Software systems are becoming increasingly bloated to accommodate a wide array of features,
platforms and users. This results not only in wastage of memory but also in an increase
in their attack surface. Existing works broadly use binary-rewriting techniques to remove
unused code, but this results in a binary that is highly customized for a given usage context.
If the usage scenario of the binary changes, the binary has to be regenerated. We present
DYNACUT– a framework for Dynamic and Adaptive Code Customization. DYNACUT provides
the user with the capability to customize the application to changing usage scenarios at
runtime without the need for the source code. DYNACUT achieves this customization by
leveraging two techniques: 1) identifying the code to be removed by using execution traces
of the application and 2) by rewriting the process dynamically. The first technique uses
traces of the wanted features and the unwanted features of the application and generates
their diffs to identify the features to be removed. The second technique modifies the process
image to add traps and fault-handling code to remove vulnerable but unused code. DYNACUT
can also disable temporally unused code – code that is used only during the initialization
phase of the application. To demonstrate its effectiveness, we built a prototype of DYNACUT
and evaluated it on 9 real-world applications including NGINX, Lighttpd and 7 applications
of the SPEC Intspeed benchmark suite. DYNACUT removes upto 56% of executed basic blocks
and upto 10% of the application code when used to remove initialization code. The total
overhead is in the range of 1.63 seconds for Lighttpd, 4.83 seconds for NGINX and about 39
seconds for perlbench in the SPEC suite. / Master of Science / Software systems are becoming increasingly bloated to accommodate a wide array of users,
features and platforms. This results in the software not only occupying extra space on com-
puting platforms but also in an increase in the ways that the applications can be exploited
by hackers. Current works broadly use a variety of techniques to identify and remove this
type of vulnerable and unused code. But, these approaches result in a software that has
to be modified with the changing usage scenarios of the application. We present DYNACUT,
a dynamic code customization tool that can customize the application at its runtime with
a minimal overhead. We use the execution traces of the application to customize the ap-
plication according to user specifications. DYNACUT can identify code that is only used in
the initial stages of the application execution (initialization code) and remove them. DYNA-
CUT can also disable features of the application. To demonstrate its effectiveness, we built
a prototype of DYNACUT and evaluated it on 9 real-world applications including NGINX,
Lighttpd and 7 applications of the SPEC Intspeed benchmark suite. DYNACUT removes upto
56% of executed basic blocks and upto 10% of the application code when used to remove
initialization code. The total overhead is in the range of 1.63 seconds for Lighttpd, 4.83
seconds for NGINX and about 39 seconds for perlbench in the SPEC suite.
| Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/118139 |
| Date | 03 September 2021 |
| Creators | Mahurkar, Abhijit |
| Contributors | Electrical and Computer Engineering, Ravindran, Binoy, Wang, Xiaoguang, Wang, Haining |
| Publisher | Virginia Tech |
| Source Sets | Virginia Tech Theses and Dissertation |
| Detected Language | English |
| Type | Thesis |
| Format | ETD, application/pdf, application/pdf |
| Rights | In Copyright, http://rightsstatements.org/vocab/InC/1.0/ |
Page generated in 0.0027 seconds