A Task Analysis of Static Binary Reverse Engineering for Security

Date
2022-01-04
Authors
Nyre-Yu, Megan
Butler, Karin
Bolstad, Cheryl
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Software is ubiquitous in society, but understanding it, especially without access to source code, is both non-trivial and critical to security. A specialized group of cyber defenders conducts reverse engineering (RE) to analyze software. The expertise-driven process of software RE is not well understood, especially from the perspective of workflows and automated tools. We conducted a task analysis to explore the cognitive processes that analysts follow when using static techniques on binary code. Experienced analysts were asked to statically find a vulnerability in a small binary that could allow for unverified access to root privileges. Results show a highly iterative process with commonly used cognitive states across participants of varying expertise, but little standardization in process order and structure. A goal-centered analysis offers a different perspective about dominant RE states. We discuss implications about the nature of RE expertise and opportunities for new automation to assist analysts using static techniques.
Description
Keywords
Cyber Deception and Cyberpsychology for Defense, cybersecurity, reverse engineering, cognitive process, automation
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.