DopSteg: Program steganography using data-oriented programming

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming Pub Date : 2025-04-01 DOI:10.1016/j.scico.2025.103311

Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han

{"title":"DopSteg: Program steganography using data-oriented programming","authors":"Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han","doi":"10.1016/j.scico.2025.103311","DOIUrl":null,"url":null,"abstract":"<div><div>Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103311"},"PeriodicalIF":1.5000,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167642325000504","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.

查看原文本刊更多论文

使用面向数据编程的程序隐写术

人们提出了许多利用软件混淆技术在程序中隐写嵌入某些代码逻辑的方法，从而增强了对软件知识产权的保护。目前，软件混淆的保护作用主要集中在保护目标程序的原生语义上，很少关注隐写语义的混淆。例如，在软件版权保护的背景下，需要将代码水印嵌入到目标程序中，水印代码的本地化能力成为攻击者绕过版权保护的关键手段。但是，现有的水印代码存在与目标程序集成程度低、抗动态反分析能力弱、隐蔽性差、易定位等缺点。本文提出了一种新的代码语义隐写方案DopSteg。该方案利用面向数据的编程原则，首先确定数据安全区和语义执行区。基于语义执行区，对目标软件的中间表示进行了划分。通过控制流扁平化，可重用代码片段被封装在循环结构的“开关”分支中，从而实现代码语义隐写。对DopSteg的图灵完备性分析证明了其隐写嵌入复杂语义的能力。实验评估表明，DopSteg将指令熵平均提高了约140%，实现了更深层次的语义隐写。反向分析需要额外的工作来分析隐写语义逻辑，这大大增强了对动态分析的抵抗力，同时保持稳定的开销。DopSteg为软件版权保护提供了一种新颖的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Science of Computer Programming 工程技术-计算机：软件工程

CiteScore

3.80

自引率

0.00%

发文量

审稿时长

67 days

期刊介绍： Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design. The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice. The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including • Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software; • Design, implementation and evaluation of programming languages; • Programming environments, development tools, visualisation and animation; • Management of the development process; • Human factors in software, software for social interaction, software for social computing; • Cyber physical systems, and software for the interaction between the physical and the machine; • Software aspects of infrastructure services, system administration, and network management.