Publications

Software is ubiquitous in society, but understanding it, especially without access to source code, is both non-trivial and critical to security. A specialized group of cyber defenders conducts reverse engineering (RE) to analyze software. The expertise-driven process of software RE is not well understood, especially from the perspective of workflows and automated tools. We conducted a task analysis to explore the cognitive processes that analysts follow when using static techniques on binary code. Experienced analysts were asked to statically find a vulnerability in a small binary that could allow for unverified access to root privileges. Results show a highly iterative process with commonly used cognitive states across participants of varying expertise, but little standardization in process order and structure. A goal-centered analysis offers a different perspective about dominant RE states. We discuss implications about the nature of RE expertise and opportunities for new automation to assist analysts using static techniques.

Abstract not provided.

Abstract not provided.

Efficiency in requirements engineering and management (REM) for complex hardware systems is desirable to reduce program impacts, such as schedule and budget. Sandia National Labs (SNL) investigated external state-of-the-practice REM to capture insights, recommendations, and best practices from external entities on several REM topics. Twenty-one at-will participants contributed responses to closed- and open-ended questions. The results were synthesized and are provided herein. The results help SNL and others to understand where its practices are current; what trends, approaches, or processes in REM might be beneficial if implemented or introduced; what challenges might be avoided; where efficiencies might be realized; and which practices are still maturing or evolving in industry and academia, so that SNL can stay abreast of these developments.

Abstract not provided.

Abstract not provided.