Understanding How Reverse Engineers Make Sense of Programs from Assembly Language Representations

Author

Adam R. Bryant

Date of Award

3-22-2012

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD.

Abstract

This dissertation develops a theory of the conceptual and procedural aspects involved with how reverse engineers make sense of executable programs. Software reverse engineering is a complex set of tasks which require a person to understand the structure and functionality of a program from its assembly language representation, typically without having access to the program's source code. This dissertation describes the reverse engineering process as a type of sensemaking, in which a person combines reasoning and information foraging behaviors to develop a mental model of the program. The structure of knowledge elements used in making sense of executable programs are elicited from a case study, interviews with subject matter experts, and observational studies with software reverse engineers. The results from this research can be used to improve reverse engineering tools, to develop training requirements for reverse engineers, and to develop robust computational models of human comprehension in complex tasks where sensemaking is required.

AFIT Designator

AFIT-DCS-ENG-12-01

DTIC Accession Number

ADA557042

Recommended Citation

Bryant, Adam R., "Understanding How Reverse Engineers Make Sense of Programs from Assembly Language Representations" (2012). Theses and Dissertations. 1086.
https://scholar.afit.edu/etd/1086