DopSteg: Program steganography using data-oriented programming

Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Science of computer programming Jg. 245; S. 103311
Hauptverfasser: Lv, Jianqiang, Fu, Cai, Chen, Liangheng, Liu, Ming, He, Shuai, Jiang, Shuai, Han, Lansheng
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier B.V 01.10.2025
Schlagworte:
Code reuse
Control flow flattening
Program steganography
Semantic execution zone
Code reuse
Program steganography
Control flow flattening
Semantic execution zone
ISSN:0167-6423
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection. •A novel code steganography scheme, DopSteg, is proposed, which enables more profound levels of code steganography protection.•The concept of “semantic execution regions” is introduced, which is used to guide control flow flattening.•DopSteg increases the average instruction entropy by 140%, significantly enhancing the difficulty of reverse analysis while maintaining stable performance.
ISSN:0167-6423
DOI:10.1016/j.scico.2025.103311