Abstract
In the embedded domain, industrial sectors (i.e., automotive industry, avionics) are undergoing radical changes. They broadly adopt commodity hardware and move away from special-purpose control units. During this transition, heterogeneous software components are consolidated to run on commodity operating systems.
To efficiently consolidate such components, a modular encapsulation of common functionality into reusable binary files (i.e., shared libraries) is essential. However, shared libraries are often unnecessarily large as they entail a lot of generic functionality that is not required in a narrowly defined scenario. As the source code of proprietary components is often unavailable and the industry is heading towards binary-only distribution, we propose an approach towards lightweight binary tailoring.
As demonstrated in the evaluation, lightweight binary tailoring effectively reduces the amount of code in all shared libraries on a Linux-based system by 63 percent and shrinks their files by 17 percent. The reduction in size is beneficial to cut down costs (e.g., lower storage and memory footprint) and eases code analyses that are necessary for code audits.
- Carliss Y. Baldwin and Kim B. Clark. 2000. Design Rules: The Power of Modularity. MIT Press.Google Scholar
Digital Library
- Kent Beck. 2003. Test-driven Development: By Example. Addison-Wesley Professional.Google Scholar
Digital Library
- Andrew R. Bernat and Barton P. Miller. 2011. Anywhere, any-time binary instrumentation. In Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools (PASTE’11). ACM, New York, NY, USA, 9--16. DOI:https://doi.org/10.1145/2024569.2024572Google Scholar
- Bryan M. Cantrill, Michael W. Shapiro, and Adam H. Leventhal. 2004. Dynamic instrumentation of production systems. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (ATEC’04). USENIX Association, Berkeley, CA, USA, 2--2. http://dl.acm.org/citation.cfm?id=1247415.1247417Google Scholar
Digital Library
- Samarjit Chakraborty, Martin Lukasiewycz, Christian Buckl, Suhaib Fahmy, Naehyuck Chang, Sangyoung Park, Younghyun Kim, Patrick Leteinturier, and Hans Adlkofer. 2012. Embedded systems and software challenges in electric vehicles. In Proceedings of the 2012 Conference on Design, Automation and Test in Europe (DATE’12). 424--429.Google Scholar
Cross Ref
- Buddhika Chamith, Bo Joel Svensson, Luke Dalessandro, and Ryan R. Newton. 2016. Living on the edge: Rapid-toggling probes with cross-modification on x86. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’16). ACM, New York, NY, USA, 16--26. DOI:https://doi.org/10.1145/2908080.2908084Google Scholar
- Buddhika Chamith, Bo Joel Svensson, Luke Dalessandro, and Ryan R. Newton. 2017. Instruction punning: Lightweight instrumentation for x86-64. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017). ACM, New York, NY, USA, 320--332. DOI:https://doi.org/10.1145/3062341.3062344Google Scholar
Digital Library
- Yurong Chen, Shaowen Sun, Tian Lan, and Guru Venkataramani. 2018. TOSS: Tailoring online server systems through binary feature customization. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’18). ACM, New York, NY, USA, 1--7. DOI:https://doi.org/10.1145/3273045.3273048Google Scholar
Digital Library
- Intel Corporation. 2011. Simple MKL Matrix Multiply C example. Retrieved July 30, 2019 from http://software.intel.com/sites/default/files/article/171460/mkl-lab-solution.cGoogle Scholar
- Intel Corporation. 2019. Intel Math Kernel Library (Intel MKL). Retrieved July 30, 2019 from https://software.intel.com/en-us/mklGoogle Scholar
- Nicolai Davidsson, Andre Pawlowski, and Thorsten Holz. 2019. Towards automated application-specific software stacks. arXiv e-prints, Article arXiv:1907.01933 (Jul 2019). https://arxiv.org/abs/1907.01933Google Scholar
- Arnaldo Carvalho de Melo. 2009. Performance counters on linux. In Linux Plumbers Conference 2009.Google Scholar
- The OpenWRT developers. 2004. OpenWRT, a highly extensible GNU/Linux distribution for embedded devices. Retrieved July 30, 2019 from https://openwrt.org/.Google Scholar
- Pavel Dovgalyuk, Natalia Fursova, Ivan Vasiliev, and Vladimir Makarov. 2018. Introspection of the linux-based embedded firmwares: Work-in-progress. In Proceedings of the International Conference on Embedded Software (EMSOFT’18). IEEE Press, Piscataway, NJ, USA, Article 3, 2 pages. http://dl.acm.org/citation.cfm?id=3283535.3283538.Google Scholar
Digital Library
- Chris Evans. 2000. vsftpd: Very Secure FTP Daemon. Retrieved July 30, 2019 from http://vsftpd.beasts.org.Google Scholar
- Rich Felker. 2019. The musl C standard library. Retrieved July 30, 2019 from https://www.musl-libc.org/.Google Scholar
- Arie Nicolaas Habermann, Lawrence Flon, and Lee W. Cooprider. 1976. Modularization and hierarchy in a family of operating systems. Commun. ACM 19, 5 (1976), 266--272.Google Scholar
Digital Library
- Bernd Hardung, Thorsten Kölzow, and Andreas Krüger. 2004. Reuse of software in distributed embedded automotive systems. In Proceedings of the 4th ACM Conference on Embedded Software (EMSOFT’04). ACM Press, New York, NY, USA, 203--210.Google Scholar
Digital Library
- Kihong Heo, Woosuk Lee, Pardis Pashakhanloo, and Mayur Naik. 2018. Effective program debloating via reinforcement learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, USA, 380--394. DOI:https://doi.org/10.1145/3243734.3243838Google Scholar
Digital Library
- Sun Microsystems Inc. 2008. Dynamic Tracing Guide. Retrieved July 30, 2019 from http://dtrace.org/guide/.Google Scholar
- Jim Keniston, Ananth Mavinakayanahalli, Prasanna Panchamukhi, and Vara Prasad. 2007. Ptrace, utrace, uprobes: Lightweight, dynamic tracing of user apps. In Proceedings of the Linux Symposium 2007. 215--224.Google Scholar
- Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida. 2018. BinRec: Attack surface reduction through dynamic binary recovery. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’18). ACM, New York, NY, USA, 8--13. DOI:https://doi.org/10.1145/3273045.3273050Google Scholar
Digital Library
- Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, and Rüdiger Kapitza. 2013. Attack surface metrics and automated compile-time OS kernel tailoring. In Proceedings of the 20th Network and Distributed Systems Security Symposium (NDSS’13). The Internet Society, The Internet Society. https://www.ibr.cs.tu-bs.de/users/kurmus/papers/kurmus-ndss13.pdf.Google Scholar
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’05). ACM, New York, NY, USA, 190--200. DOI:https://doi.org/10.1145/1065010.1065034Google Scholar
Digital Library
- Gregory Malecha, Ashish Gehani, and Natarajan Shankar. 2015. Automated software winnowing. In Proceedings of the 30th Annual ACM Symposium on Applied Computing (SAC’15). ACM, New York, NY, USA, 1504--1511. DOI:https://doi.org/10.1145/2695664.2695751Google Scholar
Digital Library
- Shachee Mishra and Michalis Polychronakis. 2018. Shredder: Breaking exploits through API specialization. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18). ACM, New York, NY, USA, 1--16. DOI:https://doi.org/10.1145/3274694.3274703Google Scholar
Digital Library
- Collin Mulliner and Matthias Neugschwandtner. 2015. Breaking Payloads with Runtime Code Stripping and Image Freezing. (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing.pdf. Black Hat USA, Las Vegas, NV.Google Scholar
- Girish Mururu, Chris Porter, Prithayan Barua, and Santosh Pande. 2019. Binary debloating for security via demand driven loading. arXiv e-prints, Article arXiv:1902.06570 (Feb 2019). https://arxiv.org/abs/1902.06570Google Scholar
- Nicolas Navet, Aurélien Monot, Bernard Bavoux, and Françoise Simonot-Lion. 2010. Multi-source and multicore automotive ECUs - OS protection mechanisms and scheduling. In Proceedings of the 2010 IEEE International Symposium on Industrial Electronics (ISIE’10). 3734--3741. https://doi.org/10.1109/ISIE.2010.5637677Google Scholar
Cross Ref
- Anh Quynh Nguyen. 2019. Capstone: The Ultimate Disassembler. Retrieved July 30, 2019 from https://www.capstone-engine.org/.Google Scholar
- The AUTOSAR partnership. 2019. Automotive Open System Architecture (AUTOSAR). Retrieved July 30, 2019 from https://www.autosar.org/standards/adaptive-platform/.Google Scholar
- Vara Prasad, William Cohen, F. C. Eigler, Martin Hunt, Jim Keniston, and J. Chen. 2005. Locating system problems using dynamic instrumentation. In Proceedings of the Linux Symposium 2005. Citeseer, 49--64.Google Scholar
- Alexander Pretschner, Manfred Broy, Ingolf H. Kruger, and Thomas Stauner. 2007. Software engineering for automotive systems: A roadmap. In Future of Software Engineering (FOSE’07) (ICSE’07). 55--71. DOI:https://doi.org/10.1109/FOSE.2007.22Google Scholar
- Corina S. Pǎsǎreanu, Peter C. Mehlitz, David H. Bushnell, Karen Gundy-Burlet, Michael Lowry, Suzette Person, and Mark Pape. 2008. Combining unit-level symbolic execution and system-level concrete execution for testing nasa software. In Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA’08). ACM, New York, NY, USA, 15--26. https://doi.org/10.1145/1390630.1390635Google Scholar
Digital Library
- Anh Quach, Rukayat Erinfolami, David Demicco, and Aravind Prakash. 2017. A multi-OS cross-layer study of bloating in user programs, kernel and managed execution environments. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’17). ACM, New York, NY, USA, 65--70. https://doi.org/10.1145/3141235.3141242Google Scholar
Digital Library
- Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating Software through piece-wise compilation and loading. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, Berkeley, CA, USA, 869--886. https://www.usenix.org/conference/usenixsecurity18/presentation/quach.Google Scholar
- Anh Quach, Aravind Prakash, and Lok Yan. 2018. Piecewise debloating toolchain. Retrieved July 30, 2019 from https://github.com/bingseclab/piecewise.Google Scholar
- Hashim Sharif, Muhammad Abubakar, Ashish Gehani, and Fareed Zaffar. 2018. TRIMMER: Application specialization for code debloating. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE 2018). ACM, New York, NY, USA, 329--339. https://doi.org/10.1145/3238147.3238160.Google Scholar
Digital Library
- Andrey Shedel, Gopikrishna Kannan, and Hari Pulapaka. 2019. DTrace on Windows. Retrieved July 30, 2019 from https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/DTrace-on-Windows/ba-p/362902.Google Scholar
- Peter Szor. 2007. Return-to-LIBC attack blocking system and method. US Patent 7,287,283.Google Scholar
- Zhi Zhang, Yueqiang Cheng, Surya Nepal, Dongxi Liu, Qingni Shen, and Fethi Rabhi. 2018. KASR: A reliable and practical approach to attack surface reduction of commodity OS kernels. In Research in Attacks, Intrusions, and Defenses (RAID 2018). Springer International Publishing, Cham, 691--710.Google Scholar
Index Terms
Honey, I Shrunk the ELFs: Lightweight Binary Tailoring of Shared Libraries
Recommendations
KVM/ARM: the design and implementation of the linux ARM hypervisor
ASPLOS '14As ARM CPUs become increasingly common in mobile devices and servers, there is a growing demand for providing the benefits of virtualization for ARM-based devices. We present our experiences building the Linux ARM hypervisor, KVM/ARM, the first full ...
KVM/ARM: the design and implementation of the linux ARM hypervisor
ASPLOS '14: Proceedings of the 19th international conference on Architectural support for programming languages and operating systemsAs ARM CPUs become increasingly common in mobile devices and servers, there is a growing demand for providing the benefits of virtualization for ARM-based devices. We present our experiences building the Linux ARM hypervisor, KVM/ARM, the first full ...
KVM/ARM: the design and implementation of the linux ARM hypervisor
ASPLOS '14As ARM CPUs become increasingly common in mobile devices and servers, there is a growing demand for providing the benefits of virtualization for ARM-based devices. We present our experiences building the Linux ARM hypervisor, KVM/ARM, the first full ...






Comments