Top-Level Goals in Reverse Engineering Executable Software

ABSTRACT

People perform reverse engineering to discover vulnerabilities, to understand how attackers could exploit vulnerabilities, and to determine ways in which vulnerabilities might be mitigated. People reverse engineer executable programs to determine the structure, function, and behavior of software from unknown provenance that may not be trustworthy or safe to use.

Reverse engineering also allows the investigation of malicious code to understand how it works and how to circumvent self-protection and stealth techniques used by malware authors. Finally, reverse engineering can help engineers determine how to interface with legacy software that only exists in executable form. Although each of these applications of reverse engineering provides part of an organization’s defensive knowledge of its information systems, there has been relatively little work in understanding the human factors involved with reverse engineering software from executable code. Consequently, reverse engineering work remains a highly specialized skill, and many reverse engineering tools are difficult for analysts to use. To better understand the human factors considerations of reverse engineering executable software, the authors conducted semi-structured interviews with five nationally-renowned subject matter expert reverse engineers and analyzed the verbal data from the interviews using two analysis approaches. Thematic analysis techniques borrowed from educational psychology were used to investigate themes from the interview responses, first at the idea level, then at the sentence level. The responses were decomposed into a set of main goals  described in this paper.


AUTHORS

Riverside Research
Beavercreek, OH, USA

Adam Bryant earned a BS in Social Psychology from Park University in 2001, an MS in Information Resource Management from the Air Force Institute of Technology (AFIT) in 2007, a second MS in Computer Science from AFIT in 2007, and a PhD in Computer Science from AFIT in 2012.

Air Force Institute of Technology
Wright-Patterson AFB, OH, USA

Department of Systems and Engineering Management, Air Force Institute of Technology& Wright-Patterson AFB, OH,
USA

Michael R. Grimaila, CISM, CISSP is an Assistant Professor of Information Resource Management in the Department of Systems and Engineering Management, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio. He received a Bachelor of Science in Electrical Engineering (1993), a Master of Science in Electrical Engineering (1995), and a Ph.D. in Computer Engineering (1999) from Texas A&M University. He is a member of the ACM, Eta Kappa Nu, ISACA, (ISC) 2, ISSA, ISSEA, Tau Beta Pi, and Senior Member of IEEE. His research interests include information assurance, IA metrics, cyber damage and mission impact assessment, information warfare, and information operations.

Air Force Institute of Technology
Wright-Patterson AFB, OH, USA

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com