Improving Tool Support for Software Reverse Engineering in a Security Context

  • Brendan Cleary
  • Christoph Treude
  • Fernando Figueira Filho
  • Margaret-Anne Storey
  • Martin Salois
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8027)

Abstract

Illegal cyberspace activities are increasing rapidly and many software engineers are using reverse engineering methods to respond to attacks. The security-sensitive nature of these tasks, such as the understanding of malware or the decryption of encrypted content, brings unique challenges to reverse engineering: work has to be done offline, files can rarely be shared, time pressure is immense, and there is a lack of tool and process support for capturing and sharing the knowledge obtained while trying to understand assembly code. To help us gain an understanding of this reverse engineering work, we conducted an exploratory study at a government research and development organization to explore their work processes, tools, and artifacts [1]. We have been using these findings to improve visualization and collaboration features in assembly reverse engineering tools. In this talk, we will present a review of the findings from our study, and present prototypes we have developed to improve capturing and sharing knowledge while analyzing security concerns.

Keywords

malware reverse engineering empirical study 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Choo, K.K.: Organised crime groups in cyberspace: a typology. Trends in Organized Crime 11, 270–295 (2008)CrossRefGoogle Scholar
  2. 2.
    Cleary, B., Painchaud, F., Chan, L., Storey, M.A., Salois, M.: Atlantis - assembly trace analysis environment. In: IEEE 19th Working Conference on Reverse Engineering, WCRE 2012 (2012)Google Scholar
  3. 3.
    Cohen, F.: Computer viruses: Theory and experiments. Computers & Security 6(1), 22–35 (1987)CrossRefGoogle Scholar
  4. 4.
    Gerson, E.M., Star, S.L.: Analyzing due process in the workplace. ACM Transactions on Information Systems 4, 257–270 (1986)CrossRefGoogle Scholar
  5. 5.
    Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2005, pp. 190–200 (2005)Google Scholar
  6. 6.
    Peterson, T.F.: A History of Hacks and Pranks at MIT. The MIT Press (2011)Google Scholar
  7. 7.
    Song, D., Brumley, D., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: Bitblaze: A new approach to computer security via binary analysis. In: Proceedings of the 4th International Conference on Information Systems Security (2008)Google Scholar
  8. 8.
    Storey, M.A., Ryall, J., Singer, J., Myers, D., Cheng, L.-T., Muller, M.: How software developers use tagging to support reminding and refinding. IEEE Transactions on Software Engineering 43 (2009)Google Scholar
  9. 9.
    Sutton, M., Greene, A., Amin, P.: Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley (2007)Google Scholar
  10. 10.
    Symantec: Internet security threat report, vol. 17 (April 2012), http://bit.ly/15nJXO7 (last access: January 3, 2012)
  11. 11.
    Treude, C., Figueira Filho, F., Storey, M.A., Salois, M.: An exploratory study of software reverse engineering in a security context. In: 18th Working Conference on Reverse Engineering (WCRE 2011), pp. 184–188 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Brendan Cleary
    • 1
  • Christoph Treude
    • 1
  • Fernando Figueira Filho
    • 1
  • Margaret-Anne Storey
    • 1
  • Martin Salois
    • 2
  1. 1.Dept. of Computer ScienceUniversity of VictoriaVictoriaCanada
  2. 2.Defence Research and Development Canada – ValcartierQuebecCanada

Personalised recommendations