Periodic Reporting for period 1 - rev.ng (rev.ng: a tool for security assessments of emerging and legacy platforms)
Reporting period: 2018-10-01 to 2019-03-31
In this context, reverse engineering allows an analyst to understand and examine a piece of software for which the source code is not available, enabling him to identify vulnerabilities and backdoors.
Our project, rev.ng aims at increasing the software that can be analyzed efficiently without source code. Specifically, we target software running on emerging platforms such as IoT devices and smartphones that is currently extremely difficult.
To do this, we need to optimize the quality of our output to make it quick and easy for the analyst to understand the analyzed application. On top of this, the user interface the analyst has to deal with has to be designed to maximize the efficiency of the time spent on it, a fact that has been largely disregarded in similar analysis tools.
1. Investigation of the market. We identified a set of platforms that need analysis tools the most. We surveyed our existing customer base, explored the needs of new potential customers and attended international conferences to keep up with the latest trends.
2. Strategy development. Given the information above, we elaborated a more accurate strategy and business plan for the coming years.
3. UX study. We performed an in-depth user study in partnership with a professional UX design studio and identified the key pain points for users of tools similar to rev.ng and a set of remedies to implement in our product
4. Investigation of IP/legal obstacles. We investigated potential IP and regulatory issues. In particular, we investigated the status of export regulations concerning our technology in the EU.
We also developed a series of criteria to build a usable user interface, overcoming the difficulties faced by analysts in day-to-day activities and enabling them to sensibly reduce the time requires to analyze even large software projects.