Synergistic Software Customization: Framework, Algorithms, Tools

Abstract

Problem: Object-oriented languages such as C++, C#, and Java have brought us software libraries that are large, well tested, and eas""y to use. As programmers continue to develop layers of useful libraries, the security and efficiency of application software decreas"e. The problem is that the massive libraries usually add complexity to even simple tasks and increase attack surfaces.Objective: Th"e goal of our project is to show how we can address the security and inefficiency problems with novel, automatic software tools. Our"" tools will remove little used functionality, decrease run-time bloat, and specialize libraries to what is actually used. A unique s""trength of our project is that we will actively leverage the synergy between the three research thrusts on functionality reduction,"" de-bloating, and de-layering.Approach:On functionality reduction (FR), our goal is to select features and code regions to be remo"ved from applications and underlying libraries. In order not to require any kinds of human effort in tagging features or functionali"ty, we propose a completely automated approach to detect (1) unused functionality by finding never-invoked APIs or discovering defac""touse of the interfaces, (2) inefficient objects by determining which faster performing type could replace a slower performing type"", and (3) redundant program logic evidenced by code duplication in binaries. On de-bloating (DB), our goal is to permanently and sta"tically remove the unnecessary features and code regions. We propose a set of static techniques that merge functionalities of related types with the goal of removing unnecessary types and propose an automated clone removal technique that factorizes redundant code" in bytecode. On de-layering (DL), our goal is toreduce indirections and layers of abstractions through static inlining and partial"" evaluation. Our specializationtechnique will remove redundant features, partially evaluate generic code, and change allocation sit"es to use the fastest-performing type. The proposed work builds on the PIs~ foundational work on runtime bloat detection and removal", code clone analysis and removal, and type-safe inlining. We see tremendous potential for the synergy across the above three resear"ch thrusts. We will design a synergistic approach where the results of one thrust are actively fedto the other two thrusts. As a re"sult, we will produce a single, completely automated, integrated, end-user friendly infrastructure that combines the three thrusts.""Mission/Relevance: As software development has evolved, additional layers of abstraction have been continually added resulting in in"creased complexity and inefficiencies. The research integrates well with an important thrust within ONR~s cyber research program to perform late-stage software transformation to de-bloat and de-layer the exceedingly complex modern software. This research will contribute to ONR~s vision of building a transformative ecosystem for bloat-free software with reduced attack surfaces.

Document Details

Document Type

DoD Grant Award

Publication Date

Dec 20, 2017

Source ID

N000141812037

Entities

Tags