A robust software watermarking framework using shellcode

  • Ayan DeyEmail author
  • Shibashis Ghosh
  • Sukriti Bhattacharya
  • Nabendu Chaki


Watermarks have long been applied to ensure the authenticity of media contents. Computer software is an intellectual outcome in the digital domain. Therefore, it has to face all the common threats like illegal redistribution, copying, misuse through malicious modification. However, the majority of the existing software watermarking techniques are suffering from the limitations of existing robustness notions and lack of resilience from a variety of attacks. In this paper, we proposed a novel robust software watermarking scheme based on “shellcode”. It is a small piece of code generally used as the payload in the exploitation of a software vulnerability. It consists of a list of carefully arranged machine instructions, executed through injecting into a running application. Shellcode serves as the backbone of our proposed watermarking scheme. It is used to achieve both covert communication (steganography), and deterrence (watermarking) process in the proposed watermarking technique. Such a combination gives more robustness and security to the whole process. In this paper, we introduce ShellMark as a proof of concept to illustrate the shellcode based software watermarking technique. We compared and tested ShellMark with already existing software watermarking techniques, and it showed that ShellMark is resilient to most of the well known watermarking attacks.


Software watermarking Shellcode Encryption Hash functions 


Funding Information

This study was funded by TCS Research Scholar Program (granted to Ayan Dey) and TEQIP Phase-III project (granted to the University of Calcutta).

Compliance with Ethical Standards

Conflict of interests

The authors declare that they have no conflict of interest.


  1. 1.
    Abu-Marie W, Gutub A, Abu-Mansour H (2010) Image based steganography using truth table based and determinate array on rgb indicator. Int J Signal Image Process 1(3)Google Scholar
  2. 2.
    Ahmadoh E, Gutub AA-A (2015) Utilization of two diacritics for arabic text steganography to enhance performance. vol 3Google Scholar
  3. 3.
    Al-Nofaie S, Fattani M, Gutub A (2016) Capacity improved arabic text steganography technique utilizing ‘kashida’with whitespaces. In: The 3rd international conference on mathematical sciences and computer engineering (ICMSCE2016), pp 38–44Google Scholar
  4. 4.
    Al-Nofaie SM, Fattani MM, Gutub AA-A (2016) Merging two steganography techniques adjusted to improve arabic text data security. Journal of Computer Science & Computational Mathematics (JCSCM) 6(3):59–65CrossRefGoogle Scholar
  5. 5.
    Alanazi N, Alanizy A, Baghoza N, AlGhamdi M, Gutub A (2018) 3-layer pc text security via combining compression, aes cryptography 2lsb image steganography. J Res Eng Appl Sci 3:118–124, 11Google Scholar
  6. 6.
    Aljuaid N, Gutub A (2014) 2-leyer security system for hiding sensitive text data on personal computers. Lecture Notes on Information Theory, (2): 151–157, 06Google Scholar
  7. 7.
    Aljuaid N, Gutub A (2014) Flexible stego-system for hiding text in images of personal computers based on user security priority. In: Proceedings of 2014 international conference on advanced engineering technologies, p 12Google Scholar
  8. 8.
    Almazrooie M, Samsudin A, Gutub AA-A, Salleh MS, Omar MA, Hassan SA (2018) Integrity verification for digital holy quran verses using cryptographic hash function and compression. Journal of King Saud University - Computer and Information SciencesGoogle Scholar
  9. 9.
    Alrehily A, Thayananthan V (2018) Computer security and software watermarking based on return-oriented programming. Int J Comput Net Inf Secur (IJCNIS) 10 (5):28–36Google Scholar
  10. 10.
    Behera CK, Bhaskari DL (2015) Different obfuscation techniques for code protection. Procedia Comput Sci 70:757–763CrossRefGoogle Scholar
  11. 11.
    Chen Z, Wang Z, Jia C (2017) Semantic-integrated software watermarking with tamper-proofing. Multimed Tools Appl: 1–20Google Scholar
  12. 12.
    Collberg C, Thomborson C (1999) Software watermarking: models and dynamic embeddings. In: Principles of programming lang. ACM, pp 311–324Google Scholar
  13. 13.
    Cox IJ, Miller ML, Bloom JA (2000) Watermarking applications and their properties. In: Information technology: coding and computing. IEEE, pp 6–10Google Scholar
  14. 14.
    Dey A, Bhattacharya S, Chaki N (2018) Software watermarking: progress and challenges. INAE Lett: 1–11Google Scholar
  15. 15.
    Dey A, Dutta R, Bhattacharya S, Chaki Ns (2019) Shellmark: a robust software watermarking tool. In: Proceedings of the ACM India joint international conference on data science and management of data, CoDS-COMAD ’19. New York, New York, pp 260–264Google Scholar
  16. 16.
    Djekic P, Loebbecke C (2007) Preventing application software piracy: an empirical investigation of technical copy protections. J Strategic Inf Sys 16(2):173–186CrossRefGoogle Scholar
  17. 17.
    Eight annual bsa and idc global software. (2010)
  18. 18.
    Fratantonio Y, Kruegel C, Vigna G (2011) Shellzer: a tool for the dynamic analysis of malicious shellcode. In: International workshop on recent advances in intrusion detection. Springer, pp 61–80Google Scholar
  19. 19.
    Gupta G, Pieprzyk J (2006) A low-cost attack on branch-based software watermarking schemes. In: Digital watermarking. Springer, pp 282–293Google Scholar
  20. 20.
    Gutub A (2010) Pixel indicator technique for rgb image steganography. Journal of Emerging Technologies in Web Intelligence 2:02Google Scholar
  21. 21.
    Gutub A, Mohammad Fattani M (2007) A novel arabic text steganography method using letter points and extensions. International Journal of Computer, Electrical, Automation, Control and Information Engineering 1:502–505, 01Google Scholar
  22. 22.
    Gutub A, Al-Qahtani A, Tabakh A (2009) Triple-a: secure rgb image steganography based on randomization. In: 2009 IEEE/ACS international conference on computer systems and applications, pp 400–403Google Scholar
  23. 23.
    Gutub A, Al-Haidari F, Al-Kahsah KM, Hamodi J (2010) E-text watermarking: utilizing ’kashida’ extensions in arabic language electronic writing. Journal of Emerging Technologies in Web Intelligence 2:48–55, 02Google Scholar
  24. 24.
    Gutub AA, Ghouti LM, Elarian YS, Awaideh SM, Alvi AK (2010) Utilizing diacritic marks for arabic text steganography. Kuwait Journal of Science & Engineering (KJSE) 37(1):89–109Google Scholar
  25. 25.
    Gutub AA-A, Al-Alwani W, Mahfoodh AB (2010) Improved method of arabic text steganography using the extension ’kashida’character. Bahria University Journal of Information & Communication Technology 3(1):68–72Google Scholar
  26. 26.
    Hamilton J, Danicic S (2011) A survey of static software watermarking. In: World congress on internet security. IEEE, pp 100–107Google Scholar
  27. 27.
    Hosseinzadeh S, Rauti S, Laurén S, Mäkelä J-M, Holvitie J, Hyrynsalmi S, Leppänen V (2018) Diversification and obfuscation techniques for software security: a systematic literature review. Inf Softw Technol 104:72–93CrossRefGoogle Scholar
  28. 28.
    Khan F, Gutub A (2007) Message concealment techniques using image based steganographyGoogle Scholar
  29. 29.
    Li M, Chen X, Li X, Ma B, Vitanyi PMB (2004) The similarity metric. IEEE Trans Inf Theory 50(12):3250–3264MathSciNetCrossRefGoogle Scholar
  30. 30.
    Lim H-I, Park H, Choi S, Han T (2008) Detecting theft of java applications via a static birthmark based on weighted stack patterns. IEICE Trans Inf Sys E91.D (9):2323–2332CrossRefGoogle Scholar
  31. 31.
    Lim H-I, Park H, Choi S, Han T (2009) A method for detecting the theft of java programs through analysis of the control flow information. Inf Softw Technol 51 (9):1338–1350CrossRefGoogle Scholar
  32. 32.
    Mishra A, Kumar R, Chakrabarti P (2008) A method-based whole-program watermarking scheme for java class files. J ArticleGoogle Scholar
  33. 33.
    Myles G, Collberg C (2005) K-gram based software birthmarks. In: Proceedings of the 2005 ACM symposium on applied computing, SAC ’05. ACM, New York, pp 314–318Google Scholar
  34. 34.
    Pizzolante R, Castiglione A, Carpentieri B, De Santis A, Palmieri F, Castiglione A (2018) On the protection of consumer genomic data in the internet of living things. Comput Secur 74:384–400CrossRefGoogle Scholar
  35. 35.
    Seizing opportunity through license compliance. (2015)
  36. 36.
    Sha Z, Jiang H, Xuan A (2009) Software watermarking algorithm by coefficients of equation. In: Genetic and evolutionary computing. Springer, pp 410–413Google Scholar
  37. 37.
    Shirali-Shahreza M, Shirali-Shahreza S (2008) Software watermarking by equation reordering. In: Information and communication technologies: from theory to applications, (ICTTA 2008). IEEEGoogle Scholar
  38. 38.
    Sion R, Atallah M, Prabhakar S (2002) On watermarking numeric sets. In: Digital watermarking. Springer, pp 130–146Google Scholar
  39. 39.
    Stern JP, Hachez G, Koeune F, Quisquater J-J (2000) Robust object watermarking: application to code. In: Information hiding. Springer, pp 368–378Google Scholar
  40. 40.
    Tamada H, Okamoto K, Nakamura M, Monden A, Matsumoto K-I (2004) Dynamic software birthmarks to detect the theft of windows applications. In: Future software technology, vol 20Google Scholar
  41. 41.
    Tamada H, Nakamura M, Monden A, Matsumoto K-I (2005) Java birthmarks - detecting the software theft. IEICE Trans Inf Syst E88-D(9):2148–2158CrossRefGoogle Scholar
  42. 42.
    Wang Y, Gong D, Lu B, Xiang F, Liu F (2018) Exception handling-based dynamic software watermarking. IEEE Access 6:8882–8889CrossRefGoogle Scholar
  43. 43.
    Willison R, Siponen MT (2008) Software piracy: original insights from a criminological perspective. In: 41st Hawaii international conference on systems science (HICSS-41), p 266Google Scholar
  44. 44.
    Yong-Xia Z, Ge Z (2010) Md5 research. In: 2010 second international conference on multimedia and information technology, vol 2, pp 271–273Google Scholar
  45. 45.
    Zhu WF (2007) Concepts and techniques in software watermarking and obfuscation. PhD thesis, ResearchSpace@ AucklandGoogle Scholar
  46. 46.
    Zhu W, Thomborson C, Wang F-Y (2005) A survey of software watermarking. In: Intelligence and security informatics. Springer, pp 454–458Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.A. K. Choudhury School of I.T.University of CalcuttaKolkataIndia
  2. 2.Environmental Informatics, Department of Environmental Research and Innovation (ERIN)Luxembourg Institute of Science & Technology (LIST)Esch-sur-AlzetteLuxembourg
  3. 3.Department of Computer Science and Engg.University of CalcuttaKolkataIndia

Personalised recommendations