Search papers, labs, and topics across Lattice.
This paper investigates the feasibility and best practices of using students as participants in empirical reverse engineering (RE) experiments, addressing the challenges of accessing professional reverse engineers. It presents a systematic literature review of RE experiments and related software engineering studies, alongside the authors' experience running experiments in a master-level software hacking course. The paper offers recommendations for designing rigorous, reproducible RE studies with students, considering practical constraints, validity, and ethical considerations like privacy and motivation.
Unlock affordable, scalable reverse engineering research: this paper provides a practical guide to using students as participants in empirical studies, complete with best practices for experimental design and ethical considerations.
Empirical research in reverse engineering and software protection is crucial for evaluating the efficacy of methods designed to protect software against unauthorized access and tampering. However, conducting such studies with professional reverse engineers presents significant challenges, including access to professionals and affordability. This paper explores the use of students as participants in empirical reverse engineering experiments, examining their suitability and the necessary training; the design of appropriate challenges; strategies for ensuring the rigor and validity of the research and its results; ways to maintain students'privacy, motivation, and voluntary participation; and data collection methods. We present a systematic literature review of existing reverse engineering experiments and user studies, a discussion of related work from the broader domain of software engineering that applies to reverse engineering experiments, an extensive discussion of our own experience running experiments ourselves in the context of a master-level software hacking and protection course, and recommendations based on this experience. Our findings aim to guide future empirical studies in RE, balancing practical constraints with the need for meaningful, reproducible results.
