Executable Steganography

Hiding executable code within a target program so it is difficult to detect, remove, or alter through reverse engineering

Intellectual property protection of software remains a priority for the commercial sector because counterfeiting and piracy erode profits and market share, ultimately causing impacts on companies, consumers, and governments.

Watermarking (proving digital ownership) and obfuscation (hindering adversarial reverse engineering) is currently used to provide some level of deterrence against this. This project will investigate novel methods of software protection, hiding executable programs within other executable code.

Goals

Executable steganography is potentially an anti-reverse engineering technique and a way to watermark software. We aim to produce viable methods for hiding executable code, expand the state-of-the-art for this style of program protection, while also characterizing its effectiveness based on capacity, robustness, detectability, invisibility, and resilience.

A diagram illustrating a software steganography process. It begins with two inputs: an “Original Program P” labeled as a “cover message” and a “Stealth Program S” labeled as a “hidden message.” Both are fed into “Algorithm O,” along with “Hiding Instructions HI.” The output is a “Stego Program P’,” which embeds the hidden message into the original program. This stego program can be analyzed in two paths. One path flows through “Algorithm R,” which also takes a “Key K” as input and outputs the original “Stealth Program S” for recovery. The other path leads to “Adversarial Analysis A,” which attempts to detect the hidden content and yields three outcomes: a detection decision (Yes/No), a “Recovered Message S’,” and an “Altered Stego Program P’’.” This altered version is also compared back to the “Original Program P” to assess differences. Arrows indicate the directional flow of data and processing steps between components.

Collaboration with the University of South Alabama

Both UNO and USA bring key opportunities for broader impacts of this research. Both have a rich tradition of meeting the needs of diverse student bodies, both are in EPSCoR states, with numerous students coming from rural areas. Both universities have extensive K-12 STEM outreach and Scholarship for Service students preparing for future cybersecurity careers. Our team can directly engage students in the research as part of their academic programs via course projects, senior capstone exercises, and labs.

Sponsor

This work is partially funded by National Science Foundation awards 1811560 and 1811578 in the NSF 17-576 Secure and Trustworthy Cyberspace (SaTC) program.

Publications and Whitepapers

W. Mahoney, J. Franco, G. Hoff and J. T. McDonald, "Leave it to Weaver,"
in SSPREW, San Juan, Puerto Rico, 2018.

W. Mahoney, J.T. McDonald, "Enumerating x86-64 – It’s Not as Easy as Counting"

W. Mahoney, G. Hoff, J. T. McDonald, G. Grispos, “Software Fingerprinting in LLVM”, 16th International Conference on Cyber Warfare and Security, 2021

J. A. Mullins, J. T. McDonald, W. R. Mahoney, T. R. Andel, “Evaluating Security of Executable Steganography for Digital Software Watermarking”, 2020 Cybersecurity Symposium, Moscow, Idaho