100 likes | 276 Views
Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer Science Purdue University West Lafayette, IN 47907 Presented by Dejin Zhao. Outline. Introduction: Dynamic Graph Watermarking
E N D
Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer Science Purdue University West Lafayette, IN 47907 Presented by Dejin Zhao
Outline • Introduction: Dynamic Graph Watermarking • Watermark Representation • Watermark Embedding and the Problems (my focus) • 4. Watermark Retrieval and Experiment • 5. Summary
Introduction Attacks : locating, distorting, or removing watermark, etc. “Semantics-Preserving Program Transformations”: easily remove or distort watermarks embedded in the static data structure, for example, comments, string constants, the order of instructions, etc. Solution: store watermark in dynamic data structure that are created at run-time. An approach [Collberg and Thomborsen]: represent a number by a dynamic graph which can be built as object structure at run-time.
Watermark Representation Number W can be represented by the graph whose index is exactly this number according to graph enumeration (figure 2) . * assume: a watermark is a number W ** C(n) is the number of PPCTs with n leaves After determining watermark’s graph representation, How to build this graph in the run-time and how to merge it into the original program in order to protect against other attacks?
Watermark Embedding class base{ int a; Node ( ) { a=0; } } class base{ int a; Node left, right;//additional fields holding an outgoing edge to another node public base ( ) { a=0; } addedge (base outgoing-edge, int branch){ //additional function if (branch = 0) this.left = outgoing-edge;//adding a outgoing edge else this.right = outgoing-edge;//to the Node. } } 1. Build a Node Class for this Graph: choose a base class in the original program and convert it into a node class.
Watermark Embedding (1) add a class A1 extending A and merge code for building graph in its constructor. class A1 extends A { A1( ) { a1=0; <code for building graph> } int a1; } class A{ A( ){ a1=0; } int a1; } 2. Build and Merge Graph: (2) change a expression “new A( )” to “new A1( )” * It is sufficient to protect against a variety of program-transformation attacks, but 3. Problem: The extra code for building the graph can easily be located and removed by an attacker.
1. Introduction to Opaque Predicates : Solution for the Problem (1) Opaque Predicates (one of obfuscation techniques):replaces statement “S” with the form “if (x!=y) S”. (2) Watermark Graph is an excellent source for opaque predicates, where x, y are distinct nodes of the graph. We can use it to obfuscate the original program P as following diagram. Here both P1 and C are unobfuscated because Gw must be created and executed before “If (x!=y) S” can be implemented. Run- time Program P = P1 + [Code for Gw] + P2
2. Obfuscate P and C: by introducing another graph general-purpose obfuscator P’ 3. Tamperproofing: we have achieved a level of tamperproofing
1. Watermark Retrieval: retrieve the watermark graph by accessing the heap image. Watermark Retrieval and Experiment Find node of the graph Locate the Origin node Calculate the index of the graph 2. Experimental Results: (1) JavaWiz adds less than 10 kilobytes of code on average. (2) Embedding a watermark is done in less than 20 seconds. (3) Watermarking increases a program’s execution time less than 7%. (4) Watermark retrieval is done in about 1 minute per 1 megabytes of heap.
A simple example Summary Embedding Retrieval Graph: W(1) Graph Construction Code Recognizer Node Class Obfuscation Tamperproofing Heap int(T) = 1 = W P Original Program Run-time C PPCT C Question: Why not add a new class for the node instead of choosing a base class from the original program?