SensorRE: Provenance support for software reverse engineers

Authors

Wayne C. Henry, Air Force Institute of TechnologyFollow
Wayne C. Henry, Air Force Institute of Technology
Gilbert L. Peterson, Air Force Institute of TechnologyFollow

Document Type

Article

Publication Date

8-2020

Abstract

Reverse engineering is a time-consuming process essential to software-security tasks such as malware analysis and vulnerability discovery. During the process, an engineer will follow multiple leads to determine how the software functions. The combination of time and possible explanations makes it difficult for the engineers to maintain a context of their findings within the overall task. Analytic provenance tools have demonstrated value in similarly complex fields that require open-ended exploration and hypothesis vetting. This paper introduces SensorRE, the first analytic provenance tool designed to support software reverse engineers. A semi-structured interview with experts led to the design and implementation of the system. As core components, we describe the visual interfaces and their integration within an existing software analysis tool. SensorRE automatically captures user’s sensemaking actions and provides a graph and storyboard view to support further analysis. User study results demonstrate that SensorRE is easy to use and that it improved the participants’ exploration process.

Comments

The "Link to Full Text" on this page opens or saves the Open Manuscript version of the article, hosted by the publisher.

This published version of record for this article is available via subscription or purchase through the DOI link below.

DOI

10.1016/j.cose.2020.101865

Source Publication

Computers & Security (ISSN 0167-4048)

Recommended Citation

Henry, W. C., & Peterson, G. L. (2020). SensorRE: Provenance support for software reverse engineers. Computers & Security, 95, 101865. https://doi.org/10.1016/j.cose.2020.101865