BinTrimmer: Towards static binary debloating through abstract interpretation

Nilo Redini; Ruoyu Wang; Aravind Machiry; Yan Shoshitaishvili; Giovanni Vigna; Christopher Kruegel

doi:10.1007/978-3-030-22038-9_23

BinTrimmer: Towards static binary debloating through abstract interpretation

Nilo Redini, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel

Computing and Augmented Intelligence, School of (IAFSE-SCAI)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

18 Scopus citations

Abstract

The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove upÂ to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

Original language	English (US)
Title of host publication	Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings
Editors	Roberto Perdisci, Roberto Perdisci, Clémentine Maurice, Giorgio Giacinto, Magnus Almgren
Publisher	Springer Verlag
Pages	482-501
Number of pages	20
ISBN (Print)	9783030220372
DOIs	https://doi.org/10.1007/978-3-030-22038-9_23
State	Published - 2019
Event	16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019 - Gothenburg, Sweden Duration: Jun 19 2019 → Jun 20 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11543 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019
Country/Territory	Sweden
City	Gothenburg
Period	6/19/19 → 6/20/19

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-22038-9_23

Cite this

Redini, N., Wang, R., Machiry, A., Shoshitaishvili, Y., Vigna, G., & Kruegel, C. (2019). BinTrimmer: Towards static binary debloating through abstract interpretation. In R. Perdisci, R. Perdisci, C. Maurice, G. Giacinto, & M. Almgren (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings (pp. 482-501). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-22038-9_23

BinTrimmer: Towards static binary debloating through abstract interpretation. / Redini, Nilo; Wang, Ruoyu; Machiry, Aravind et al.
Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. ed. / Roberto Perdisci; Roberto Perdisci; Clémentine Maurice; Giorgio Giacinto; Magnus Almgren. Springer Verlag, 2019. p. 482-501 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Redini, N, Wang, R, Machiry, A, Shoshitaishvili, Y, Vigna, G & Kruegel, C 2019, BinTrimmer: Towards static binary debloating through abstract interpretation. in R Perdisci, R Perdisci, C Maurice, G Giacinto & M Almgren (eds), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11543 LNCS, Springer Verlag, pp. 482-501, 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019, Gothenburg, Sweden, 6/19/19. https://doi.org/10.1007/978-3-030-22038-9_23

Redini N, Wang R, Machiry A, Shoshitaishvili Y, Vigna G, Kruegel C. BinTrimmer: Towards static binary debloating through abstract interpretation. In Perdisci R, Perdisci R, Maurice C, Giacinto G, Almgren M, editors, Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Springer Verlag. 2019. p. 482-501. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-22038-9_23

Redini, Nilo ; Wang, Ruoyu ; Machiry, Aravind et al. / BinTrimmer : Towards static binary debloating through abstract interpretation. Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. editor / Roberto Perdisci ; Roberto Perdisci ; Clémentine Maurice ; Giorgio Giacinto ; Magnus Almgren. Springer Verlag, 2019. pp. 482-501 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5ca6510bb1734549be094f3bfeb4a1f1,

title = "BinTrimmer: Towards static binary debloating through abstract interpretation",

abstract = "The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up{\^A} to 65.6% of a library{\textquoteright}s code and that our domain is, on average, 98% more precise than the related work.",

author = "Nilo Redini and Ruoyu Wang and Aravind Machiry and Yan Shoshitaishvili and Giovanni Vigna and Christopher Kruegel",

note = "Funding Information: Acknowledgements. We would like to thank our reviewers for their valuable comments and input to improve our paper. This material is based on research sponsored by the Office of Naval Research under grant number N00014-17-1-2897, the NSF under Award number CNS-1704253, and the DARPA under agreement number FA8750-15-2-0084 and FA8750-19-C-0003. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, or the U.S. Government. Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019 ; Conference date: 19-06-2019 Through 20-06-2019",

year = "2019",

doi = "10.1007/978-3-030-22038-9_23",

language = "English (US)",

isbn = "9783030220372",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "482--501",

editor = "Roberto Perdisci and Roberto Perdisci and Cl{\'e}mentine Maurice and Giorgio Giacinto and Magnus Almgren",

booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings",

}

TY - GEN

T1 - BinTrimmer

T2 - 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019

AU - Redini, Nilo

AU - Wang, Ruoyu

AU - Machiry, Aravind

AU - Shoshitaishvili, Yan

AU - Vigna, Giovanni

AU - Kruegel, Christopher

N1 - Funding Information: Acknowledgements. We would like to thank our reviewers for their valuable comments and input to improve our paper. This material is based on research sponsored by the Office of Naval Research under grant number N00014-17-1-2897, the NSF under Award number CNS-1704253, and the DARPA under agreement number FA8750-15-2-0084 and FA8750-19-C-0003. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, or the U.S. Government. Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019

Y1 - 2019

N2 - The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove upÂ to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

AB - The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove upÂ to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

UR - http://www.scopus.com/inward/record.url?scp=85067833497&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067833497&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22038-9_23

DO - 10.1007/978-3-030-22038-9_23

M3 - Conference contribution

AN - SCOPUS:85067833497

SN - 9783030220372

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 482

EP - 501

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings

A2 - Perdisci, Roberto

A2 - Maurice, Clémentine

A2 - Giacinto, Giorgio

A2 - Almgren, Magnus

PB - Springer Verlag

Y2 - 19 June 2019 through 20 June 2019

ER -

BinTrimmer: Towards static binary debloating through abstract interpretation

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this