Virtual On line
June 22, 2020
June 22, 2020
June 26, 2021
Computers in Education
In CSI 2334, “Introduction to Computer Systems,” we introduce a group project to the students whose purpose is to simulate a team project on the job. Group projects are used very frequently to provide a similar learning environment which capitalizes on the benefits of peer-to-peer instruction, or cooperative learning. In this group project, students are presented with a challenge. A piece of executable code has been found on an older server, and the student teams must determine what the code is designed to do; and, in particular, whether the code is benign or malicious in nature.
In order to simulate this scenario, we develop a software system to be hardened. The system developed is generally a game that has some malicious content, which is then obfuscated before the executable is presented to the student teams. The objective for the student teams is to research methods by which the binary file can be “read” without executing it, and to modify the behavior of the executable file, depending on the purpose of the code. If it is determined to be a game, game play will be modified in a non-trivial manner. If it is determined to be a benign system with some malicious behavior incorporated, that malicious behavior must be quarantined. If it is both, the student teams will not only modify the game play of the system, but also quarantine any malicious behavior in the system.
This paper will briefly introduce methods of software hardening, and will discusses the design of the project; the implementation of the design; code obfuscation techniques used; and which obfuscation techniques were used to produce the mystery executable used as the class’s project.
Steudel, Z. M., & Fry, C. C. (2020, June), Code Hardening: Development of a Reverse Software Engineering Project Paper presented at 2020 ASEE Virtual Annual Conference Content Access, Virtual On line . 10.18260/1-2--34296
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2020 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015