The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

A systematic model for iterative deduction of reverse engineering

A systematic model for iterative deduction of reverse engineering
A systematic model for iterative deduction of reverse engineering
Reverse engineering constitutes a fundamental pillar of cybersecurity, digital preservation, and compatibility engineering, with historical precedents dating to World War II cryptanalysis efforts that precipitated the development of early computational machines including Alan Turing’s Bombe. Despite its critical role in malware analysis, vulnerability research, legacy system maintenance, protocol reconstruction, and cultural preservation, reverse engineering has received limited systematic academic treatment. The field is frequently characterised as an intuitive craft requiring “wizardry” rather than a rigorous, teachable discipline , resulting in a significant methodological gap wherein practitioners rely predominantly on tacit knowledge, ad-hoc techniques, tool-specific workflows, and individual expertise rather than generalisable theoritical frameworks. This informal and unregulated practice leads to variability in approaches, inconsistent results, and barriers to knowledge transfer between practitioners.

This thesis addresses this gap by proposing a systematic, domain-independent model for reverse engineering that formalises the iterative process of knowledge acquisition from black-box systems though structured observation of component-environment interactions. We present a formal framework that abstracts reverse engineering into an interactive cycle comprising six core phases: (0) initial model construction based on available knowledge, (1) model instantiation to create observable instances, (2) testing and trace generation through controlled interaction, (3) knowledge synthesis combining new observations with existing understanding, (4) model revision reflecting refined knowledge, and (5) iteration until knowledge reaches the desired completeness threshold. This methodology structures reverse engineering as the systematic observation and analysis of behavioural traces across controlled environmental variations, transcending domain-specific tools and techniques to provide a unified epistemological foundation applicable across diverse reverse engineering contexts.
reverse engineering, systematic methodology, black-box analysis, iterative deduction, cybersecurity, malware analysis, vulnerability research, legacy system maintenance, Digital preservation, protocol reconstruction, near-field communication, NFC, MIFARE Classic, DESFire, smart card security, access control systems, video game security, anti-cheat systems, game preservation
University of Southampton
Hayman, Max Dylan
7654db4f-1823-47f8-8454-4f0070ea6226
Hayman, Max Dylan
7654db4f-1823-47f8-8454-4f0070ea6226
Rathke, Julian
dba0b571-545c-4c31-9aec-5f70c231774b
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Hayman, Max Dylan (2026) A systematic model for iterative deduction of reverse engineering. University of Southampton, Doctoral Thesis, 191pp.

Record type: Thesis (Doctoral)

Abstract

Reverse engineering constitutes a fundamental pillar of cybersecurity, digital preservation, and compatibility engineering, with historical precedents dating to World War II cryptanalysis efforts that precipitated the development of early computational machines including Alan Turing’s Bombe. Despite its critical role in malware analysis, vulnerability research, legacy system maintenance, protocol reconstruction, and cultural preservation, reverse engineering has received limited systematic academic treatment. The field is frequently characterised as an intuitive craft requiring “wizardry” rather than a rigorous, teachable discipline , resulting in a significant methodological gap wherein practitioners rely predominantly on tacit knowledge, ad-hoc techniques, tool-specific workflows, and individual expertise rather than generalisable theoritical frameworks. This informal and unregulated practice leads to variability in approaches, inconsistent results, and barriers to knowledge transfer between practitioners.

This thesis addresses this gap by proposing a systematic, domain-independent model for reverse engineering that formalises the iterative process of knowledge acquisition from black-box systems though structured observation of component-environment interactions. We present a formal framework that abstracts reverse engineering into an interactive cycle comprising six core phases: (0) initial model construction based on available knowledge, (1) model instantiation to create observable instances, (2) testing and trace generation through controlled interaction, (3) knowledge synthesis combining new observations with existing understanding, (4) model revision reflecting refined knowledge, and (5) iteration until knowledge reaches the desired completeness threshold. This methodology structures reverse engineering as the systematic observation and analysis of behavioural traces across controlled environmental variations, transcending domain-specific tools and techniques to provide a unified epistemological foundation applicable across diverse reverse engineering contexts.

Text
MaxHayman-PhD-VersionOfRecord - Version of Record
Available under License University of Southampton Thesis Licence.
Download (13MB)
Text
Final-thesis-submission-Examination-Mr-Max-Hayman
Restricted to Repository staff only

More information

Published date: April 2026
Keywords: reverse engineering, systematic methodology, black-box analysis, iterative deduction, cybersecurity, malware analysis, vulnerability research, legacy system maintenance, Digital preservation, protocol reconstruction, near-field communication, NFC, MIFARE Classic, DESFire, smart card security, access control systems, video game security, anti-cheat systems, game preservation
Learn more about the School of Electronics and Computer Science

Identifiers

Local EPrints ID: 511041
URI: http://eprints.soton.ac.uk/id/eprint/511041
DOI: doi:10.5258/SOTON/PG/T264
PURE UUID: 13fcee9b-14a0-4589-a6f7-048f46acc77b
ORCID for Max Dylan Hayman: ORCID iD orcid.org/0000-0003-4825-810X
ORCID for Vladimiro Sassone: ORCID iD orcid.org/0000-0002-6432-1482

Catalogue record

Date deposited: 29 Apr 2026 16:36
Last modified: 30 Apr 2026 01:54

Export record

Altmetrics

Contributors

Author: Max Dylan Hayman ORCID iD
Thesis advisor: Julian Rathke
Thesis advisor: Vladimiro Sassone ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×