BinTrimmer: Towards static binary debloating through abstract interpretation

Nilo Redini, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

Original languageEnglish (US)
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings
EditorsClémentine Maurice, Giorgio Giacinto, Roberto Perdisci, Magnus Almgren, Roberto Perdisci
PublisherSpringer Verlag
Pages482-501
Number of pages20
ISBN (Print)9783030220372
DOIs
StatePublished - Jan 1 2019
Event16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019 - Gothenburg, Sweden
Duration: Jun 19 2019Jun 20 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11543 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019
CountrySweden
CityGothenburg
Period6/19/196/20/19

Fingerprint

Abstract Interpretation
Binary
Acoustic waves
Engineers
Interval
Software
Evaluation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Redini, N., Wang, R., Machiry, A., Shoshitaishvili, Y., Vigna, G., & Kruegel, C. (2019). BinTrimmer: Towards static binary debloating through abstract interpretation. In C. Maurice, G. Giacinto, R. Perdisci, M. Almgren, & R. Perdisci (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings (pp. 482-501). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-22038-9_23

BinTrimmer : Towards static binary debloating through abstract interpretation. / Redini, Nilo; Wang, Ruoyu; Machiry, Aravind; Shoshitaishvili, Yan; Vigna, Giovanni; Kruegel, Christopher.

Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. ed. / Clémentine Maurice; Giorgio Giacinto; Roberto Perdisci; Magnus Almgren; Roberto Perdisci. Springer Verlag, 2019. p. 482-501 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11543 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Redini, N, Wang, R, Machiry, A, Shoshitaishvili, Y, Vigna, G & Kruegel, C 2019, BinTrimmer: Towards static binary debloating through abstract interpretation. in C Maurice, G Giacinto, R Perdisci, M Almgren & R Perdisci (eds), Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11543 LNCS, Springer Verlag, pp. 482-501, 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019, Gothenburg, Sweden, 6/19/19. https://doi.org/10.1007/978-3-030-22038-9_23
Redini N, Wang R, Machiry A, Shoshitaishvili Y, Vigna G, Kruegel C. BinTrimmer: Towards static binary debloating through abstract interpretation. In Maurice C, Giacinto G, Perdisci R, Almgren M, Perdisci R, editors, Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. Springer Verlag. 2019. p. 482-501. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-22038-9_23
Redini, Nilo ; Wang, Ruoyu ; Machiry, Aravind ; Shoshitaishvili, Yan ; Vigna, Giovanni ; Kruegel, Christopher. / BinTrimmer : Towards static binary debloating through abstract interpretation. Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings. editor / Clémentine Maurice ; Giorgio Giacinto ; Roberto Perdisci ; Magnus Almgren ; Roberto Perdisci. Springer Verlag, 2019. pp. 482-501 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5ca6510bb1734549be094f3bfeb4a1f1,
title = "BinTrimmer: Towards static binary debloating through abstract interpretation",
abstract = "The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up{\^A} to 65.6{\%} of a library’s code and that our domain is, on average, 98{\%} more precise than the related work.",
author = "Nilo Redini and Ruoyu Wang and Aravind Machiry and Yan Shoshitaishvili and Giovanni Vigna and Christopher Kruegel",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-22038-9_23",
language = "English (US)",
isbn = "9783030220372",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "482--501",
editor = "Cl{\'e}mentine Maurice and Giorgio Giacinto and Roberto Perdisci and Magnus Almgren and Roberto Perdisci",
booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings",

}

TY - GEN

T1 - BinTrimmer

T2 - Towards static binary debloating through abstract interpretation

AU - Redini, Nilo

AU - Wang, Ruoyu

AU - Machiry, Aravind

AU - Shoshitaishvili, Yan

AU - Vigna, Giovanni

AU - Kruegel, Christopher

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

AB - The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

UR - http://www.scopus.com/inward/record.url?scp=85067833497&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067833497&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22038-9_23

DO - 10.1007/978-3-030-22038-9_23

M3 - Conference contribution

AN - SCOPUS:85067833497

SN - 9783030220372

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 482

EP - 501

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings

A2 - Maurice, Clémentine

A2 - Giacinto, Giorgio

A2 - Perdisci, Roberto

A2 - Almgren, Magnus

A2 - Perdisci, Roberto

PB - Springer Verlag

ER -