A survey of algorithmic methods in IC reverse engineering

The discipline of reverse engineering integrated circuits (ICs) is as old as the technology itself. It grew out of the need to analyze competitor’s products and detect possible IP infringements. In recent years, the growing hardware Trojan threat motivated a fresh research interest in the topic. The process of IC reverse engineering comprises two steps: netlist extraction and specification discovery. While the process of netlist extraction is rather well understood and established techniques exist throughout the industry, specification discovery still presents researchers with a plurality of open questions. It therefore remains of particular interest to the scientific community. In this paper, we present a survey of the state of the art in IC reverse engineering while focusing on the specification discovery phase. Furthermore, we list noteworthy existing works on methods and algorithms in the area and discuss open challenges as well as unanswered questions. Therefore, we observe that the state of research on algorithmic methods for specification discovery suffers from the lack of a uniform evaluation approach. We point out the urgent need to develop common research infrastructure, benchmarks, and evaluation metrics

HAL — The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

Hardware manipulations pose a serious threat to numerous systems, ranging from a myriad of smart-X devices to military systems. In many attack scenarios an adversary merely has access to the low-level, potentially obfuscated gate-level netlist. In general, the attacker possesses minimal information and faces the costly and time-consuming task of reverse engineering the design to identify security-critical circuitry, followed by the insertion of a meaningful hardware Trojan. These challenges have been considered only in passing by the research community. The contribution of this work is threefold: First, we present HAL, a comprehensive reverse engineering and manipulation framework for gate-level netlists. HAL allows automating defensive design analysis (e.g., including arbitrary Trojan detection algorithms with minimal effort) as well as offensive reverse engineering and targeted logic insertion. Second, we present a novel static analysis Trojan detection technique ANGEL which considerably reduces the false-positive detection rate of the detection technique FANCI. Furthermore, we demonstrate that ANGEL is capable of automatically detecting Trojans obfuscated with DeTrust. Third, we demonstrate how a malicious party can semi-automatically inject hardware Trojans into third-party designs. We present reverse engineering algorithms to disarm and trick cryptographic self-tests, and subtly leak cryptographic keys without any a priori knowledge of the design’s internal workings

Software Obfuscation with Symmetric Cryptography

Software protection is of great interest to commercial industry. Millions of dollars and years of research are invested in the development of proprietary algorithms used in software programs. A reverse engineer that successfully reverses another company‘s proprietary algorithms can develop a competing product to market in less time and with less money. The threat is even greater in military applications where adversarial reversers can use reverse engineering on unprotected military software to compromise capabilities on the field or develop their own capabilities with significantly less resources. Thus, it is vital to protect software, especially the software’s sensitive internal algorithms, from adversarial analysis. Software protection through obfuscation is a relatively new research initiative. The mathematical and security community have yet to agree upon a model to describe the problem let alone the metrics used to evaluate the practical solutions proposed by computer scientists. We propose evaluating solutions to obfuscation under the intent protection model, a combination of white-box and black-box protection to reflect how reverse engineers analyze programs using a combination white-box and black-box attacks. In addition, we explore use of experimental methods and metrics in analogous and more mature fields of study such as hardware circuits and cryptography. Finally, we implement a solution under the intent protection model that demonstrates application of the methods and evaluation using the metrics adapted from the aforementioned fields of study to reflect the unique challenges in a software-only software protection technique

Proceedings of the 3rd Workshop on FAMIX and MOOSE in Software Reengineering (FAMOOSr'09)

International audienceThe goal of the FAMOOSr workshop is to strengthen the community of researchers and practitioners who are working in re- and reverse engineering, by providing a forum for building future research using Moose and FAMIX as shared infrastructure. Research should be collaborative and supported by tools. The increasing amount of data available about software systems poses new challenges for reengineering research, as the proposed approaches need to scale. In this context, concerns about meta-modeling and analysis techniques need to be augmented by technical concerns about how to reuse and how to build upon the efforts of previous research. That is why Moose is an open-source software for researchers to build and share their analysis, meta-models, and data. Both FAMIX and Moose started in the context of FAMOOS, a European research project on object-oriented frameworks. Back in 1997 Moose was as a simple implementation of the FAMIX meta-model, which was a language independent meta-model for object-oriented systems. However over the past decade, Moose has been used in a growing number of research projects and has evolved to be a generic environment for various reverse and reengineering activities. In the same time, FAMIX was extended to support emerging research interest such as dynamic analysis, evolution analysis, identifier analysis, bug tracking analysis, or visualization. Recent work includes analysis of software architecture and semantic annotations. Currently, several research groups are using Moose as a platform, or FAMIX as a meta-model, and other groups announced interest in using them in the future

Science & engineering software migration: moving from desktop to mobile applications

The proliferation of mobile devices over the last years provides opportunities and challenges for solving problems in Science & Engineering. Among other novel features, mobile devices contain global positioning sensors, wireless connectivity, built-in web browsers and photo/video/voice capabilities that allow providing highly localized, context aware applications. Mobile phones have become as powerful as any desktop computer in terms of applications they can run. However, the software development in mobile computing is still not as mature as it is for desktop computer and the whole potential of mobile devices is wasted. A current problem in the engineering community is the adaptation of desktop applications for mobile technologies. To take advantage of new platform technologies, existing software must evolve. A number of solutions have been proposed to deal with this problem such as redevelopment, which rewrites existing applications, or migration, which moves the existing system to a more flexible environment while retaining the original system data and functionality. A good solution should be to restore the value of the existing software, extracting knowledge and exploiting investment in order to migrate to new software that incorporates the new technologies. On the one hand, traditional reverse engineering techniques can help in the software migration to mobile applications. They are related to the process of analyzing available software with the objective of extracting information and providing high-level views on the underlying code. On the other hand, to achieve interoperability with multiple platforms the migration needs of technical frameworks for information integration and tool interoperability such as the initiative of the Object Management Group (OMG) called Model Driven Architecture (MDA). The outstanding ideas behind MDA are separating the specification of the system functionality from its implementation on specific platforms and managing the software evolution from abstract models to implementations increasing the degree of automation. The objective of this paper is to describe a reengineering process that allow moving existing desktop applications for solving engineering problems of multidisciplinary character to mobile platforms. Our research aims to simplify the creation of applications for mobile platforms by integrating traditional reverse engineering techniques, such static and dynamic analysis, with MDA. We validated our approach by using the open source application platform Eclipse, EMF (Eclipse Modeling Framework), EMP (Eclipse Modeling Project) and the Android platform

Transitioning Applications to Semantic Web Services: An Automated Formal Approach

Semantic Web Services have been recognized as a promising technology that exhibits huge commercial potential, and attract significant attention from both industry and the research community. Despite expectations being high, the industrial take-up of Semantic Web Service technologies has been slower than expected. One of the main reasons is that many systems have been developed without considering the potential of the web in integrating services and sharing resources. Without a systematic methodology and proper tool support, the migration from legacy systems to Semantic Web Service-based systems can be a very tedious and expensive process, which carries a definite risk of failure. There is an urgent need to provide strategies which allow the migration of legacy systems to Semantic Web Services platforms, and also tools to support such a strategy. In this paper we propose a methodology for transitioning these applications to Semantic Web Services by taking the advantage of rigorous mathematical methods. Our methodology allows users to migrate their applications to Semantic Web Services platform automatically or semi-automatically

The role of Computer Aided Process Engineering in physiology and clinical medicine

This paper discusses the potential role for Computer Aided Process Engineering (CAPE) in developing engineering analysis and design approaches to biological systems across multiple levels—cell signalling networks, gene, protein and metabolic networks, cellular systems, through to physiological systems. The 21st Century challenge in the Life Sciences is to bring together widely dispersed models and knowledge in order to enable a system-wide understanding of these complex systems. This systems level understanding should have broad clinical benefits. Computer Aided Process Engineering can bring systems approaches to (i) improving understanding of these complex chemical and physical (particularly molecular transport in complex flow regimes) interactions at multiple scales in living systems, (ii) analysis of these models to help to identify critical missing information and to explore the consequences on major output variables resulting from disturbances to the system, and (iii) ‘design’ potential interventions in in vivo systems which can have significant beneficial, or potentially harmful, effects which need to be understood. This paper develops these three themes drawing on recent projects at UCL. The first project has modeled the effects of blood flow on endothelial cells lining arteries, taking into account cell shape change resulting in changes in the cell skeleton which cause consequent chemical changes. A second is a project which is building an in silico model of the human liver, tieing together models from the molecular level to the liver. The composite model models glucose regulation in the liver and associated organs. Both projects involve molecular transport, chemical reactions, and complex multiscale systems, tackled by approaches from CAPE. Chemical Engineers solve multiple scale problems in manufacturing processes – from molecular scale through unit operations scale to plant-wide and enterprise wide systems – so have an appropriate skill set for tackling problems in physiology and clinical medicine, in collaboration with life and clinical scientists

Supply chain challenges for sustainability: the case of waste textiles as raw materials

Purpose: This paper addresses the growing problem of textile waste in the rapidly developing cities of subSaharan Africa and examines, from a supply chain perspective, the potential for waste textile materials to be transformed into the raw materials for new consumer products. Research Approach: The paper reflects on the outcomes of a field trip to Dar es Salaam in which stakeholders in a hypothesised textile waste supply chain were interviewed and waste textile materials were analysed in order to determine their content and appropriateness for reuse. Findings from the field study have been compared with current literature on logistics and market creation, waste generation, management and recycling in sub-Saharan Africa. Findings and Originality: The findings show that a rudimentary system has been in place for many years to collect and recycle textiles in Dar es Salaam. However, at the same time as textile waste is projected to increase in the city, collection rates are falling. The chief reasons for the falling rates are failures in the ‘modernised mixture’ approach to waste collection employed by Dar es Salaam City Council and market failure for the collected materials. Alternative combinations of ‘modernised mixtures’, incorporating community-based organisations, are likely to increase textile yields from unplanned urban areas but previous high-profile failures in such systems within Dar es Salaam mean there is caution on both sides in entering into such a relationship. The more pressing problem is to identify appropriate end markets for the textile materials, since in a country where recycling is entirely market-driven, failure to do so will undermine any attempt to improve the collection system. Whilst many studies have considered general recycling practices in sub-Saharan Africa, there are few investigations into textile waste. Furthermore, those existing studies do not consider the importance of understanding fibre composition of the materials in order to determine the most appropriate end markets. Research Impact: The research contributes to the growing body of knowledge on ‘bottom of the pyramid’ approaches to sustainable futures. Practical Impact: The work presented considers supply chain problems and offers approaches to tackling the increasing waste management issues of Dar es Salaam and proposes a mechanism for doing so which has the potential to provide income for the poorest sectors of the urban society

Examining green production and its role within the competitive strategy of manufacturers

Purpose: This paper reviews current literature and contributes a set of findings that capture the current state-of-the-art of the topic of green production. Design/methodology/approach: A literature review to capture, classify and summarize the main body of knowledge on green production and, translate this into a form that is readily accessible to researchers and practitioners in the more mainstream operations management community. Findings: The existing knowledge base is somewhat fragmented. This is a relatively unexplored topic within mainstream operations management research and one which could provide rich opportunities for further exploration. Originality/value: This paper sets out to review current literature, from a more conventional production operations perspective, and contributes a set of findings that capture the current state-of-the-art of this topic