjing, 210093, China

    Zhi Xin, Huiyu Chen, Xinche Wang, Bing Mao & Li Xie

  2. The Pennsylvania State University, University Park, PA, 16802, USA

    Peng Liu & Sencun Zhu

Authors
  1. Zhi Xin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huiyu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinche Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sencun Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bing Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Li Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 800 Dongchuan Road, 200240, Min Hang Shanghai, China

    Xuejia Lai

  2. Cryptography and Security Department, Institute for Infocomm Research, Singapore

    Jianying Zhou

  3. Key Laboratory of Computer Networks and Information, Security Xidian University, 2 South Taibai Road, Xi’an, 710071, Shaanxi, China

    Hui Li

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xin, Z. et al. (2011). Replacement Attacks on Behavior Based Software Birthmark. In: Lai, X., Zhou, J., Li, H. (eds) Information Security. ISC 2011. Lecture Notes in Computer Science, vol 7001. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24861-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24861-0_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24860-3

  • Online ISBN: 978-3-642-24861-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation