Requirements Engineering

, Volume 21, Issue 1, pp 131–159 | Cite as

Requirements for tools for comprehending highly specialized assembly language code and how to elicit these requirements

  • Jennifer BaldwinEmail author
  • Alvin Teh
  • Elisa Baniassad
  • Dirk van Rooy
  • Yvonne Coady
Original Article


Program comprehension tools used with assembly language—often for maintaining legacy software or reverse engineering malware threats—are dated and fail to provide rudimentary features found in tool support for higher-level languages. The need for people who can maintain these legacy systems is growing, as is the number of malicious cyberspace threats. To build new visualization and analysis tools within this domain, we need to understand the unique challenges faced by these developers. This paper presents the results of an exploratory case study to elicit requirements from two uniquely specialized groups of assembly language developers in an industrial setting: a large multi-national company developing mainframe software and a government defense facility analyzing malware and security flaws. In addition to surveys, observations and interviews, this study applies social psychology and nominal group techniques. We provide a ranking, and detailed description, for the requirements elicited in each group. We further include additional requirements obtained from observational studies. The ultimate conclusion we reach is that while similarities exist at a high level, upon deeper inspection, each group is quite unique with regard to their tooling needs.


Requirements elicitation Assembly language Reverse engineering Social psychology Nominal group technique Case study Software visualization Software analysis 



The authors would like to thank the members of the Alpha group and Beta group for participating in our research. This work was partially funded by NSERC (Natural Sciences and Engineering Research Council of Canada).


  1. 1.
    Baldwin J, Sinha P, Salois M, Coady Y (2011) Progressive user interfaces for regressive analysis: making tracks with large, low-level systems. In: Proceedings of the Australasian user interface conference (AUIC), Perth, AustraliaGoogle Scholar
  2. 2.
    Treude C, Figueira Filho F, Storey M-A, Salois M (2011) An exploratory study of software reverse engineering in a security context. In: 18th working conference on reverse engineering (WCRE), Oct 2011, pp 184–188Google Scholar
  3. 3.
    Teh A, Baniassad E, Rooy DV, Boughton C (2011) Social psychology and software teams: a preliminary look at establishing task-effective group norms, vol 99. IEEE Software (PrePrints)Google Scholar
  4. 4.
    Postmes T, Spears R, Cihangir S (2001) Quality of decision making and group norms. J Pers Soc Psychol 80(6):918–930CrossRefGoogle Scholar
  5. 5.
    Stangor C (2004) Social groups in action and interaction. Psychology Press, New York, NYGoogle Scholar
  6. 6.
    Janis IL (1982) Groupthink: psychological studies of policy decisions and fiascoes. Houghton Mifflin, BostonGoogle Scholar
  7. 7.
    Tajfel H, Billig MG, Bundy RP, Flament C (1971) Social categorization and intergroup behaviour. Eur J Soc Psychol 1(2):149–178. doi: 10.1002/ejsp.2420010202 CrossRefGoogle Scholar
  8. 8.
    Goncalo J, Staw B (2006) Individualism-collectivism and group creativity. Organ Behav Hum Decis Process 100(1):96–109CrossRefGoogle Scholar
  9. 9.
    Kruglanski AW (1990) Motivations for judging and knowing: implications for causal attribution. Handb Motiv Cogn Found Soc Behav 2:333–368Google Scholar
  10. 10.
    Kruglanski AW, Webster DM (1996) Motivated closing of the mind:“seizing” and “freezing”. Psychol Rev 103(2):263–283 (Online).
  11. 11.
    Bechtoldt MN, De Dreu CKW, Nijstad BA, Choi H-S (2010) Motivated information processing, social tuning, and group creativity. J Personal Soc Psychol 99(4):622–637CrossRefGoogle Scholar
  12. 12.
    Oyserman D, Coon HM, Kemmelmeier M (2002) Rethinking individualism and collectivism: evaluation of theoretical assumptions and meta-analyses. Psychol Bull 128(1):3–72 (Online).
  13. 13.
    LimeSurvey (2013) (Online).
  14. 14.
    Webster DM, Kruglanski AW (1994) Individual differences in need for cognitive closure. J Personal Soc Psychol 67(6):1049–1062 (Online).
  15. 15.
    Roets A, Van Hiel A (2011) Item selection and validation of a brief, 15-item version of the need for closure scale. Personal Individ DifferGoogle Scholar
  16. 16.
    Ericsson KA, Simon HA (1993) Protocol analysis: verbal reports as data, Rev edn. MIT Press, CambridgeGoogle Scholar
  17. 17.
    Lewis C, Rieman J (1994) Task-centered user interface design: a practical introduction. Department of Computer Science, University of Colorado, BoulderGoogle Scholar
  18. 18.
    Goguen J, Linde C (1993) Techniques for requirements elicitation. In: Proceedings of IEEE international symposium on requirements engineering (RE), Jan 1993, pp 152–164Google Scholar
  19. 19.
    Singer J, Lethbridge T, Vinson N, Anquetil N (1997) An examination of software engineering work practices. In: Proceedings of the centre for advanced studies conference (CASCON). IBM Press (Online).
  20. 20.
    Delbecq AL, VandeVen AH (1971) A group process model for problem identification and program planning. J Appl Behav Sci VII:466–491CrossRefGoogle Scholar
  21. 21.
    Diehl M, Stroebe W (1987) Productivity loss in brainstorming groups: toward the solution of a riddle. J Personal Soc Psychol, 53(3):497–509 (Online).
  22. 22.
    High level assembler and toolkit feature (2010) (Online).
  23. 23.
    Hex-Rays SA (2010) IDA pro disassembler (Online).
  24. 24.
    Storey M-A, Cheng L-T, Bull I, Rigby P (2006) Shared waypoints and social tagging to support collaboration in software development. In: Proceedings of the 2006 20th anniversary conference on computer supported cooperative work, ser. CSCW ’06. New York, NY, USA: ACM, pp 195–198Google Scholar
  25. 25.
    Collberg C, Thomborson C, Low D (1997) A taxonomy of obfuscating transformations. Technical Report 148Google Scholar
  26. 26.
    Plug-In Contest 2011: Hall Of Fame, 2012 (Online).
  27. 27.
    Van Emmerik M, Waddington T (2004) Using a decompiler for real-world source recovery. In: WCRE ’04: proceedings of the 11th working conference on reverse engineering. IEEE Computer Society, Washington, DC, USA, pp 27–36Google Scholar
  28. 28.
    IDA Plugins: Sobek, 2012. (Online).
  29. 29.
    Baldwin J, Coady Y (2012) AVA: assembly visualization and analysis. In: Eclipse Demo Camp. Vancouver, BC, Canada June 2012Google Scholar
  30. 30.
    Thompson M (2010) Mariposa botnet analysis. Defence intelligence, Technical Report (Online).
  31. 31.
    Sinha P, Boukhtouta A, Belarde VH, Debbabi M (2010) Insights from the analysis of the Mariposa botnet. In: 5th international conference on risks and security of internet and systems (CRISIS), Montreal, QC, CanadaGoogle Scholar
  32. 32.
    Google App Engine (2012) (Online).
  33. 33.
    Amini P (2006) PaiMei—reverse engineering framework. In: RECON ’06: reverse engineering conference. Montreal, CanadaGoogle Scholar
  34. 34.
    Bales RF (1950) Interaction process analysis. Massachusetts, CambridgeGoogle Scholar
  35. 35.
    Teh A (2012) Normative manipulation as a way of improving the performance of software engineering groups: three experiments. Ph.D. dissertation, The Australian National UniversityGoogle Scholar
  36. 36.
    First Nations Stewardship Tools Partnership (2013) (Online).
  37. 37.
    Franke RH, Kaul JD (1978) The hawthorne experiments: first statistical interpretation. Am Sociol Rev 43(5):623–643 (Online).

Copyright information

© Springer-Verlag London 2014

Authors and Affiliations

  • Jennifer Baldwin
    • 1
    Email author
  • Alvin Teh
    • 2
  • Elisa Baniassad
    • 2
  • Dirk van Rooy
    • 3
  • Yvonne Coady
    • 1
  1. 1.Department of Computer ScienceUniversity of VictoriaVictoriaCanada
  2. 2.Department of Computer ScienceAustralian National UniversityCanberraAustralia
  3. 3.Department of PsychologyAustralian National UniversityCanberraAustralia

Personalised recommendations