Nibbler: Debloating binary shared libraries

Ioannis Agadakos, Di Jin, David Williams-King, Vasileios P. Kemerlis, Georgios Portokalidis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

54 Scopus citations

Abstract

Developers today have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library’s code is mapped into the address space, even if only a single function is actually needed. The unused portion is bloat that can negatively impact software defenses by unnecessarily inflating their overhead or increasing their attack surface. Recent work has explored debloating as a way of alleviating the above problems, when source code is available. In this paper, we investigate whether debloating is possible and practical at the binary level. To this end, we present Nibbler: a system that identifies and erases unused functions within shared libraries. Nibbler works in tandem with defenses like continuous code re-randomization and control-flow integrity, enhancing them without incurring additional run-time overhead. We developed and tested a prototype of Nibbler on x86-64 Linux; Nibbler reduces the size of shared libraries and the number of available functions, for real-world binaries and the SPEC CINT2006 suite, by up to 56% and 82%, respectively. We also demonstrate that Nibbler benefits defenses by showing that: (i) it improves the deployability of a continuous re-randomization system for binaries, namely Shuffler, by increasing its efficiency by 20%, and (ii) it improves certain fast, but coarse and context-insensitive control-flow integrity schemes by reducing the number of gadgets reachable through returns and indirect calls by 75% and 49% on average.

Original languageEnglish
Title of host publicationProceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
Pages70-83
Number of pages14
ISBN (Electronic)9781450376280
DOIs
StatePublished - 9 Dec 2019
Event35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States
Duration: 9 Dec 201913 Dec 2019

Publication series

NameACM International Conference Proceeding Series

Conference

Conference35th Annual Computer Security Applications Conference, ACSAC 2019
Country/TerritoryUnited States
CitySan Juan
Period9/12/1913/12/19

Keywords

  • Code debloating
  • Software security
  • Static binary analysis

Fingerprint

Dive into the research topics of 'Nibbler: Debloating binary shared libraries'. Together they form a unique fingerprint.

Cite this