{"641792":{"#nid":"641792","#data":{"type":"event","title":"PhD Proposal by Chenxiong Qian","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle:\u0026nbsp;\u003C\/strong\u003EReducing Software\u0026#39;s Attack Surface with Code Debloating\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\n\u003Cstrong\u003EChenxiong Qian\u003C\/strong\u003E\u003Cbr \/\u003E\r\nPh.D. Student in Computer Science\u003Cbr \/\u003E\r\nSchool of Computer Science\u003Cbr \/\u003E\r\nCollege of Computing\u003Cbr \/\u003E\r\nGeorgia Institute of Technology\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\n\u003Cstrong\u003EDate\u003C\/strong\u003E: December 3, 2020\u003Cbr \/\u003E\r\n\u003Cstrong\u003ETime\u003C\/strong\u003E: 10:00 AM to 12:00 PM (EST)\u003Cbr \/\u003E\r\n\u003Cstrong\u003ELocation\u0026nbsp;\u003C\/strong\u003E(remote via Bluejeans):\u0026nbsp;\u003Ca href=\u0022https:\/\/bluejeans.com\/482787466\u0022 id=\u0022LPlnk685556\u0022\u003Ehttps:\/\/bluejeans.com\/482787466\u003C\/a\u003E\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003ECommittee\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology)\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr.\u0026nbsp;William R. Harris (Co-Advisor,\u0026nbsp;Galois, Inc)\u003Cbr \/\u003E\r\nDr. Taesoo Kim (School of Computer Science, Georgia Institute of Technology)\u003Cbr \/\u003E\r\nDr. Alessandro Orso (School of Computer Science, Georgia Institute of Technology)\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Brendan Saltaformaggio (\u0026nbsp;School of Electrical and Computer Engineering, Georgia Institute of Technology)\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003EAbstract\u003C\/strong\u003E\u003Cbr \/\u003E\r\nCurrent practice for developing and deploying software encourages the deployment of software to provide a large spectrum of features. Software with rich features usually exposes larger attack surface and makes it easier for an attacker to launch attacks. After observing that a large portion of software\u0026rsquo;s features are rarely required by users, an emerging solution, code debloating, has been proposed to reduce software\u0026rsquo;s attack surface by removing unneeded features\u0026rsquo; code. However, there exist several challenges for building such systems: (1) non-developer users cannot describe clearly what features are unneeded; (2) there is no clear boundaries among the code of different features; (3) large and complex software takes inputs that keep changing, which results in non-deterministic executions. To address the challenges, I will first introduce a binary rewriting framework (Razor) that first runs software on given running examples and collects the executed code as references. Then, it uses heuristics to syntactically infer non-executed code that is related to the functionality indicated by the running examples, and directly rewrites the binary to generate a debloated version of the software. After that, I will present a framework (Slimium) that customizes the dominant web browser, Chromium, for visiting specific websites. Slimium removes unrequired features in Chromium based on a feature-code mapping created from manual analysis and static program analysis; and identifies non-deterministic code through dynamic profiling. The results show that Slimium generates slim versions of Chromium with 60% of the potential vulnerabilities removed, for visiting popular websites. In the end, I will briefly discuss my ongoing research that uses program reasoning and differential software testing to automatically partition software\u0026rsquo;s code for different features.\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n----------------------------------\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003EAdditional Meeting Details\u003C\/strong\u003E\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003ELink:\u0026nbsp;\u003Ca href=\u0022https:\/\/bluejeans.com\/482787466\u0022 id=\u0022LPlnk446031\u0022\u003Ehttps:\/\/bluejeans.com\/482787466\u003C\/a\u003E\u003C\/strong\u003E\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Reducing Software\u0027s Attack Surface with Code Debloating"}],"uid":"27707","created_gmt":"2020-12-02 19:46:54","changed_gmt":"2020-12-02 19:46:54","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2020-12-03T10:00:00-05:00","event_time_end":"2020-12-03T12:00:00-05:00","event_time_end_last":"2020-12-03T12:00:00-05:00","gmt_time_start":"2020-12-03 15:00:00","gmt_time_end":"2020-12-03 17:00:00","gmt_time_end_last":"2020-12-03 17:00:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"102851","name":"Phd proposal"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78761","name":"Faculty\/Staff"},{"id":"78771","name":"Public"},{"id":"174045","name":"Graduate students"},{"id":"78751","name":"Undergraduate students"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}