TY - JOUR
T1 - Large-scale Debloating of Binary Shared Libraries
AU - Agadakos, Ioannis
AU - Demarinis, Nicholas
AU - Jin, Di
AU - Williams-King, Kent
AU - Alfajardo, Jearson
AU - Shteinfeld, Benjamin
AU - Williams-King, David
AU - Kemerlis, Vasileios P.
AU - Portokalidis, Georgios
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/12
Y1 - 2020/12
N2 - Developers nowadays have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library's code is mapped into the process address space, even if only a single function is actually needed. The unused portion is bloat that can negatively impact software defenses by unnecessarily inflating their overhead or increasing the attack surface. In this article, we investigate whether debloating is possible and practical at the binary level. To this end, we present Nibbler: a system that identifies and erases unused functions within dynamic shared libraries. Nibbler works in tandem with defenses such as continuous code re-randomization and control-flow integrity, enhancing them without incurring additional run-time overhead. We developed and tested a prototype of Nibbler on x86-64 Linux; Nibbler reduces the size of shared libraries and the number of available functions, for real-world binaries and the SPEC CINT2006 suite, by up to 56% and 82%, respectively. We also demonstrate that Nibbler benefits defenses by showing that: (i) it improves the deployability of a continuous re-randomization system for binaries, namely, Shuffler, by increasing its efficiency by 20%, and (ii) it improves certain fast but coarse and context-insensitive control-flow integrity schemes by reducing the number of gadgets reachable through indirect branch instructions by 75% and 49%, on average. Last, we apply Nibbler on ≈30K C/C++ binaries and ≈5K unique dynamic shared libraries (i.e., almost the complete set of the Debian sid distribution), as well as on nine official Docker images (with millions of downloads in Docker Hub), reporting entrancing findings regarding code bloat at large.
AB - Developers nowadays have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library's code is mapped into the process address space, even if only a single function is actually needed. The unused portion is bloat that can negatively impact software defenses by unnecessarily inflating their overhead or increasing the attack surface. In this article, we investigate whether debloating is possible and practical at the binary level. To this end, we present Nibbler: a system that identifies and erases unused functions within dynamic shared libraries. Nibbler works in tandem with defenses such as continuous code re-randomization and control-flow integrity, enhancing them without incurring additional run-time overhead. We developed and tested a prototype of Nibbler on x86-64 Linux; Nibbler reduces the size of shared libraries and the number of available functions, for real-world binaries and the SPEC CINT2006 suite, by up to 56% and 82%, respectively. We also demonstrate that Nibbler benefits defenses by showing that: (i) it improves the deployability of a continuous re-randomization system for binaries, namely, Shuffler, by increasing its efficiency by 20%, and (ii) it improves certain fast but coarse and context-insensitive control-flow integrity schemes by reducing the number of gadgets reachable through indirect branch instructions by 75% and 49%, on average. Last, we apply Nibbler on ≈30K C/C++ binaries and ≈5K unique dynamic shared libraries (i.e., almost the complete set of the Debian sid distribution), as well as on nine official Docker images (with millions of downloads in Docker Hub), reporting entrancing findings regarding code bloat at large.
KW - Code debloating
KW - software security
KW - static binary analysis
UR - http://www.scopus.com/inward/record.url?scp=85108555745&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108555745&partnerID=8YFLogxK
U2 - 10.1145/3414997
DO - 10.1145/3414997
M3 - Review article
AN - SCOPUS:85108555745
VL - 1
JO - Digital Threats: Research and Practice
JF - Digital Threats: Research and Practice
IS - 4
M1 - 19
ER -