ABSTRACT
We would all benefit if software were slimmer, thinner, and generally only did what we needed and nothing more. To this end, our research team has been exploring methods for removing unused and undesirable features from compiled programs. Our primary goal is to improve software security by removing rarely used features in order to decrease a pro- gram's attack surface. We describe two different approaches for "thinning" binary images of compiled programs. The first approach removes specific program features using dynamic tracing as a guide. This approach is safer than many alterna- tives, but is limited to removing code which is reachable in a trace when an undesirable feature is enabled. The second ap- proach uses a genetic algorithm (GA) to mutate a program until a suitable variant is found. Our GA-based approach can potentially remove any code that is not strictly required for proper execution, but may break program semantics in unpredictable ways. We show results of these approaches on a simple program and real-world software and explore some of the implications for software security.
- G. Dabah. distorm - powerful disassembler library for x86/amd64. URL: https://code.google.com/p/distorm/, January 2015.Google Scholar
- C. Le Goues, T. Nguyen, S. Forrest, and W. Weimer. Genprog: A generic method for automatic software repair. IEEE Trans. Softw. Eng., 38(1):54--72, Jan. 2012. Google ScholarDigital Library
- E. Schulte, J. DiLorenzo, W. Weimer, and S. Forrest. Automated repair of binary and assembly programs for cooperating embedded devices. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13, pages 317--328, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- E. Schulte, J. Dorn, S. Harding, S. Forrest, and W. Weimer. Post-compiler software optimization for reducing energy. SIGARCH Comput. Archit. News, 42(1):639--652, Feb. 2014. Google ScholarDigital Library
- E. Schulte, Z. P. Fry, E. Fast, W. Weimer, and S. Forrest. Software mutational robustness. Genetic Programming and Evolvable Machines, 15(3):281--312, Sept. 2014. Google ScholarDigital Library
- S. Sethumadhavan, S. J. Stolfo, A. Keromytis, J. Yang, and D. August. The sparchs project: Hardware support for software security. In Proceedings of the 2011 First SysSec Workshop, SYSSEC '11, pages 119--122, Washington, DC, USA, 2011. IEEE Computer Society. Google ScholarDigital Library
- M. Velez, D. Qiu, Y. Zhou, E. T. Barr, and Z. Su. A study of "wheat" and "chaff" in source code. CoRR, abs/1502.01410, 2015.Google Scholar
- G. Wagner, A. Gal, and M. Franz.textquotedblleftSlimming\textquotedblright a Java virtual machine by way of cold code removal and optimistic partial program loading. Science of Computer Programming, 76(11):1037--1053, Nov. 2011. Google ScholarDigital Library
- A. Zeller and R. Hildebrandt. Simplifying and isolating failure-inducing input. IEEE Trans. Softw. Eng., 28(2):183--200, Feb. 2002. Google ScholarDigital Library
Index Terms
- Removing the Kitchen Sink from Software
Recommendations
Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications SecurityDriven by application diversification and market needs, software systems are integrating new features rapidly. However, this “feature creep” can compromise software security, as more code carries the risk of more vulnerabilities. This paper presents a ...
On removing multiple redundancies in combinational circuits
DATE '98: Proceedings of the conference on Design, automation and test in EuropeRedundancy removal is an important step in combinational logic optimization. After a redundant wire is removed, other originally redundant wires may become irredundant, and some originally irredundant wires may become redundant. When multiple ...
Porous methyltrimethoxysilane coated nanoscale-hydroxyapatite for removing lead ions from aqueous solutions
Special issue on Nanomaterials and the EnvironmentThe aim of this study was to synthetize new porous nanoparticles based on methyltrimethoxysilane coated hydroxyapatite (MTHAp) for lead removal form aqueous solutions. The morphological and compositional analysis of MTHAp were investigated by X-ray ...
Comments