International Journal of Computer Applications (0975 – 8887) Volume 166 – No.8, May 2017 21 Software Watermarking based on Return-Oriented Programming for Computer Security Ashwag Alrehily and Vijey Thayananthan Computer Science Department, Faculty of Computing and Information Technology, King Abdul Aziz University, Jeddah 21589, Saudi Arabia ABSTRACT Currently, the major problem for software developers is software piracy. To protect software from piracy, many techniques are developed, and one of them is software watermark. Software watermark provides authentication and copyright protection by embedding a watermark into the software, and the owner can claim ownership of the software by watermark extraction. The software watermarking improves the computer security with a robust solution to expose the unauthorized modification or illegal copying of different kind of attacks. Now, there many techniques for embedding and extracting watermark into software and most recent one used malicious code like return-oriented programming (ROP) for good uses. Moreover, any software protection with an efficient watermarking algorithm based on ROP is a relatively new branch of computer security. Thus, in this paper, new software watermark has been designed using ROP technique that enhances the existing one. The watermark has been embeded using ROP and it has been extracted once ROP trigger is triggered. ROP trigger uses a SHA256 hash function to compare between watermark secret input and user entered key. As a result, the proposed work has strong resilience, Stealth and minimum runtime overhead. General Terms In this paper, ROP is considered as my general term. Throughout this research, software watermark is considered to improve the computer security. Keywords Computer security, Software watermark, Return-oriented programming and Secure Hash Algorithm. 1. INTRODUCTION In computer security, ROP is one of the most popular techniques which not only prevent the code-reuse attacks but also return-to-lib(c) attacks. In this research, the ROP attacker locates specific code sequences inside the binary, then places their addresses onto the program stack, writing the appropriate return instruction itself to transfer control flow from one gadget to the next. To implement this concept, only a subset of this functionality which allows us to perform the further experiments, should be developed. Generally, ROP is used to bypass measures that prevent code injection such as data execution prevention. However, a classic code injection attack is one of the attackers’ targets in the computer security issues. According to the recent Security Intelligence Report released by Microsoft, ROP played an important role in preventing the code injection attacks on Microsoft products between 2012 and 2014. Since all current major operating systems implement some form of data execution prevention mechanism, ROP is now practically required for any arbitrary code execution attack. Computer software has become in every people’s daily life, and software piracy is becoming a serious issue for enterprises. There are many techniques to protect the software, and one of them is software watermark. It is a process of embedding a secret message in the source code of the program; the secret message can be extracted to identify the information about copyright owner of the software such as author, publisher, and owner. Embedded watermark in software should not affect the flow of the program or make any redundant space that will affect the program high-quality [1]. To add watermark into software there are two important processes must perform:1) embed a watermark into software.2) extract the watermark from software. More precisely, assume that W is the watermark, P is the Program and K are the secret input; the watermark W embeds into a program P plus the secret input K to produce watermarked program Pw. The following function describes the watermark embed. Embed (P, W, k)→ Pw. And to display the copyright of the software owner the watermark W can be extracted from the watermark program Pw by watermark extractor and secret input K. The following function describe the software watermark extraction [2]. Extract (Pw , k) →W. There are two types of software watermark techniques: 1) Static software watermark technique which is embedded the watermark in the target application executable such as the text section and initialized data 2) Dynamic software watermark technique which is embedded the watermark in the program execution state or dynamic data that gives the program a new path to execute which contain the watermark [2]. It is proudly believed that the dynamic watermark is more reliable and secure solution because the hidden message retrieved by running and examining the specific behavior of specific path of the watermarked program [3]. One of the more resilient and stealthy over existing techniques in dynamic watermarks is software watermarking using ROP [4] which designs watermarking code to look like normal data and triggered to execute. After triggered, the hidden watermark message recovers by the pre-constructed ROP execution. Using ROP with its instructions in a program can create unexpected executions (Path) which are invisible functionally.