IUST Reverse Engineering Research Laboratory

Introduction, research areas, current members and alumni information

Introduction

Welcome to the Iran University of Science and Technology (IUST) Reverse Engineering Research Laboratory. The laboratory is led by Dr. Saeed Parsa associate professor of computer engineering. This section briefly introduces the laboratory reserach areas and topics.

Research Areas

The main research areas of the lab are:

  • Software testing
  • Fuzz testing
  • Software security
  • Reverse engineering

Lab Director

Saeed Parsa

Associate Professor


Current Members

Esmeil Nikravan

Ph.D.


Automatic test data generation

Amir Hossein Goodarzi

Ph.D.


Context awareness programming languages

Mohammad Hadi Alaeiyan

Ph.D.


Software systems protection

Akram Kalaee

Ph.D.


Software testing

Saeed Amiri

M.Sc.


Automatic software repair

Morteza Zakeri

M.Sc.


Software testing, Fuzzing

Mohsen Amirian

M.Sc.


Automatic software repair

Mehdi Moradi

M.Sc.


Complex networks

Hadi AmirNahavandi

M.Sc.


Big data, Large-scale graphs, Keyword extraction

Alumni

Farid Feyzi

Ph.D.


2014 – 2018
Thesis Title: Statistical Latent Fault Localization Considering Program Structure and Fault-proneness Analysis
Thesis Abstract: Software debugging process is one of the most difficult, tedious, and time-consuming steps of software development. In this regard, several automated techniques have been developed to reduce the burden on the developer during debugging. Conducted research in recent years has shown that statistical techniques in many cases perform better than other techniques in terms of the amount of code the developer must examine to locate the fault. However, these techniques are still faced with major limitations. Statistical methods of automatic fault localization are biased by data collected from different executions of the program. This biasness could result in unstable statistical models which may vary dependent on the test data provided for trial executions of the program. These methods consider an equal fault-proneness likelihood for different portions of the code; whereas, the location of an entity inside the program and the fault-proneness of the programming structures could have strong impact on the suspiciousness assessment of the program elements. Moreover, statistical methods attempt to find the failure-correlated statements, while the fault localization is a causal problem and a statistical causal method is required. The overall goal of this thesis is to apply a statistical causal analysis combined with program analysis and consider the program structure and static fault-proneness likelihood of statements while locating the causes of failures. In this regard, in the first phase of the dissertation, two new methods, so-called FPA-FL and Inforence, are proposed which are able to efficiently locate program faults by taking into account the static structure of the program and the static fault-proneness likelihoods of statements. Both methods use program static structure as a roadmap in order to avoid building a blind and inaccurate model which solely relies on dynamic runtime data. FPA-FL incorporates the static fault-proneness analysis into statistical fault localization and is capable of locating multiple-bugs effectively. Inforence also employs a statistical causal analysis and attempts to estimate the failure-causing effect of statements, by taking into account the program structure in the form of a causal model. In the second phase of the dissertation, we investigate the methods of reducing the dependence of statistical fault localization on data obtained from test executions. In this regard, first, a probabilistic method based on program slicing is proposed to identify and handle the coincidentally correct test cases, in both single and multiple-bug settings. Since it is impossible to accurately recognize the coincidentally correct tests, a new method based on cooperative game theory is presented that is able to effectively diminish the negative impact of coincidentally correct tests on fault localization effectiveness and can pinpoint the failure causes in existence of these tests. Finally, we have also proposed a novel statistical technique for automatic test case generation, Bayes-TDG, to assist the fault localization model in finding the location of unknown faults. The new test case generation scheme is based on mapping program control flow graph to a probabilistic network. By making inferences on the constructed network, new parameter values are generated to traverse different prime paths in a given program. To achieve failure-detection effectiveness, we propose a path selection strategy that works based on the predicted outcome of generated test cases. So, we mitigate the need for a human oracle, and the generated test suite could be directly used in fault localization. To verify the effectiveness of proposed methods, we provide the results of our experiments with different subject programs, containing seeded and real faults. The experimental results are then compared with those provided by different fault localization techniques for the both single-fault and multiple-fault programs. The experimental results prove the outperformance of our proposed methods compared to the state-of-the-art techniques.

Keywords: semantic fault, fault localization, test data generation, statistical analysis, regression, cooperative game theory, slicing, coincidental correct test case, the static fault-proneness likelihood

Mohsen Zanjani

M.Sc.


2015 – 2018
Thesis Title: . . .
Thesis Abstract: . . .

Aydin Mahoutchi

M.Sc.


2015 – 2018
Thesis Title: The generation of protection code for self-defense against attacks
Thesis Abstract: Defense against software reverse engineering is very important. The reverse engineering of commercial software generates a lot of financial loss to the software developer. So the software must have a solution to defend itself.
Self-defense can also be a malware defense against antivirus. When a malware attacks an antivirus, this is a kind of self-defense. When a malware wipes itself off, it’s another form of self-defense. Even a minor change to the malware code that is done to prevent detection by antivirus is also a kind of self-defense. This kind of self-defense includes code obfuscation, polymorphism, and encryption. Malicious codes do this by using Packers, rootkits and hiding in the system.
Another way to implement self-protection is to create a patch-resistant programs.Creating patch-resistant programs make it difficult for an attacker to easily change it. This mechanism includes passive strategies such as code obfuscation and active strategies aimed at changing the function of the program or not running it in the event of a program change. The patch-resistant must be in the software domain and include common aspects of avoiding the copy.
In this thesis, a protector system will be designed and implemented in the Windows operating system to defend executable files against above issues.
Keywords: Packer, Protector, Self-Defense, Reverse Engineering, Malware.

Behrooz Sadeh

M.Sc. (Adiban Institute of Higher Education)


2015 – 2018
Thesis Title: …
Thesis Abstract: …

Membership Request