Ira D. Baxter
CEO, Semantic Designs, Inc.
Donald J. Reifer
Reifer Consultants, Inc., USA
Title: Reengineering Tools: A Perspective
from the Trenches
October 28, 2007; 11:00am - 12:15am
Software systems are growing in size (tens of millions
of lines), complexity (application, number of languages
and implementation technologies involved), and age
(decades). The larger the size, the larger the investment,
and the more important it becomes to preserve that
investment. As with remodeling houses, demands for
new functionality and the need to integrate with newer
technology often require massive changes to the software
base. These two factors suggest that massive software
remodeling will become long-term steady-state phenomena
for these systems. Software change scale suggests
that automation is necessary to accomplish this remodeling.
Semantic Designs has been building the DMS® Software
Reengineering Toolkit to support these kinds of tasks
in commercial contexts. DMS consists of a set of integrated
compiler-like technologies, composed to solve custom
reengineering problems. Scale and integration are
a key theme. This talk will examine some applications
of DMS (e.g., to large C and C++ systems) to motivate
the technologies behind DMS. It will sketch the technologies
used and their shortcomings in functionality, scale
and usability, and suggest future directions. The
talk should be of wide interest to reverse- and re-engineering
researchers by exhibiting needs driven by very practical
Title: The Dark Side of Software
October 29, 2007; 11:00am - 1:00pm
During the past decade, substantial advances have
been made in the field of software reverse engineering.
Tools and techniques that have been developed for
program understanding, design recovery and reengineering
and/or refactoring have been commercialized and deployed
to reduce the software maintenance burden. However,
along with the good comes the dark side of software
reverse engineering. These same tools and techniques
can be and have been used for nefarious purposes.
Take the disassemblers/debuggers used for exploring
binary programs for which source code is not available.
Besides being able to figure out what functions the
software performs and in what manner, these tools
can be used to identify sensitive information hidden
in the code (data, algorithms, etc.). For example,
such tools can be used to get at this sensitive information
even when it is guarded, obfuscated or encrypted.
In addition, those tools and techniques employed to
figure out how a program works can also be used to
determine how it breaks. For example, exploiters can
use the same exceptions that were put into the code
to improve safety to crash the system. The challenge
posed to the reverse engineering community is to find
ways to prevent the misuse of their technology along
with its proper use.