Cimplifier: Automatically debloating containers

Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations

Abstract

Application containers, such as those provided by Docker, have recently gained popularity as a solution for agile and seamless software deployment. These light-weight virtualization environments run applications that are packed together with their resources and configuration information, and thus can be deployed across various software platforms. Unfortunately, the ease with which containers can be created is oftentimes a double-edged sword, encouraging the packaging of logically distinct applications, and the inclusion of significant amount of unnecessary components, within a single container. These practices needlessly increase the container size-sometimes by orders of magnitude. They also decrease the overall security, as each included component-necessary or not- may bring in security issues of its own, and there is no isolation between multiple applications packaged within the same container image. We propose algorithms and a tool called Cimplifier, which address these concerns: given a container and simple user-defined constraints, our tool partitions it into simpler containers, which (i) are isolated from each other, only communicating as necessary, and (ii) only include enough resources to perform their functionality. Our evaluation on real-world containers demonstrates that Cimplifier preserves the original functionality, leads to reduction in image size of up to 95%, and processes even large containers in under thirty seconds.

Original languageEnglish (US)
Title of host publicationESEC/FSE 2017 - Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
EditorsAndrea Zisman, Eric Bodden, Wilhelm Schafer, Arie van Deursen
PublisherAssociation for Computing Machinery
Pages476-486
Number of pages11
ISBN (Electronic)9781450351058
DOIs
StatePublished - Aug 21 2017
Event11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017 - Paderborn, Germany
Duration: Sep 4 2017Sep 8 2017

Publication series

NameProceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering
VolumePart F130154

Other

Other11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017
CountryGermany
CityPaderborn
Period9/4/179/8/17

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Cimplifier: Automatically debloating containers'. Together they form a unique fingerprint.

Cite this