Watermarking is a technique for embedding an identifying message into software that may later be retrieved to recognize ownership or authenticate information. Return-oriented programming (ROP) allows a malicious attacker to manipulate the call stack (storing information about active subroutines), making it more difficult to defend against. These researchers have merged watermarking and ROP to stealthily allow the recovery of a hidden watermark message. This paper, for advanced researchers, indicates how malicious methodologies may be utilized for creative purposes.
The paper is well organized, beginning with an overview and introduction to software watermarking and ROP. The researchers provide a simple example of how ROP-based watermarking functions. Their design “splits the watermarking payload into small segments to be constructed in [various] functions of the program which [they] called ‘carriers.’” This reduces suspicion and possible detection. The methodology is discussed in some detail.
The technique was tested on a number of programs from the SPECint-2006 test suite. The parameters of stealth, credibility, and resilience were evaluated with positive results. Reduced runtime was also apparent. Their technique compared favorably to RopStep, “a general tool for hiding code portions ... with ROP.” However, the researchers note that their technique would be vulnerable to a library replacement attack in which the original libraries that linked to the watermarked program would be replaced. Additional research will address this issue.
With good organization, figures, and a list of references, this 11-page report is well done.