PhD Proposal by Chenxiong Qian

Event Details
  • Date/Time:
    • Thursday December 3, 2020 - Friday December 4, 2020
      10:00 am - 11:59 am
  • Location: Atlanta, GA
  • Phone:
  • URL: Bluejeans
  • Email:
  • Fee(s):
  • Extras:
No contact information submitted.

Summary Sentence: Reducing Software's Attack Surface with Code Debloating

Full Summary: No summary paragraph submitted.

Title: Reducing Software's Attack Surface with Code Debloating

Chenxiong Qian
Ph.D. Student in Computer Science
School of Computer Science
College of Computing
Georgia Institute of Technology

Date: December 3, 2020
Time: 10:00 AM to 12:00 PM (EST)
Location (remote via Bluejeans):


Dr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology)

Dr. William R. Harris (Co-Advisor, Galois, Inc)
Dr. Taesoo Kim (School of Computer Science, Georgia Institute of Technology)
Dr. Alessandro Orso (School of Computer Science, Georgia Institute of Technology)

Dr. Brendan Saltaformaggio ( School of Electrical and Computer Engineering, Georgia Institute of Technology)

Current practice for developing and deploying software encourages the deployment of software to provide a large spectrum of features. Software with rich features usually exposes larger attack surface and makes it easier for an attacker to launch attacks. After observing that a large portion of software’s features are rarely required by users, an emerging solution, code debloating, has been proposed to reduce software’s attack surface by removing unneeded features’ code. However, there exist several challenges for building such systems: (1) non-developer users cannot describe clearly what features are unneeded; (2) there is no clear boundaries among the code of different features; (3) large and complex software takes inputs that keep changing, which results in non-deterministic executions. To address the challenges, I will first introduce a binary rewriting framework (Razor) that first runs software on given running examples and collects the executed code as references. Then, it uses heuristics to syntactically infer non-executed code that is related to the functionality indicated by the running examples, and directly rewrites the binary to generate a debloated version of the software. After that, I will present a framework (Slimium) that customizes the dominant web browser, Chromium, for visiting specific websites. Slimium removes unrequired features in Chromium based on a feature-code mapping created from manual analysis and static program analysis; and identifies non-deterministic code through dynamic profiling. The results show that Slimium generates slim versions of Chromium with 60% of the potential vulnerabilities removed, for visiting popular websites. In the end, I will briefly discuss my ongoing research that uses program reasoning and differential software testing to automatically partition software’s code for different features.


Additional Meeting Details


Additional Information

In Campus Calendar

Graduate Studies

Invited Audience
Faculty/Staff, Public, Graduate students, Undergraduate students
Phd proposal
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Dec 2, 2020 - 2:46pm
  • Last Updated: Dec 2, 2020 - 2:46pm