ABSTRACT

The ability to reverse engineer binary code is a skill of critical importance within computer security: deciding if an unknown piece of binary code is malicious and, if so, what it does. And yet, there is very little work in computer science education that considers how reverse engineering can be effectively taught. This is a timely area to examine, given that the demand for skilled security professionals continues to rise, while emphasis on low-level topics diminishes. How can we teach students the skills and thought processes underlying reverse engineering?

We present a set of exercises designed to help teach reverse engineering in a graduated fashion to students, along with our experience using them in a computer security course. In addition to some specifically constructed exercises, we have developed two tools that can be used to generate an arbitrary number of examples. And, to highlight learning the thought processes for reverse engineering, one of our exercises is a physical board game that we have designed, built, and used in the classroom. We report on our experience and some results from a formal evaluation of our exercises, and look at areas beyond computer security where reverse engineering training is useful.