Software security is constantly compromised by attack from hackers. Typically, hackers spend time and resources to tamper with the code to discover vulnerabilities then exploit these to carry out an attack. Such attacks, when conducted in a distributed corporations, online service providers, government agencies, etc. One possible defense against hackers is to have multiple copies of software which are functionally equivalent but where each copy is distinct (Software Diversity).In this case, an attack is likely to be effective against only one instance (or a small fraction of instances) of the software. Some tools and techniques have been devised for this purpose. Moreover, these tools modify software at the source code level. We believe that transformations at the assembly code level are more robust and secure. Watermarking is a technique of embedding some special mark in an object to use it as identification. This project addresses software watermarking, i.e., embedding some special pieces of code in software so as to uniquely identify software. These special pieces of code (transformations) serve as a watermark and can carry any special information we wish to embed.
Another use of code transformations is for software watermarking. In this research project, we intend to focus primarily on this particular application of such transformations. I propose to make the code transformations at the assembly level. This creates unique, but functionally equivalent instances of a given piece of software. The aim of this project is to effectively insert a watermark in assembly code software and retrieve the watermark from the executable. This watermark carries customer-specific information. We will be working on assembly language 80x86 as it is widely used by several of the current processors.The project has two principal goals.
1. To produce multiple copies of a given piece of software, making an attacker's job more difficult and thereby reducing the potential damage in the event of an attack.
2. To provide anti-piracy protection by embedding a customer's information in each instance of the software. If pirated versions of the software are found in the market,we can retrieve the watermark from its code and determine which legitimate customer originally received this copy of the software. As a side benefit, the reverse-engineering problem is made more difficult and this in turn makes the software more secure. We must make it difficult for an attacker to identify the actual location of the watermark in the software. And even if an attacker does succeed in identifying the watermark, tampering with it should be a the watermark and having the resulting code to function correctly is a challenging task.
A feasibility study is a test of a system proposal according to its workability impact on the organization,ability to meet user needs and effective use of resources. Three key considerations are involved in the feasibility analysis:economic, technical,behavioral. Before entering into the procedure of system designing, We are obliged to study about the feasibility of introducing a new computerized system. To replace the existing system with a new one is quite easy,but we have to vanish the drawbacks of current system and make the user able to enjoy the advantages of coming system. The proposed system must be evaluated from a technical,operational and economical feasibility of developing a computer system. The objective of the feasibility study is not only solve the problem but also to accurate the sense of scope. During the study,the problem is defined is crystallized and aspects of the problem to be included in the system are determined. Consequently,cost and benefits are estimated with greater accuracy at this stage.
The requirements of this project involves a GCC compiler, java virtual machine and IDA Pro Disassembler which are freely available in various website like Sun java etc. So this project is economically feasible.
Watermark is added to the assembly code of a software,many compilers can generate assembly code of a software,and there are disassemblers to convert the executables back to assembly code. So this project is technically feasible.