© serg reverse engineering (reportal) reportal: reverse engineering portal (reportal.cs.drexel.edu)

25
Reverse Reverse Engineering Engineering (REportal) (REportal) © SERG REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Upload: rodger-may

Post on 17-Jan-2018

307 views

Category:

Documents


0 download

DESCRIPTION

© SERG Reverse Engineering (REportal) Introduction Cont’d We’ve faced these challenges with our own tools: –CIAO Acacia (C/C++ Analysis) Chava (Java Analysis) –Bunch (static clustering) –Form (dynamic analysis) –Graphviz (graph visualization) –…

TRANSCRIPT

Page 1: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

REportal: Reverse Engineering

Portal(reportal.cs.drexel.edu)

Page 2: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Introduction

• Software Engineering community has produced many tools.

• Challenges:– Usability– Ease of Installation– Interoperability– Copyrighted works (limited distribution)

• DMCA (United States)

Page 3: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Introduction Cont’d

• We’ve faced these challenges with our own tools:– CIAO

• Acacia (C/C++ Analysis)• Chava (Java Analysis)

– Bunch (static clustering)– Form (dynamic analysis)– Graphviz (graph visualization)– …

Page 4: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Background: Tools

• Source code analysis:– Visual Studio, CIAO, …

• Design Extraction:– Bunch, Rigi, ARCH, …

• Visualization:– Graphviz, Rigi, Tom Sawyer, …

Page 5: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Standardization Attempts

• Difficult—tools address different needs• Not all tools are portable to all platforms

– “Java is write once debug many times” (http://www.lionhrtpub.com/orms/orms-2-99/cyberspace.html)

• Not all interfaces are fully exposedOur proposed solution: REportal

Page 6: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Login to REportal

Page 7: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

REportal Services

• Source code:– Repository– Analysis– Querying– Browsing

• Clustering• Visualization

Page 8: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

REportal’s RE Process

Page 9: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Using REportal

1. Create a new project2. Upload source code3. Open the project4. Perform analysis on the code

– In this example, a software engineer needs to modify the addFilter() method in a software package, Form.

Page 10: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

CreateProject…

Page 11: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Upload Code…

Page 12: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

OpenProject…

Page 13: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

EntityQuery…

Page 14: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Relationship Query…

Page 15: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Code Browsing…

Page 16: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Reachability Query…

Page 17: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Reachability Query II…

Page 18: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Module Dependency Graph…

Page 19: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Clustering…

Page 20: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

TextSearch…

Page 21: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

User ReportalServlet

loginuploadanalysis

REportalDatabase

LocalFilesystem

SQL

FileData

Tools(Services)

REportal Architecture

n-tiered Java servlet

Page 22: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Extensibility

• Adding a tool is a two-stage process:1. Tool is added to the server’s tool set2. Servlet is extended to include the tool

among its set of services• In the future, this process may be automated

via a wizard-like facility

Page 23: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Future Work• Integrate more reverse-engineering tools into

REportal• Integrate dynamic analysis• Security architecture

– Sandbox for running user Makefiles and applications• C/C++ support• Distributed/multi-platform support• REportal distribution for remote site use

Page 24: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

Conclusions

• Advantages– RE services provided via consistent web-based

user interface– No need to be aware of platform integration or

interoperability issues– Latest versions of underlying tools always

available– No software installs needed

Page 25: © SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Reverse Engineering Reverse Engineering (REportal)(REportal) © SERG

REportal Web Site

http://reportal.cs.drexel.edu/