Razor: A framework for post-deployment software debloating

Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, Wenke Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Scopus citations

    Abstract

    Commodity software typically includes a large number of functionalities for a broad user population. However, each individual user usually only needs a small subset of all supported functionalities. The bloated code not only hinders optimal execution, but also leads to a larger attack surface. Recent works have explored program debloating as an emerging solution to this problem. Unfortunately, these works require program source code, limiting their real-world deployability. In this paper, we propose a practical debloating framework, RAZOR, that performs code reduction for deployed binaries. Based on users' specifications, our tool customizes the binary to generate a functional program with minimal code size. Instead of only supporting given test cases, RAZOR takes several control-flow heuristics to infer complementary code that is necessary to support user-expected functionalities. We evaluated RAZOR on commonly used benchmarks and real-world applications, including the web browser FireFox and the close-sourced PDF reader FoxitReader. The result shows that RAZOR is able to reduce over 70% of the code from the bloated binary. It produces functional programs and does not introduce any security issues. RAZOR is thus a practical framework for debloating real-world programs.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 28th USENIX Security Symposium
    PublisherUSENIX Association
    Pages1733-1750
    Number of pages18
    ISBN (Electronic)9781939133069
    StatePublished - 2019
    Event28th USENIX Security Symposium - Santa Clara, United States
    Duration: Aug 14 2019Aug 16 2019

    Publication series

    NameProceedings of the 28th USENIX Security Symposium

    Conference

    Conference28th USENIX Security Symposium
    CountryUnited States
    CitySanta Clara
    Period8/14/198/16/19

    All Science Journal Classification (ASJC) codes

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Fingerprint Dive into the research topics of 'Razor: A framework for post-deployment software debloating'. Together they form a unique fingerprint.

    Cite this