Reverse engineering is typically carried out on static binary objects, such as files or compiled programs. Often the goal of reverse engineering is to extract a secret that is ephemeral and only exists while the system is running. Automation and dynamic analysis enable reverse engineers to extract ephemeral secrets from dynamic systems, obviating the need for analyzing static artifacts such as executable binaries.
I support this thesis through four automated reverse engineering efforts: (1) named entity extraction to track Chinese Internet censorship based on keywords; (2) dynamic information flow tracking to locate secret keys in memory for a live program; (3) man-in-the-middle to emulate server behavior for extracting cryptographic secrets; and, (4) large-scale measurement and data mining of TCP/IP handshake behaviors to reveal machines on the Internet vulnerable to TCP/IP hijacking and other attacks.
In each of these cases, automation enables the extraction of ephemeral secrets, often in situations where there is no accessible static binary object containing the secret. Furthermore, each project was contingent on building an automated system that interacted with the dynamic system in order to extract the secret(s). This general approach provides a new perspective, increasing the types of systems that can be reverse engineered and provides a promising direction for the future of reverse engineering.
DIFT, ISN study, Internet censorship, LINE reverse engineering
Level of Degree
Department of Computer Science
First Committee Member (Chair)
Jedidiah R. Crandall
Second Committee Member
Third Committee Member
Abdullah A. Mueen
Fourth Committee Member
Marie J. Vasek
Espinoza, Antonio Miguel. "The Nature of Ephemeral Secrets in Reverse Engineering Tasks." (2018). https://digitalrepository.unm.edu/cs_etds/97