English
Related papers

Related papers: Is Less Really More? Why Reducing Code Reuse Gadge…

200 papers

Software debloating tools seek to improve program security and performance by removing unnecessary code, called bloat. While many techniques have been proposed, several barriers to their adoption have emerged. Namely, debloating tools are…

Software Engineering · Computer Science 2024-06-14 Michael D. Brown , Adam Meily , Brian Fairservice , Akshay Sood , Jonathan Dorn , Eric Kilmer , Ronald Eytchison

Current low-level exploits often rely on code-reuse, whereby short sections of code (gadgets) are chained together into a coherent exploit that can be executed without the need to inject any code. Several protection mechanisms attempt to…

Software Engineering · Computer Science 2016-05-27 Andreas Follner , Alexandre Bartel , Eric Bodden

Software debloating is an emerging field of study aimed at improving the security and performance of software by removing excess library code and features that are not needed by the end user (called bloat). Software bloat is pervasive, and…

Cryptography and Security · Computer Science 2019-09-10 Michael D. Brown , Santosh Pande

Software reuse may result in software bloat when significant portions of application dependencies are effectively unused. Several tools exist to remove unused (byte)code from an application or its dependencies, thus producing smaller…

Software Engineering · Computer Science 2021-08-12 Serena Elisa Ponta , Wolfram Fischer , Henrik Plate , Antonino Sabetta

Software bloat refers to code and features that is not used by a software during runtime. For Machine Learning (ML) systems, bloat is a major contributor to their technical debt leading to decreased performance and resource wastage. In this…

Software Engineering · Computer Science 2025-05-15 Huaifeng Zhang , Ahmed Ali-Eldin

Program debloating aims to remove unused code to reduce performance overhead, attack surfaces, and maintenance costs. Over time, debloating has evolved across multiple layers (container, library, and application), each building on the…

Software Engineering · Computer Science 2026-04-22 Muhammad Bilal , Moiz Ali , Mohit Kumar , Fareed Zaffar , Fahad Shaon , Ashish Gehani , Sazzadur Rahaman

Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such…

Cryptography and Security · Computer Science 2021-09-30 Michael D. Brown , Matthew Pruett , Robert Bigelow , Girish Mururu , Santosh Pande

Software debloating techniques are applied to craft a specialized version of the program based on the user's requirements and remove irrelevant code accordingly. The debloated programs presumably maintain better performance and reduce the…

Cryptography and Security · Computer Science 2023-09-18 Do-Men Su , Mohannad Alhanahnah

As software grows in complexity to accommodate diverse features and platforms, software bloating has emerged as a significant challenge, adversely affecting performance and security. However, existing approaches inadequately address the…

Software Engineering · Computer Science 2025-03-13 Bo Lin , Shangwen Wang , Yihao Qin , Liqian Chen , Xiaoguang Mao

Software bloat is code that is packaged in an application but is actually not necessary to run the application. The presence of software bloat is an issue for security, for performance, and for maintenance. In this paper, we introduce a…

Software Engineering · Computer Science 2022-05-20 César Soto-Valero , Thomas Durieux , Nicolas Harrand , Benoit Baudry

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence…

Software Engineering · Computer Science 2022-02-15 Larissa Braz , Christian Aeberhard , Gül Çalikli , Alberto Bacchelli

Modern software often struggles with bloat, leading to increased memory consumption and security vulnerabilities from unused code. In response, various program debloating techniques have been developed, typically utilizing test cases that…

Software Engineering · Computer Science 2024-02-02 Myeongsoo Kim , Santosh Pande , Alessandro Orso

Software quality is considered as one of the most important challenges in software engineering. It has many dimensions which differ from users' point of view that depend on their requirements. Therefore, those dimensions lead to difficulty…

Software Engineering · Computer Science 2019-06-21 Anas Shatnawi

Modern code reuse attacks are taking full advantage of bloated software. Attackers piece together short sequences of instructions in otherwise benign code to carry out malicious actions. Eliminating these reusable code snippets, known as…

Cryptography and Security · Computer Science 2021-10-20 Chris Porter , Sharjeel Khan , Santosh Pande

Today's Android developers tend to include numerous features to accommodate diverse user requirements, which inevitably leads to bloated apps. Yet more often than not, only a fraction of these features are frequently utilized by users, thus…

Cryptography and Security · Computer Science 2025-01-10 Zicheng Zhang , Jiakun Liu , Ferdian Thung , Haoyu Ma , Rui Li , Yan Naing Tun , Wei Minn , Lwin Khin Shar , Shahar Maoz , Eran Toch , David Lo , Joshua Wong , Debin Gao

Modern software development reuses code by importing libraries as dependencies. Software projects typically include an average of 36 dependencies, with 80% being transitive, meaning they are dependencies of dependencies. Recent research…

Software Engineering · Computer Science 2025-10-24 Jonas Klauke , Tom Ohlmer , Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Eric Bodden

Vulnerability detection is crucial to protect software security. Nowadays, deep learning (DL) is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within…

Software Engineering · Computer Science 2026-02-13 Yuejun Guo , Qiang Hu , Qiang Tang , Yves Le Traon

Machine learning (ML) plays a pivotal role in detecting malicious software. Despite the high F1-scores reported in numerous studies reaching upwards of 0.99, the issue is not completely solved. Malware detectors often experience performance…

Software debloating can effectively thwart certain code reuse attacks by reducing attack surfaces to break gadget chains. Approaches based on static analysis enable a reduced set of functions reachable at a callsite for execution by…

Cryptography and Security · Computer Science 2024-04-02 Chris Porter , Sharjeel Khan , Kangqi Ni , Santosh Pande

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend…

Cryptography and Security · Computer Science 2025-12-17 Felix Mächtle , Nils Loose , Tim Schulz , Florian Sieck , Jan-Niclas Serr , Ralf Möller , Thomas Eisenbarth
‹ Prev 1 2 3 10 Next ›