Abstract
We present a scheme to steganographically embed information in x86 program binaries. We define sets of functionally-equivalent instructions, and use a key-derived selection process to encode information in machine code by using the appropriate instructions from each set. Such a scheme can be used to watermark (or fingerprint) code, sign executables, or simply create a covert communication channel. We experimentally measure the capacity of the covert channel by determining the distribution of equivalent instructions in several popular operating system distributions. Our analysis shows that we can embed only a limited amount of information in each executable (approximately 1/110 bit encoding rate), although this amount is sufficient for some of the potential applications mentioned. We conclude by discussing potential improvements to the capacity of the channel and other future work. © Springer-Verlag 2004.
Cite
CITATION STYLE
El-Khalil, R., & Keromytis, A. D. (2004). Hydan: Hiding information in program binaries. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3269, 187–199. https://doi.org/10.1007/978-3-540-30191-2_15
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
