Late-stage Software Customization and Complexity Reduction S&T for Legacy Naval Systems

Abstract

Current practice for developing and deploying software encourages the development of bloated software with featuresunneeded by user"s throughout the system stack. Such bloated software can perform non-optimally, exhausting theresources of critical systems, and ca"n be exploited by an attacker to perform unintended effects on a host system.Debloating modern application software is challenging" because it is often difficult to characterize desired behaviors ofan application, much less to automatically analyze such programs"", which typically perform complicated operations oncode pointers, and can only be analyzed effectively as complete collections of l"ow-level code. Debloating modernoperating systems is challenging because there is a fundamental mismatch between when decisions are" maderegarding which software is included (i.e., when the system is configured) and when a user can easily specify whichsystem fea"tures are needed.We propose a research program that will develop techniques that address each of the above challenges in systemdeb"loating with novel techniques in program analysis and system development. In particular, we propose anapplication debloater that wi"ll identify functionality by selectively exploring program paths. It will use path enumerationand active learning to identify desir"ed functionality, a novel points-to and escape analysis to debloat applicationsaggressively and scalably, a demand-driven linker to"" harden a debloated application, and post-transformationvalidation to formally characterize equivalence of an original program and" the debloated result. We also propose anOS debloater that will enable a user to run a system that contains implementations of exactly the modules required toimplement desired functionality.The key contribution of our work will be a set of approaches for compre"hensively and aggres-sively debloating thesystem stack. The approaches will be applicable to arbitrary, low-level code, and will be" transparently usable by userswith no required understanding of the complex bodies of software that they wish to debloat.

Document Details

Document Type
DoD Grant Award
Publication Date
Sep 29, 2017
Source ID
N000141712895

Entities

People

  • William R. Harris

Organizations

  • Georgia Tech Research Corporation
  • Office of Naval Research
  • United States Navy

Tags

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computer Programming and Software Development.
  • Computer Science.
  • Distributed Systems and Data Platform Development