An attacker discovers the structure, function, and composition of a type
of computer software by using a variety of analysis techniques to
effectively determine how the software functions and operates, or if
vulnerabilities or security weakness are present within the implementation.
Reverse engineering methods, as applied to software, can utilize a wide
number approaches and techniques.
Methodologies for software reverse engineering fall into two broad
categories, 'white box' and 'black box.' White box techniques involve
methods which can be applied to a piece of software when an executable or
some other compiled object can be directly subjected to analysis, revealing
at least a portion of its machine instructions that can be observed upon
execution. 'Black Box' methods involve interacting with the software
indirectly, in the absence of the ability to measure, instrument, or analyze
an executable object directly. Such analysis typically involves interacting
with the software at the boundaries of where the software interfaces with a
larger execution environment, such as input-output vectors, libraries, or
APIs.
Resources Required
Reverse engineering of software requires varying tools and methods depending
upon whether an executable or other compiled object is present directly for
analysis by tools capable of decompiling or monitoring its execution within an
operating environment, as in the case of white box methods. Black box methods
require at minimum the ability to interact with the functional boundaries where
the software communicates with a larger processing environment, such as
inter-process communication on a host operating system, or via networking
protocols.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
