Empirical Studies on Adversarial Reverse Engineering with Students

A research team from the University of Arizona and Ghent University has published groundbreaking findings on arXiv that could transform how empirical studies in software security are conducted. Their paper, 'Empirical Studies on Adversarial Reverse Engineering with Students,' addresses a fundamental bottleneck in software protection research: the extreme difficulty and cost of recruiting professional reverse engineers for controlled experiments. The researchers systematically analyzed existing literature and conducted their own experiments within a master-level software hacking and protection course, developing a comprehensive framework for using students as experimental participants while maintaining scientific validity.

The study provides concrete methodologies for training students, designing appropriate reverse engineering challenges, ensuring research rigor, and maintaining participant privacy and motivation. The researchers found that with proper preparation, computer science students can effectively substitute for professionals in approximately 80% of experimental scenarios involving software deobfuscation and protection analysis. This approach dramatically reduces research costs while increasing participant availability, potentially accelerating the development of more secure software protection techniques. The paper includes specific recommendations for future studies, balancing practical constraints with the need for reproducible, meaningful results in the critical field of software security.