MS, University of Cincinnati, 2022, Engineering and Applied Science: Computer Engineering

The rapid increase in the complexities and abilities of Field Programmable Gate Arrays (FP- GAs) and the continual improvement of High-Level Synthesis (HLS) tools to configure FPGAs has led to significant growth in the usage of modern FPGAs in the electronics industry. As a re- sult, there is a need to enhance the security measures on FPGA designs to counter compromised FPGA bitstreams due to either Trojan insertion threats on bitstreams or malicious third-party IP blocks. Reverse Engineering (RE) is a helpful tool to offset these security threats. FPGA reverse en- gineering can be divided into three stages: Bitstream extraction, netlist recovery, and high-level netlist representation. Bitstream extraction is the process of obtaining the bitstream file from an FPGA. In most cases, bitstreams are readily available to the end user, either in encrypted or unencrypted form. The process of recovering different FPGA primitives such as Look- Up-Tables (LUTs), carry modules, Digital Signal Processors (DSPs), flip-flops, and Random Access Memory (RAM) blocks, etc., by analyzing the obtained bitstream and then identifying the connectivity between these primitives to obtain the original netlist is called netlist recovery. The resulting netlist is referred to as a gate-level netlist in the rest of this thesis. The process of identification of high-level modules such as operators, counters, registers, and ALUs from the gate-level netlist and representing it using a Hardware Description Language at a higher level of abstraction than the gate-level netlist is called high-level netlist representation. While there is a significant amount of research done in the field of gate-level to Register-Transfer Level (RTL) reverse engineering of Application Specific Integrated Circuits (ASICs), there is little work done in reverse engineering gate-level FPGA designs. This thesis presents a tool for reverse engineering gate-level F (open full item for complete abstract)

Committee: Ranganadha Vemuri Ph.D. (Committee Member); Wen-Ben Jone Ph.D. (Committee Member); John Emmert Ph.D. (Committee Member) Subjects: Computer Engineering

Doctor of Philosophy (PhD), Wright State University, 2018, Computer Science and Engineering PhD

Systems Reverse Engineering has gained great attention over time and is associated with numerous different research areas. The importance of this research derives from several technological necessities. Security analysis and learning purposes are two of them and can greatly benefit from reverse engineering. More specifically, reverse engineering of technical documents for deeper automatic understanding is a research area where reverse engineering can contribute a lot. In this PhD dissertation we develop a novel reverse engineering methodology for deep understanding of architectural description of digital hardware systems that appear in technical documents. Initially, we offer a survey on reverse engineering of electronic or digital systems. We also provide a classification of the research methods within this field, and a maturity metric is presented to highlight weaknesses and strengths of existing methodologies and systems that are currently available. A technical document (TD) is typically composed by several modalities, like natural language (NL) text, system's diagrams, tables, math formulas, graphics, pictures, etc. Thus, for automatic deep understanding of technical documents, a synergistic collaboration among these modalities is necessary. Here we will deal with the synergistic collaboration between NL-text and system's diagrams for a better and deeper understanding of a TD. In particular, a technical document is decomposed into two modalities NL-text and figures of system's diagrams. Then, the NL-text is processed with a Natural Language text Understanding (NLU) method and text sentences are categorized into five categories, by utilizing a Convolutional Neural Network to classify them accordingly. While, a Diagram-Image-Modeling (DIM) method processes the figures by extracting the system's diagrams. More specifically, NLU processes the text from the document and determines the associations among the nouns and their interactions, by creating their stochasti (open full item for complete abstract)

Committee: Nikolaos Bourbakis Ph.D. (Advisor); Soon Chung Ph.D. (Committee Member); Bin Wang Ph.D. (Committee Member); Sukarno Mertoguno Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science

MS, University of Cincinnati, 2024, Engineering and Applied Science: Aerospace Engineering

A framework to reverse engineer airfoil section parameters using a Turbomachinery Blade Geometry code has been developed and presented. A multivariable single objective optimization is used to reduce the sum of the square difference between the parametric blade shape and the target airfoil blade section to obtain those parameters. The method divides input airfoil into six parts to simplify blade difference calculation. A turbomachine blade section is obtained using the new input files with airfoil parameters: inlet and outlet metal angles, six curvature control points, Leading edge radius, location of maximum thickness, value of maximum thickness, and trailing edge thickness. Key issues of the process are discussed. A demonstration of the developed method was carried out by first reverse engineering three different airfoils and then reverse engineering E3 transonic compressor blade from its sections. This blade was chosen due to its uniqueness of having a sloped hub. The Airfoil sections were plot digitized from the E3 report which were then run through the method to get Tblade3 parameters. A subsequent 3D simulation of the blade has been carried out to compare the performance of the reverse engineered blade with it's the experimental results of the actual design. Furthermore, a grid dependence and off design study (full speedline) has been carried out to determine the most appropriate running condition for the comparison. Insights on further directions are suggested that will improve the comparison.

Committee: Mark Turner Sc.D. (Committee Chair); Paul Orkwis Ph.D. (Committee Member); Benjamin Vaughan Ph.D. (Committee Member); Daniel Cuppoletti Ph.D. (Committee Member); Prashant Khare Ph.D. (Committee Member) Subjects: Aerospace Materials

Master of Science, The Ohio State University, 2024, Computer Science and Engineering

With the rise of car infotainment systems, the integration of smartphones with in-car displays has become increasingly prevalent. CarPlay, as one of the popular systems, is highly favored by users and is equipped in many vehicles. The Magic Brand Magic Box is an innovative Android-based device designed to interface with a car's CarPlay-enabled USB port, enabling the projection of its own user interface onto the car's display. However, this capability raises significant safety concerns, as it allows activities typically restricted while driving, such as watching videos on car screens. This thesis aims to reverse engineer the Magic Box to understand the mechanisms by which it communicates through the CarPlay interface. By analyzing the device's hardware and software, as well as referencing partial CarPlay protocol documents found online, we seek to uncover the principles behind its functionality and explore potential vulnerabilities in the Apple CarPlay system that may have been exploited. We aim to provide a detailed insight into the process of Android reverse engineering, offering valuable knowledge for researchers and practitioners interested in similar endeavors.

Committee: Keith Redmill (Advisor); Zhiqiang Lin (Advisor) Subjects: Computer Engineering; Computer Science

Doctor of Philosophy, The Ohio State University, 2024, Computer Science and Engineering

Binary code comprehension, particularly within the context of stripped binaries, stands as a very useful task in binary analysis and software security applications ranging from malware analysis to vulnerability discovery and binary reverse engineering. Understanding stripped binary code is challenging due to the absence of symbols such as variable names, data types, and function names. This complexity is further exacerbated by the variety of binary abstract interfaces, instruction sets, computer architectures, compiler optimizations, and obfuscations. This dissertation systematically explores the problem of binary code comprehension using binary analysis, deep learning, and large language models. We first present an exploratory study, BinSum, on how machine learning models, particularly the state-of-the-art generative large language models, can understand binary code with a comprehensive benchmark and dataset encompassing over 557K binary functions. Subsequently, motivated by BinSum's finding of the semantic significance of function names in binary code, we introduce SymLM, a novel binary function name prediction framework, employing a unique neural architecture that captures comprehensive function semantics by modeling both the execution behavior of functions and their calling contexts. The third contribution of this dissertation focuses on the evaluation of code summaries' quality, in which we introduce a novel LLM-based code summary semantic evaluation metric, SimLLM, for assessing semantic similarity. This methodsignificantly surpasses traditional metrics and exhibits a high correlation with human judgment, addressing their shortcomings in understanding domain-specific terminologies prevalent in code summaries. Finally, we explore the generalizability of function name prediction by presenting BinSymn, a novel model architecture, trained on domain-adapted generative LLMs. Together, BinSum, SymLM, SimLLM, and BinSymn provide a comprehensiv (open full item for complete abstract)

Committee: Zhiqiang Lin (Advisor); Atanas Rountev (Committee Member); Srinivasan Parthasarathy (Committee Member); Carter Yagemann (Committee Member) Subjects: Computer Science

Doctor of Philosophy, The Ohio State University, 2024, Computer Science and Engineering

Emerging advancements in hardware, software, and networking have empowered developers to produce billions of Internet-of-Things (IoT) devices, ubiquitous not only in personal but also in public and mission-critical domains. These devices span a diverse array of applications, ranging from smart home automation, retail, and entertainment to industrial, automotive, and medical sectors. Presently, they have evolved to be more open, interconnected, and complex than ever before, yet they remain vulnerable to exploitation, posing significant security concerns. Consequently, comprehensive vetting procedures are essential to ensure these devices are free from vulnerabilities before potential attackers exploit them. As such, researchers and practitioners have employed various program analysis techniques to reverse engineer these devices. However, this is still very challenging due to the absence of source code as well as the heterogeneous nature of their hardware and software. In this dissertation, I present a {\em mobile-centric} reverse engineering framework to understand and uncover vulnerabilities of heterogeneous IoT devices. This framework is motivated by the prevalent connectivity of modern IoT devices that often rely on mobile devices as their primary front-end. This framework comprises four key components, and each component capitalizes on crucial insights derived from corresponding mobile interfaces and mechanisms. Firstly, CANHunter presents an innovative and cost-effective approach for reverse engineering proprietary CAN bus commands utilizing solely car companion mobile applications, eliminating the need for actual automobiles. Subsequently, DongleScope combines static analysis of companion apps with dynamic analysis to comprehensively scrutinize On-board Diagnostic (OBD-II) dongles. Moving forward, FirmXRay harnesses the over-the-air update mechanism from mobile devices to extract bare-metal IoT device firmware at scale. It then conducts static binary analysi (open full item for complete abstract)

Committee: Zhiqiang Lin Dr. (Advisor); Carter Yagemann Dr. (Committee Member); Ness Shroff Dr. (Committee Member); Anish Arora Dr. (Committee Member) Subjects: Computer Engineering; Computer Science

MS, University of Cincinnati, 2023, Engineering and Applied Science: Computer Engineering

The significant growth in the usage of modern Field Programmable Gate Arrays (FPGAs) can be ascribed to several significant attributes. First, FPGA designs have become simpler and the time-to-market has decreased, thanks to the accessibility of complete development tools, libraries, and IP cores. The expanding FPGA ecosystem and the ability to reprogram FPGAs have made them more accessible and adaptable to the changing industry needs. Second, compared to earlier generations, current FPGAs provide better performance, energy efficiency, and higher degrees of integration. Finally, fresh developments in the fields of Artificial Intelligence, Machine Learning, and IoT (Internet of Things) have boosted the need for adaptable and customized digital circuitry. Thus, it is necessary to enhance the security mechanisms on FPGA designs to combat the compromised FPGA bitstreams/malicious third-party IP blocks or to retrieve the golden designs. To counteract these threats, and to retrieve the lost legacy designs, Reverse engineering (RE) becomes a useful tool. FPGA reverse engineering is a complex process that takes bitstream from the memory of a device as input and outputs a human-readable description of that device. The steps involved in between these endpoints are Bitstream extraction, netlist recovery, and high-level netlist representation. The first step, Bitstream extraction involves retrieving the configuration data from an FPGA. The obtained configured bitstream file is then decoded to re-construct FPGA primitives like Look-Up-Tables (LUTs), Flip-Flops, etc. along with the logical routing connections between them. And this extraction describes the second step, netlist recovery and will be called LUT-level netlist in the rest of the thesis. Finally, high-level netlist representation is the process of understanding the overall functionality of the netlist representing it using Hardware Description Language at a higher abstraction level than the LUT-level netlist. (open full item for complete abstract)

Committee: Ranganadha Vemuri Ph.D. (Committee Chair); Wen-Ben Jone Ph.D. (Committee Member); John Emmert Ph.D. (Committee Member) Subjects: Computer Engineering

MS, University of Cincinnati, 2023, Engineering and Applied Science: Computer Engineering

One of the most important tasks in the field of electronic design automation (EDA) is the functional reverse engineering (RE) of flattened Field Programmable Gate Array (FPGA) Look-Up Table (LUT) netlists to their Register Transfer Level (RTL) representation. Legacy designs can be difficult to comprehend since they often lack adequate documentation or the original design files. By converting the netlists to RTL representation, engineers can gain a better understanding of the design's functionality and make improvements or modifications easily. Traditional netlist reverse engineering techniques can be time-consuming and error-prone as they manually examine the netlist and determine the underlying RTL structure. However, recent developments in machine learning, notably in the area of graph neural networks (GNNs), have demonstrated significant progress in addressing EDA issues. In this thesis, we presented a tool RELUT-GNN, that extracts high-level functionality from FPGA netlists using GNNs. To achieve this, a graph representation of the netlist structure is created, with the FPGA leaf cells serving as the nodes and the connected nets serving as the edges. GNNs can efficiently capture the connections and interdependence between the various design aspects by considering the netlist as a undirected graph. To train the GNN, a comprehensive custom dataset is constructed, which contains various data path elements commonly found in FPGA designs, such as Operators, Shifters, Counters, and Finite State Machines (FSMs). The dataset also includes combinations of these elements with varying bit widths, allowing the model to learn the diverse patterns and behaviors of different design components. During training, the GNN learns to aggregate the features of each node along with information from its neighboring nodes. This enables the model to capture the structural characteristics of the netlist and extract the high-level functionality of the sub-circuits with (open full item for complete abstract)

Committee: John Emmert Ph.D. (Committee Member); Ranganadha Vemuri Ph.D. (Committee Chair); Wen-Ben Jone Ph.D. (Committee Member) Subjects: Computer Engineering

Doctor of Philosophy, The Ohio State University, 2023, Animal Sciences

The finite nature of natural gas, in addition to environmental and health issues arising from the burning of fossil fuels, have propelled increased interest in the development of renewable and clean alternative energy sources. Biofuels, and specifically, biobutanol production through ABE fermentation is a promising means of achieving the goal of replacing fossil fuels with a renewable energy source in the short term. However, the low yield and productivity of the butanol-producing fermentation workhorse, Clostridium beijerinckii, is a major impediment to the commercialization of biobutanol production. Extensive metabolic engineering efforts have been made to generate an industrially applicable strain; however, success has been limited. The large genome, complex metabolic and regulatory networks, and the abundance of hypothetical proteins in C. beijerinckii, in addition to the limited success obtained with metabolic engineering efforts, indicate there could be new unidentified butanol production determinants in C. beijerinckii. Therefore, this study explored the use of a ribozyme-based approach as a reverse genetics tool to identify unknown genetic determinants of butanol production in C. beijerinckii. Using Gibson assembly, the Escherichia coli-Clostridium shuttle plasmid carrying the E. coli RNase P (M1 RNA) sequence and syntheized external guide sequences (GS) were assembled, to generate a plasmid library of customized M1-based ribozyme-guide sequence (GS) constructs. The M1GS library was generated to target 31 genes that code for hypothetical proteins, which are among the 100 most expressed genes during the transition from acidogenesis to solventogenesis in C. beijerinckii. Generated customized M1GS plasmid library was used to transform C. beijerinckii to generate individual transformants with targeted mRNA degradation. With selective (antibiotics) medium, high performance liquid chromatography and spectrophotometric assays, transformants with various growth and (open full item for complete abstract)

Committee: Thaddeus Ezeji (Advisor); Victor Ujor (Committee Member); Zhongtang Yu (Committee Member); MacDonald Wick (Committee Member); Lisa Bielke (Committee Member) Subjects: Alternative Energy; Animal Sciences; Biochemistry; Molecular Biology

PhD, University of Cincinnati, 2022, Engineering and Applied Science: Computer Science and Engineering

Due to the cost of integrated circuit fabrication, foundries have been moving offshore. While prudent, the original designer can no longer assert a solid chain of trust during this fabrication since it resides outside of the original country's jurisdiction. Therefore, the chip becomes vulnerable to the insertion of a Hardware Trojan, which is a collection of circuit elements designed to compromise the system. This is especially critical in the realm of security-sensitive applications, where the maintenance of secrecy is key to success. It is imperative that Hardware Trojan detection methods be researched. Greater ability to capture microscopic images of tiny circuit elements coupled with vibrant research in computer vision algorithms and equipment open a new avenue for integrated circuit supply chain detection-based security. However, scant research has been done in this area of post-fabrication physical inspection. The Automated Iterative Reverse Engineer project leverages image processing and computer vision techniques to physically detect Hardware Trojans using scanning electron microscope imagery among other modalities.

Committee: John Emmert Ph.D. (Committee Member); John Gallagher Ph.D. (Committee Member); Michael L. Raymer Ph.D. (Committee Member); Carla Purdy Ph.D. (Committee Member); Rashmi Jha Ph.D. (Committee Member) Subjects: Computer Engineering

MS, University of Cincinnati, 2022, Engineering and Applied Science: Computer Engineering

Field Programmable Gate Arrays (FPGAs) are integrated circuits designed so they can be reprogrammed to implement any logic circuit. FPGAs are used in critical systems like military radar and wireless communication infrastructure, making FPGA security critical. One major threat to the security of FPGAs are Trojans. Trojans are malicious modifications made to a circuit at any point in the design process. The reprogrammable nature of FPGAs makes them doubly vulnerable to Trojans because even if the physical chip is secure Trojans can still be inserted by compromising the bitstream that programs the FPGA. These types of Trojans could be detected by analyzing the bitstreams of affected FPGAs. However, FPGA manufacturers do not publish the format of bitstreams, providing a layer of inherent obfuscation for attackers to exploit. Meaning that the format of an FPGA's bitstream must be reverse engineered before it is possible to analyze the bitstream for Trojans. Existing methodologies for reverse engineering FPGA bitstreams require expert knowledge of an FPGA's architecture and its associated toolchain. In this Thesis we demonstrate a methodology of reverse engineering FPGA Look-Up-Tables (LUTs), the fundamental component of FPGA reprogrammable logic. Our methodology uses generic VHDL, which allows it to be easily ported to different FPGAs with only basic knowledge of FPGA design flow.

Committee: John Emmert Ph.D. (Committee Member); Ranganadha Vemuri Ph.D. (Committee Member); Carla Purdy Ph.D. (Committee Member) Subjects: Computer Engineering

Master of Science in Computer Engineering (MSCE), Wright State University, 2022, Computer Engineering

Reverse engineering tools rely on the critical image base value for tasks such as correctly mapping code into virtual memory for an emulator or accurately determining branch destinations for a disassembler. However, binaries are often stripped and therefore, do not explicitly state this value. Currently available solutions for calculating this essential value generally require user input in the form of parameter configurations or manual binary analysis, thus these methods are limited by the experience and knowledge of the user. In this thesis, we propose a user-independent solution for determining the image base of ARM32 binaries and describe our implementation. Our solution makes use of features present in all ARM32 binaries, utilizing statistical, structural, and semantical filtration to automatically calculate the image base value. We implemented our tool in 335 lines of Python. We tested our tool on 20 stripped binaries, and it successfully determined the image bases of each binary.

Committee: Junjie Zhang Ph.D. (Advisor); Lingwei Chen Ph.D. (Committee Member); Meilin Liu Ph.D. (Committee Member) Subjects: Computer Engineering

Doctor of Philosophy (PhD), Wright State University, 2021, Computer Science and Engineering PhD

The rapid increase of published research papers in recent years has escalated the need for automated ways to process and understand them. The successful recognition of the information that is contained in technical documents, depends on the understanding of the document's individual modalities. These modalities include tables, graphics, diagrams and etc. as defined in Bourbakis' pioneering work. However, the depth of understanding is correlated to the efficiency of detection and recognition. In this work, a novel methodology is proposed for automatic processing of and understanding of tables and graphics images in technical document. Previous attempts on tables and graphics understanding retrieve only superficial knowledge such as table contents and axis values. However, the focus on capturing the internal associations and relations between the extracted data from each figure is studied here. The proposed methodology is divided into the following steps: 1) figure detection, 2) figure recognition, 3) figure understanding, by figures we mean tables, graphics and diagrams. More specifically, we evaluate different heuristic and learning methods for classifying table and graphics images as part of the detection module. Table recognition and deep understanding includes the extraction of the knowledge that is illustrated in a table image along with the deeper associations between the table variables. The graphics recognition module follows a clustering based approach in order to recognize middle points. Middle points are 2D points where the direction of the curves changes. They delimit the straight line segments that construct the graphics curves. We use these detected middle points in order to understand various features of each line segment and the associations between them. Additionally, we convert the extracted internal tabular associations and the captured curves' structural and functional behavior into a common and at the same time uni (open full item for complete abstract)

Committee: Nikolaos G. Bourbakis, Ph.D. (Advisor); Soon M. Chung, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member); Euripides G. M. Petrakis, Ph.D. (Committee Member); George A. Tsihrintzis, Ph.D. (Committee Member) Subjects: Computer Science

MS, University of Cincinnati, 2020, Engineering and Applied Science: Computer Science

Social media platforms dominate the technological world. Because of this, it has become increasingly important that these platforms are not only trustworthy, but secure. One of the most recent social media platforms to surface is TikTok, which has grown in popularity at a record pace, making it one of the most used social media applications in 2020. Despite TikTok's popularity, it has received scrutiny from American lawmakers potentially posing threats to national security. These threats have prompted the United States government to consider banning TikTok. Other nations, such as India, have already implemented national bans for similar reasons. The national security concerns surrounding TikTok originate from the parent company's national ties to China, questionable third party relations to the parent company and questions surrounding the data collected by the application itself. Recently, many have come forward with their findings from reverse engineering the application to expose its actual functionality. These findings highlight the security concerns within the application, focusing on application permissions, the insecure cryptography mechanisms, and additional issues that pose threats to users' personal data. This paper outlines the process of reverse engineering, thereby detailing the security concerns surrounding TikTok, as well as provide a proof of concept (POC) application capable of demonstrating the potential security risks. Accomplished using entirely open-source tools, this project aims to spread awareness about the importance of information security on mobile devices.

Committee: John Franco Ph.D. (Committee Chair); John Emmert Ph.D. (Committee Member); Rashmi Jha Ph.D. (Committee Member) Subjects: Computer Science

Doctor of Philosophy, The Ohio State University, 2020, Computer Science and Engineering

Today, mobile applications (apps for short) are everywhere and they often need to talk to remote backends to provide a variety of services. These backends, regardless of traditional servers or emerging cloud-based backends, are typically multi-user computing systems that need to regulate who can view or use a resource. A particular security mechanism to achieve this objective is to use access control, which typically consists of both authentication and authorization. In this dissertation, we present a systematic methodology to automatically identify vulnerable access control implementations in mobile applications (i.e., remote backends including traditional servers and cloud-based backends, and mobile apps) through automated reverse engineering of the binary code of mobile apps available in the app stores (e.g., Google Play). In particular, this methodology involves four key components: AutoForge, AuthScope, LeakScope, and MultiScope, where the first three components focus on vulnerable access controls that involve two parties (e.g., app and server, or app and cloud-based backend) and the last one focuses on vulnerable multi-party access controls (e.g., multi-party payment transactions for in-app purchases). More specifically, in order to identify vulnerable access controls in traditional servers, we designed two components that depend on traffic analysis to identify vulnerable authentication and authorization respectively. First, with respect to the identification of vulnerable authorization, we designed AutoForge that forges traffic for login to identify whether servers are subject to password brute-forcing attacks. Second, to identify vulnerable authorization, we implemented AuthScope that manipulates traffic by mutating fields used for authorization between two different users to inspect whether servers have enforced the authorization token properly. Additionally, to identify vulnerable access controls in cloud-based backends and multi-party communication model (open full item for complete abstract)

Committee: Lin Zhiqiang (Advisor); Zhang Yinqian (Committee Member); Qin Feng (Committee Member); Rountev Atanas (Committee Member) Subjects: Computer Science

MS, University of Cincinnati, 2020, Engineering and Applied Science: Mechanical Engineering

In the manufacturing domain, product design is the blueprint of the part. The product design is stored and represented as a solid geometric model. Sometimes, we need to bring an already manufactured part into the digital domain and re-create the blueprint for engineering design purposes. Objects are typically scanned using contact or non-contact type scanners to obtain a point cloud. The point cloud carries information about the part's surface as coordinate data in 3-D space. This thesis outlines a novel method to reverse engineer a point cloud directly into CAD geometry, without the necessity of converting the point cloud into a 3-D mesh format such as STL. This approach is inspired by the process of layer by layer material deposition in additive manufacturing. The point cloud is processed to obtain slices of points with a uniform slice thickness. In the next step, closed B-spline curves are interpolated using the points of each slice resulting in layer-wise curve profiles. These curves are either extruded or lofted in the CAD environment from one slice to the next to obtain a solid CAD model. Concepts of Computational Geometry and Image Processing are used in this approach. Four case studies are performed to demonstrate the methodology. The results show consistent success in capturing the near net shape of the objects. An improvement in the accuracy of the final geometry can be observed upon reducing the slice thickness. However, the minimum slice thickness is limited by the density of the point cloud.

Committee: Sam Anand Ph.D. (Committee Chair); Manish Kumar Ph.D. (Committee Member); Jing Shi Ph.D. (Committee Member) Subjects: Mechanical Engineering

MS, University of Cincinnati, 2019, Engineering and Applied Science: Electrical Engineering

As third-party manufacturing allows substantial cost reduction compared to operating semiconductor fabrication plants, many semiconductor design companies focus on chip design and become fabless. However, sending design to third-party foundries also raises security concerns because attacks like hardware trojan (HT) implantation or reverse engineering (RE) may occur during in this processes. Split Manufacturing (SM) provides a security solution to this issue by fabricating one chip by using two different foundries. Although there are many physical layers in a chip, the transistors devices are always in the bottom layers. When chips are split manufactured, only the bottom layers require advanced fabrication process. For fabless companies using SM, bottom layers can be manufactured in foundries supporting leading fabrication technology without sharing the top layers. Then the top layers can be fabricated in trusted, less-advanced foundries. The concept of SM has a potential in preventing design information leakage. However, recent research on attacks on SM shows that this method is vulnerable. Our research focuses on developing attack algorithms to recover the circuit and test the security of the SM method. We created several attack strategies using the same circuit layout information that the foundries have and tested those algorithms using benchmark circuits. Among them, a cone based attack algorithm shows good performance. It uses a using swap-based strategy and Hamming Distance (HD) metric to verify the connection correctness of the recovered circuits and a simulated Annealing (SA) based process to reduce HD.

Committee: Ranganadha Vemuri Ph.D. (Committee Chair); Wen-Ben Jone Ph.D. (Committee Member); Carla Purdy Ph.D. (Committee Member) Subjects: Electrical Engineering

Master of Science in Computer Engineering (MSCE), Wright State University, 2019, Computer Engineering

Software reverse engineering (SRE) is a broad field with motivations ranging from verifying or documenting gordian source code files to understanding and reimplementing binary object files and executables. SRE of binaries is exceptionally compelling and challenging due to large amounts of information that can be lost in the compilation progress. A central area in SRE is type inference. Type inference is built around a fundamental step in understanding the behavior of a binary, recovering the types of data in the program. Type inference has many unique techniques in both static and dynamic type inference systems that have been implemented in more than forty approaches. The problem has been noted in literature that evaluation and testing is difficult in software reverse engineering due to various challenges like closed-source tools, commercial fees, inconstancy of data being tested; a 2016 survey noted many of these tools cannot be compared against each other, or introduce techniques that would be beneficial to evaluate in other situations. This survey noted the need for additional work to focus more on specific techniques in the hopes of generating better environments to test approaches in, or compare against, even if there is no access to the tool.iv This lightweight configurable approach evaluates the well-known techniques of flow-sensitive, context-sensitive, type inference based on instructions and type propagation, however, it works to isolate these techniques and compares how they changed with additional information. With this in mind, all the indicators are configurable as means to help engineers who are interested in evaluating the effectiveness of an indicator within a configuration or technique.

Committee: Michelle Cheatham Ph.D. (Committee Chair); John Gallagher Ph.D. (Committee Member); Mateen Rizki Ph.D. (Committee Member) Subjects: Computer Engineering

Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2019, Computer Engineering

In the growing world of cybersecurity, being able to map and analyze how software and hardware interact is key to understanding and protecting critical embedded systems like the Engine Control Unit (ECU). The aim of our research is to use our understanding of the ECU's control flow attained through manual analysis to automatically map and identify sensor functions found within the ECU. We seek to do this by generating unique sets of feature vectors for every function within the binary file of a car ECU, and then using those feature sets to locate functions within each binary similar to their corresponding control function. This feature algorithm is used to locate candidate functions that utilize a sensor, and then examine the structure of each of these candidate functions to approximate the memory-mapped IO address of each sensor. This method was able to successfully locate 95\% of all candidate functions and was able to successfully recover 100\% of likely sensor addresses within each of those functions.

Committee: Junjie Zhang Ph.D. (Advisor); Jack Jean Ph.D. (Committee Member); Meilin Liu Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science

Master of Science, The Ohio State University, 2019, Mechanical Engineering

The design and analysis of engineering structures often requires optimization between competing criteria and requirements. This is not dissimilar to the competing criteria that drives evolution and optimization of organisms in nature. The field of biomimicry studies how nature has performed this optimization with the intent of applying those lessons to human made products and structures. Previous research projects have studied the optimization of the ant neck joint and its resistance to failure when loaded [1] [2]. While previous research has focused on experimental data collection, this project focused on developing a methodology to digitize structures of arthropods with a greater level of automation. This process allowed the study of these structures from an engineering perspective and allowed the investigation of their application at a larger, more human centered size. µCT scans were used in order to collect data from a preserved ant sample and the resulting image data was processes to create a 3D point cloud of the exoskeleton. By creating a 3D model from this point cloud, the exoskeleton could be studied in using a variety of software, scaled up to larger sizes, and 3D printed without using expensive image processing programs. In conclusion, the scripts, processes, and workflow developed for this project will allow for the study of the ant neck joint beyond experimental procedure and moves this research into the application phase.

Committee: Sandra Metzler PhD. (Advisor); Blaine Lilly PhD. (Committee Member) Subjects: Engineering; Mechanical Engineering