Date of Award


Document Type


Degree Name

Master of Science in Computer Science


Department of Electrical and Computer Engineering

First Advisor

Wayne C. Henry, PhD


Reverse engineering is a vital technique for identifying and mitigating cyber threats. Yet, despite its importance, reverse engineering is a time-consuming process. Provenance tools help to improve the workflow of reverse engineers by providing an accessible method of viewing their flow through a binary. The current state-of-theart provenance tool for reverse engineering software called SensorRE, leverages an external server, web browser, and a large array of javascript libraries. This thesis presents Provenance Ninja, a software reverse engineering tool developed in Python that runs directly within Binary Ninja. Provenance Ninja captures reverse engineers’ provenance data and provides an interactive graph within the reverse engineering environment. The performance of Provenance Ninja is evaluated against SensorRE by measuring functionality and efficiency. This research demonstrates that it is possible to design a provenance tool to run natively in the reverse engineering software that passes all functionality tests when compared to SensorRE and shows statistically significant efficiency improvements at a 95% confidence level in memory utilization and runtime from this approach. The results of this study contribute to the field of software reverse engineering and have the potential to enhance the effectiveness of cyber threat mitigation efforts.

AFIT Designator



A 12-month embargo was observed.

Approved for public release. Case number on file.