Date of Award
3-2023
Document Type
Thesis
Degree Name
Master of Science in Computer Science
Department
Department of Electrical and Computer Engineering
First Advisor
Wayne C. Henry, PhD
Abstract
Reverse engineering is a vital technique for identifying and mitigating cyber threats. Yet, despite its importance, reverse engineering is a time-consuming process. Provenance tools help to improve the workflow of reverse engineers by providing an accessible method of viewing their flow through a binary. The current state-of-theart provenance tool for reverse engineering software called SensorRE, leverages an external server, web browser, and a large array of javascript libraries. This thesis presents Provenance Ninja, a software reverse engineering tool developed in Python that runs directly within Binary Ninja. Provenance Ninja captures reverse engineers’ provenance data and provides an interactive graph within the reverse engineering environment. The performance of Provenance Ninja is evaluated against SensorRE by measuring functionality and efficiency. This research demonstrates that it is possible to design a provenance tool to run natively in the reverse engineering software that passes all functionality tests when compared to SensorRE and shows statistically significant efficiency improvements at a 95% confidence level in memory utilization and runtime from this approach. The results of this study contribute to the field of software reverse engineering and have the potential to enhance the effectiveness of cyber threat mitigation efforts.
AFIT Designator
AFIT-ENG-MS-23-M-054
Recommended Citation
Richardson, Caleb W., "Improving Accessibility and Efficiency of Analytic Provenance Tools for Reverse Engineering" (2023). Theses and Dissertations. 7028.
https://scholar.afit.edu/etd/7028
Comments
A 12-month embargo was observed.
Approved for public release. Case number on file.