| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 4, 2018 |
| Latest Amendment Date: | August 4, 2018 |
| Award Number: | 1811560 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Daniela Oliveira
doliveir@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | August 1, 2018 |
| End Date: | December 31, 2020 (Estimated) |
| Total Intended Award Amount: | $173,969.00 |
| Total Awarded Amount to Date: | $173,969.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
6001 DODGE ST EAB 209 OMAHA NE US 68182-0001 (402)554-2286 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
6001 Dodge Street Omaha NE US 68182-0116 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Intellectual property protection of software remains a priority for the commercial sector because counterfeiting and piracy erode profits and market share, ultimately causing impacts on companies, consumers and governments. Watermarking for proving digital ownership and obfuscation for hindering adversarial reverse engineering are currently used to provide some level of deterrence against this. This project will investigate novel methods of software protection, hiding executable programs within other executable code.
Proposed research will investigate the use of "executable steganography" as a possible anti-reverse engineering technique and a way to watermark software. The goal of this research is to produce viable methods for hiding executable code, expanding the state-of-the-art for this style of program protection, while also characterizing its effectiveness based on capacity, robustness, detectability, invisibility, and resilience.
Both University of Nebraska Omaha and University of South Alabama bring key opportunities for broader impacts of this research. Both have a rich tradition of meeting the needs of diverse student bodies, both are in Established Program to Stimulate Competitive Research (EPSCoR) states, with numerous students coming from rural areas. Both universities have extensive K-12 STEM outreach and Scholarship for Service students preparing for future cybersecurity careers. The research teams will directly engage students in the research as part of their academic programs via course projects, senior capstone exercises, and labs.
The data for this project will not contain any personal or sensitive information other than the algorithms developed. Other researchers will have access to any databases and the source code via individual requests to the PIs. Research papers and published conference papers, etc. will be available via the project web page: http://loki.ist.unomaha.edu/~wmahoney/ExecutableSteganography/index.html.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Researchers at the University of Nebraska at Omaha (UNO) and the University of South Alabama (USA) investigated the possibilities of executable steganography – the hiding of executable code within a target program, such that it is difficult to detect, remove, or alter through reverse engineering. Whereas cryptography makes data secret in an overt manner, steganography attempts to keep data from being discovered. Common applications of steganography involve hiding arbitrary data, a secret message for example, in an unrelated data set such as an image. In our work our arbitrary data is executable code – merging an executable program that performs some function into some other program that acts as the carrier of this executable code.
Executable steganography has potential uses for government agencies that deal with secret communication – for example to demonstrate that the integrity of a program has not been compromised. It could also be used to transmit programs that are sensitive or secret in a way which avoids their detection. In our example executable steganography, we focused on digital fingerprinting, useful for intellectual property protection.
Our initial research concentrated specifically on the x86-64 instruction set. One of our outcomes was to create a database of x86 instructions organized by length, from one to six bytes, which are therefore useful in our original steganography approach. A white paper was also prepared detailing how this study was made. Additionally, we presented a paper on our approach and our early results at an established reverse engineering workshop.
Over time, though, the x86 approach proved to be a solution that works when constructed by hand but a method that does not scale well. The USA team completed their work on analysis algorithms for understanding the frequency distribution of opcodes which could be useful for software transformation techniques. This analysis resulted in a paper which was presented at a 2020 Cybersecurity Symposium. But it was this result which caused the UNO team to regroup and focus on techniques that would integrate executable code (the secret steganographic message) into existing code (the cover object) but at the level of intermediate representation within a compiler. The main difficulty in our initial approach was that the relative frequency of candidate instructions necessary for our steganography idea was insufficient in typical compiled programs.
The result is that the UNO/USA team refocused our efforts on the intermediate representation used in the compilation process, fingerprinting at this level and then generating the program with the included steganography data in a manner which was machine independent. At this time the demonstrations of steganography at this higher level of abstraction are complete and a forthcoming conference paper describes our results. We have hidden embedded code which is then compiled in, and by moving the intermediate representation back and forth between two completely different architectures we have tested the machine independence.
The SaTC award has resulted in intellectual merit in terms of developing and characterizing algorithms for executable steganography in applied settings. First, watermarking and fingerprinting applications are embedded using steganography, embedding code to identify the owner of intellectual property. Proof of an executable stego watermark can be demonstrated easily by changing the entry point of a program to specific address(es) where executable stego threads are embedded. The entry points, known only to a software owner, provide a covert means to establish ownership. Secondly, we are embedding this data in an independent manner, so that code at a high level can be subjected to steganography independently of the target machine.
Our grant has resulted in several broad impacts, including furthering cybersecurity research at UNO and USA, providing our faculty with opportunity to learn and grow in their field, and giving students the chance to experience and use the theoretical knowledge they gain as part of our CAE-CD and CAE-CO cybersecurity curricula. PI Mahoney integrated research results into his current Reverse Engineering class and will further integrate these results into the Compiler class as well. Anti-reverse engineering, a topic related directly to this award, is a significant part of the class contents and the ability to have students directly examine our executable steganography work – albeit from the perspective of reversing – is meaningful. This work thus directly impacts over 50 students each Spring.
PI McDonald utilized grant-related research threads at USA in existing Secure Software Engineering, Compilers and Surreptitious Software classes as part of term paper and student course project topics. These courses provide natural outlets to expose and involve over 80 students. This award has also had a direct impact on STEM and Information Assurance awareness at the USA, with several students at all college academic levels participating in the work. The grant provided opportunities for diverse disciplines to be explored as questions related to the grant were answered and implemented in various data experiments and developed software algorithms.
Last Modified: 02/01/2021
Modified by: William R Mahoney
Please report errors in award information by writing to: awardsearch@nsf.gov.
