research-article

Removing the Kitchen Sink from Software

Authors:
Jason Landsborough

SPAWAR Systems Center Pacific, San Diego, CA, USA

SPAWAR Systems Center Pacific, San Diego, CA, USA
View Profile

,
Stephen Harding

SPAWAR Systems Center Pacific, San Diego, CA, USA

SPAWAR Systems Center Pacific, San Diego, CA, USA
View Profile

,
Sunny Fugate

SPAWAR Systems Center Pacific, San Diego, CA, USA

SPAWAR Systems Center Pacific, San Diego, CA, USA
View Profile

GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary ComputationJuly 2015Pages 833–838https://doi.org/10.1145/2739482.2768424

Published:11 July 2015Publication History

GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation

Pages 833–838

ABSTRACT

We would all benefit if software were slimmer, thinner, and generally only did what we needed and nothing more. To this end, our research team has been exploring methods for removing unused and undesirable features from compiled programs. Our primary goal is to improve software security by removing rarely used features in order to decrease a pro- gram's attack surface. We describe two different approaches for "thinning" binary images of compiled programs. The first approach removes specific program features using dynamic tracing as a guide. This approach is safer than many alterna- tives, but is limited to removing code which is reachable in a trace when an undesirable feature is enabled. The second ap- proach uses a genetic algorithm (GA) to mutate a program until a suitable variant is found. Our GA-based approach can potentially remove any code that is not strictly required for proper execution, but may break program semantics in unpredictable ways. We show results of these approaches on a simple program and real-world software and explore some of the implications for software security.

References

G. Dabah. distorm - powerful disassembler library for x86/amd64. URL: https://code.google.com/p/distorm/, January 2015.Google Scholar
C. Le Goues, T. Nguyen, S. Forrest, and W. Weimer. Genprog: A generic method for automatic software repair. IEEE Trans. Softw. Eng., 38(1):54--72, Jan. 2012. Google ScholarDigital Library
E. Schulte, J. DiLorenzo, W. Weimer, and S. Forrest. Automated repair of binary and assembly programs for cooperating embedded devices. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13, pages 317--328, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
E. Schulte, J. Dorn, S. Harding, S. Forrest, and W. Weimer. Post-compiler software optimization for reducing energy. SIGARCH Comput. Archit. News, 42(1):639--652, Feb. 2014. Google ScholarDigital Library
E. Schulte, Z. P. Fry, E. Fast, W. Weimer, and S. Forrest. Software mutational robustness. Genetic Programming and Evolvable Machines, 15(3):281--312, Sept. 2014. Google ScholarDigital Library
S. Sethumadhavan, S. J. Stolfo, A. Keromytis, J. Yang, and D. August. The sparchs project: Hardware support for software security. In Proceedings of the 2011 First SysSec Workshop, SYSSEC '11, pages 119--122, Washington, DC, USA, 2011. IEEE Computer Society. Google ScholarDigital Library
M. Velez, D. Qiu, Y. Zhou, E. T. Barr, and Z. Su. A study of "wheat" and "chaff" in source code. CoRR, abs/1502.01410, 2015.Google Scholar
G. Wagner, A. Gal, and M. Franz.textquotedblleftSlimming\textquotedblright a Java virtual machine by way of cold code removal and optimistic partial program loading. Science of Computer Programming, 76(11):1037--1053, Nov. 2011. Google ScholarDigital Library
A. Zeller and R. Hildebrandt. Simplifying and isolating failure-inducing input. IEEE Trans. Softw. Eng., 28(2):183--200, Feb. 2002. Google ScholarDigital Library

Index Terms

Removing the Kitchen Sink from Software
1. Information systems
  1. Information systems applications
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Driven by application diversification and market needs, software systems are integrating new features rapidly. However, this “feature creep” can compromise software security, as more code carries the risk of more vulnerabilities. This paper presents a ...
Read More
On removing multiple redundancies in combinational circuits
DATE '98: Proceedings of the conference on Design, automation and test in Europe

Redundancy removal is an important step in combinational logic optimization. After a redundant wire is removed, other originally redundant wires may become irredundant, and some originally irredundant wires may become redundant. When multiple ...
Read More
Porous methyltrimethoxysilane coated nanoscale-hydroxyapatite for removing lead ions from aqueous solutions
Special issue on Nanomaterials and the Environment

The aim of this study was to synthetize new porous nanoparticles based on methyltrimethoxysilane coated hydroxyapatite (MTHAp) for lead removal form aqueous solutions. The morphological and compositional analysis of MTHAp were investigated by X-ray ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation
July 2015
1568 pages
ISBN:9781450334884
DOI:10.1145/2739482
Editor:
Sara Silva
Universidade de Lisboa, Portugal
,
General Chair:
Anna I. Esparcia-Alcázar
Universitat Politècnica de València, Spain
Copyright © 2015 Public Domain
This paper is authored by an employee(s) of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that the article citation is given and the authors and agency are clearly identified as its source.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 July 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
feature removal
genetic algorithm
tracing
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,669of4,410submissions,38%
Upcoming Conference
GECCO '24

Sponsor:

sigevo

Genetic and Evolutionary Computation Conference

July 14 - 18, 2024

Melbourne , VIC , Australia
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 17
  Total Citations
  View Citations
- 170
  Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Removing the Kitchen Sink from Software

GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs

On removing multiple redundancies in combinational circuits

Porous methyltrimethoxysilane coated nanoscale-hydroxyapatite for removing lead ions from aqueous solutions