SaTC: CORE: Small: Collaborative: Evaluating Performance and Security of Executable Steganography for Surreptitious Programs

SaTC：核心：小型：协作：评估秘密程序的可执行隐写术的性能和安全性

• 批准号: 1811578
• 负责人: Jeffrey McDonald
• 金额: $ 15.14万
• 依托单位: University of South Alabama
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1811578&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Evaluating

Intellectual property protection of software remains a priority for the commercial sector because counterfeiting and piracy erode profits and market share, ultimately causing impacts on companies, consumers and governments. Watermarking for proving digital ownership and obfuscation for hindering adversarial reverse engineering are currently used to provide some level of deterrence against this. This project will investigate novel methods of software protection, hiding executable programs within other executable code.Proposed research will investigate the use of "executable steganography" as a possible anti-reverse engineering technique and a way to watermark software. The goal of this research is to produce viable methods for hiding executable code, expanding the state-of-the-art for this style of program protection, while also characterizing its effectiveness based on capacity, robustness, detectability, invisibility, and resilience. Both University of Nebraska Omaha and University of South Alabama bring key opportunities for broader impacts of this research. Both have a rich tradition of meeting the needs of diverse student bodies, both are in Established Program to Stimulate Competitive Research (EPSCoR) states, with numerous students coming from rural areas. Both universities have extensive K-12 STEM outreach and Scholarship for Service students preparing for future cybersecurity careers. The research teams will directly engage students in the research as part of their academic programs via course projects, senior capstone exercises, and labs. The data for this project will not contain any personal or sensitive information other than the algorithms developed. Other researchers will have access to any databases and the source code via individual requests to the PIs. Research papers and published conference papers, etc. will be available via the project web page: http://loki.ist.unomaha.edu/~wmahoney/ExecutableSteganography/index.html.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

软件的知识产权保护仍然是商业部门的优先事项，因为假冒和盗版侵蚀利润和市场份额，最终对公司、消费者和政府造成影响。用于证明数字所有权的水印和用于阻止对抗性逆向工程的模糊处理目前被用来提供某种程度的威慑。本计画将探讨新的软体保护方法，将可执行程式隐藏在其他可执行程式码中，并将探讨“可执行隐写术”作为一种可能的反逆向工程技术，以及一种对软体加水印的方法。本研究的目标是产生可行的方法隐藏可执行代码，扩展这种风格的程序保护的最先进的，同时也表征其有效性的基础上的容量，鲁棒性，可检测性，不可见性和弹性。内布拉斯加大学奥马哈分校和南亚拉巴马大学都为这项研究带来了更广泛的影响。两者都有满足不同学生团体需求的丰富传统，都是在既定的计划，以刺激竞争力的研究（EPSCoR）状态，与许多学生来自农村地区。这两所大学都有广泛的K-12 STEM外展和奖学金，为未来的网络安全职业做准备。研究团队将通过课程项目，高级顶点练习和实验室直接让学生参与研究，作为其学术课程的一部分。 该项目的数据将不包含任何个人或敏感信息，而不是开发的算法。其他研究人员可以通过向PI提出的个人请求访问任何数据库和源代码。研究论文和已发表的会议论文等将通过项目网页：http://loki.ist.unomaha.edu/~wmahoney/ExecutableSteganography/index.html.This奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估。

项目成果

Leave It to Weaver

• DOI: 10.1145/3289239.3291459
• 发表时间: 2018-12
• 期刊: Proceedings of the 8th Software Security, Protection, and Reverse Engineering Workshop
• 作者: W. Mahoney;Joseph Franco;Gregory Hoff;J. McDonald

Polymorphic Circuit Generation Using Random Boolean Logic Expansion

使用随机布尔逻辑扩展生成多态电路

• DOI: 10.1145/3341105.3374031
• 发表时间: 2020
• 期刊: 35th ACM/SIGAPP Symposium On Applied Computing
• 作者: McDonald, J.;Stroud, T.;and Andel, T.
• 通讯作者: and Andel, T.

Evaluating Security of Executable Steganography for Digital Software Watermarking

评估数字软件水印的可执行隐写术的安全性

• 发表时间: 2020
• 期刊: 7th Annual Cybersecurity Symposium
• 作者: Mullins, J.;McDonald, J.T.;Mahoney, W.R.;Andel, T.R.
• 通讯作者: Andel, T.R.