Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere.

Slides:



Advertisements
Similar presentations
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Advertisements

Steganography - A review Lidan Miao 11/03/03. Outline History Motivation Application System model Steganographic methods Steganalysis Evaluation and benchmarking.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 5 Program Design and Analysis.
Whole-Program Linear-Constant Analysis with Applications to Link-Time Optimization Ludo Van Put – Dominique Chanet – Koen De Bosschere Ghent University.
Software Certification and Attestation Rajat Moona Director General, C-DAC.
80x86 Instruction Set Dr. Qiang Lin.
Computer Organization And Assembly Language
Binary Program Rewriting with Diablo – Bjorn De Sutter – Engineering Sciences Faculty – Electronics and Information Systems Department p. 1 Binary.
-Archana Sapkota -Deepti Reddy Steganography 1 CS691 Summer 2009.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
9-1 ECE 424 Design of Microprocessor-Based Systems Haibo Wang ECE Department Southern Illinois University Carbondale, IL x86 Instructions Part.
CSCI 530L Steganography and Steganalysis. Administrative issues If you have not yet signed up for a Lab Section, do so now. Most lab sections are full.
STEGANOGRPAHY [APPLICATION – I]
Evaluation of the Gini-index for Studying Branch Prediction Features Veerle Desmet Lieven Eeckhout Koen De Bosschere.
A Model for Self-Modifying Code Bertrand Anckaert, Matias Madou and Koen De Bosschere 8 th Information Hiding Conference, July 11 th 2006.
Flag Control instructions CLC clear carry flag CF = 0 STC set carry flag CF= 1 CMC complement carry flag [CF] CF.
SSGRR A Taxonomy of Execution Replay Systems Frank Cornelis Andy Georges Mark Christiaens Michiel Ronsse Tom Ghesquiere Koen De Bosschere Dept. ELIS.
LAB Flag Bits and Register
Part 2: Packet Transmission Packets, frames Local area networks (LANs) Wide area networks (LANs) Hardware addresses Bridges and switches Routing and protocols.
Telecommunications Networking II Lecture 41f Viruses and Worms.
Assembly Code Optimization Techniques for the AMD64 Athlon and Opteron Architectures David Phillips Robert Duckles Cse 520 Spring 2007 Term Project Presentation.
5. Assembly Language. Basics of AL Program data Pseudo-ops Array Program structures Data, stack, code segments.
Arithmetic Flags and Instructions
1 Code Generation. 2 Position of a Code Generator in the Compiler Model Front-End Code Optimizer Source program Symbol Table Lexical error Syntax error.
Computer Systems - Processor. Objectives To investigate and understand the structure and role of the processor.
A four function ALU A 00 ADD B MUX SUB 11 Result AND OR
Assembly Language. Symbol Table Variables.DATA var DW 0 sum DD 0 array TIMES 10 DW 0 message DB ’ Welcome ’,0 char1 DB ? Symbol Table Name Offset var.
Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th,
Trace Substitution Hans Vandierendonck, Hans Logie, Koen De Bosschere Ghent University EuroPar 2003, Klagenfurt.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
Superoptimization Venkatesh Karthik Srinivasan Guest Lecture in CS 701, Nov. 10, 2015.
Microprocessor & Assembly Language Arithmetic and logical Instructions.
Evaluating the Fault Tolerance Capabilities of Embedded Systems via BDM M. Rebaudengo, M. Sonza Reorda Politecnico di Torino Dipartimento di Automatica.
Compacting ARM binaries with the Diablo framework – Dominique Chanet & Ludo Van Put Compacting ARM binaries with the Diablo framework Dominique Chanet.
Code Generation Part I Chapter 8 (1st ed. Ch.9)
Machine-Level Programming 2 Control Flow
Unit 1 Instruction set M.Brindha AP/EIE
Computer Architecture CST 250
CS2100 Computer Organization
Data Transfers, Addressing, and Arithmetic
CS 286 Computer Architecture & Organization
Welcome
Steganography Example
3.Instruction Set of 8085 Consists of 74 operation codes, e.g. MOV
1. Introduction A microprocessor executes instructions given by the user Instructions should be in a language known to the microprocessor Microprocessor.
ICS312 SET 7 Flags.
Subroutines and the Stack
Multiplication and Division Instructions
INSTRUCTION SET.
Assembly Language Programming Part 2
Arithmetic Instructions
Defending against malicious hardware
Code Generation Part I Chapter 9
Binary Code  
Morgan Kaufmann Publishers Computer Organization and Assembly Language
Term Project: A Survey on Attacking Method with Multimedia Files
Machine-Level Programming 2 Control Flow
Code Generation Part I Chapter 8 (1st ed. Ch.9)
Code Generation Part I Chapter 9
Machine-Level Programming 2 Control Flow
Programmer’s View of the EAGLE
InCheck: An In-application Recovery Scheme for Soft Errors
A brief history •First microprocessor at Intel in
University of Gujrat Department of Computer Science
Subroutines and the Stack
Multiplication and Division Instructions
Multiplication and Division Instructions
Chapter 8: Instruction Set 8086 CPU Architecture
Introduction to Multimedia Security Topics Covered in this Course
Part IV The FLAGS Register
Presentation transcript:

Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere

2 Problem Alice Bob Wendy Embedder Extractor

3 Location of the Secret Message oMedia human senses redundant bits oExecutables processors single-bit failure NOISE ⇒ CHOICE

4 01 Embedding Bits in a Choice

5 Embedding Bits in a Choice alternatives bitsbits n=7 ⇒ 3 unused n=31 ⇒ 15 unused

Embedding Bits in a Choice

alternatives bitsbits

8 Instruction Selection Alice Bob Selection

9 Instruction Selection mov 0,reg sub reg,reg and 0,reg xor reg,reg lea 0,reg imul 0,reg operation: reg=0 sub -1,reg add 1,reg inc reg lea 1(reg),reg operation: reg=reg+1 … neg reg imul -1,reg,reg operation: reg=-reg

10 Alice Bob Scheduling Selection Scheduling Selection

11 Instruction Scheduling & Code Layout source sink oInstruction Scheduling oCode Layout pieces of code that can be placed in any order

12 Layout Interactions Alice Bob Scheduling Selection Layout Scheduling Selection Canonicalize

13 Evaluation: i386 (1) bzip2craftygapgzipmcfparsertwolfvortexvprtotal (1/200) (1/100) (1/50) (1/40) (1/25) instruction selection instruction scheduling code layout Benchmarks Embedding Rate Hydan

14 Layout Code Transformation Signatures Alice Bob Scheduling Selection Layout Scheduling Selection Wendy sub 0x8,ebp (3 byte) ⇒ lea -0x8(,ebp,1),ebp (7byte)

15 CTS: Instruction Selection mov 0,reg sub reg,reg and 0,reg xor reg,reg lea 0,reg imul 0,reg operation: reg=0 Wendy

16 oCTS: unusual code property introduced by the applied code transformation oDetection: 1.quantify property through metric 2.build statistical model of expected behavior 3.compare observed to expected behavior 4.classify code into clean and suspect Detection of CTSs

17 Layout Code Transformation Signatures Scheduling Selection Unusual Instructions Unusual Frequencies Diverse Schedules Suboptimal Schedules Unusual Jump Behaviour

18 Evaluation: i386 (2) instruction selection instruction scheduling code layout bzip2craftygapgzipmcfparsertwolfvortexvprtotal Benchmarks (1/200) (1/100) (1/50) (1/40) (1/25) Embedding Rate Hydan

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.