The ease of reproducibility of digital artifacts raises a growing concern in copyright infringement; in particular, for a software product. Software watermarking is one of the promising techniques to verify the owner of licensed software by embedding a digital fingerprint. Developing an ideal software watermark scheme is challenging because i) unlike digital media watermarking, software watermarking must preserve the original code semantics after inserting software watermark, and ii) it requires well-balanced properties of credibility, resiliency, capacity, imperceptibility, and efficiency. We present SoftMark, a software watermarking system that leverages a function relocation where the order of functions implicitly encodes a hidden identifier. By design, SoftMark does not introduce additional structures (i.e., codes, blocks, or subroutines), being robust in unauthorized detection, while maintaining a negligible performance overhead and reasonable capacity. With various strategies against viable attacks (i.e., static binary re-instrumentation), we tackle the limitations of previous reordering-based approaches. Our empirical results demonstrate the practicality and effectiveness by successful embedding and extraction of various watermark values.
|Title of host publication||Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021|
|Publisher||Association for Computing Machinery|
|Number of pages||13|
|Publication status||Published - 2021 Dec 6|
|Event||37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States|
Duration: 2021 Dec 6 → 2021 Dec 10
|Name||ACM International Conference Proceeding Series|
|Conference||37th Annual Computer Security Applications Conference, ACSAC 2021|
|Period||21/12/6 → 21/12/10|
Bibliographical noteFunding Information:
We thank the anonymous referees and our shepherd Sang Kil Cha for their constructive feedback. This work was supported by Institute for Information & communication Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01343, Regional strategic industry convergence security core talent training business), NSF under awards 1916499, 1908021, and 1850392. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsor.
© 2021 Association for Computing Machinery.
All Science Journal Classification (ASJC) codes
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications