{"646310":{"#nid":"646310","#data":{"type":"event","title":"PhD Defense by Chenxiong Qian","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle:\u0026nbsp;\u003C\/strong\u003EReducing Software\u0026#39;s Attack Surface with Code Debloating\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\n\u003Cstrong\u003EChenxiong\u003C\/strong\u003E\u003Cstrong\u003E\u0026nbsp;Qian\u003C\/strong\u003E\u003Cbr \/\u003E\r\nPh.D. Student in Computer Science\u003Cbr \/\u003E\r\nSchool of Computer Science\u003Cbr \/\u003E\r\nCollege of Computing\u003Cbr \/\u003E\r\nGeorgia Institute of Technology\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\n\u003Cstrong\u003EDate\u003C\/strong\u003E: April 22, 2021\u003Cbr \/\u003E\r\n\u003Cstrong\u003ETime\u003C\/strong\u003E: 12:00 PM to 2:00 PM (EST)\u003Cbr \/\u003E\r\n\u003Cstrong\u003ELocation\u0026nbsp;\u003C\/strong\u003E(remote via Bluejeans):\u0026nbsp;\u003Ca href=\u0022https:\/\/bluejeans.com\/116525426\u0022 id=\u0022LPlnk856391\u0022\u003Ehttps:\/\/bluejeans.com\/116525426\u003C\/a\u003E\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003ECommittee\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology)\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr.\u0026nbsp;William R. Harris (Co-Advisor,\u0026nbsp;Galois, Inc)\u003Cbr \/\u003E\r\nDr. Taesoo Kim (School of Computer Science, Georgia Institute of Technology)\u003Cbr \/\u003E\r\nDr. Alessandro Orso (School of Computer Science, Georgia Institute of Technology)\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Brendan Saltaformaggio (\u0026nbsp;School of Electrical and Computer Engineering, Georgia Institute of Technology)\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003EAbstract\u003C\/strong\u003E\u003Cbr \/\u003E\r\nCurrent practice for developing and deploying software encourages the deployment of software to provide a large spectrum of features. Software with rich features usually exposes larger attack surface and makes it easier for an attacker to launch attacks. After observing that a large portion of software\u0026rsquo;s features are rarely required by users, an emerging solution, code debloating, has been proposed to reduce software\u0026rsquo;s attack surface by removing unneeded features\u0026rsquo; code. However, there exist several challenges for building such systems: (1) non-developer users cannot describe clearly what features are unneeded; (2) there is no clear boundaries among the code of different features; (3) large and complex software takes inputs that keep changing, which results in non-deterministic executions.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIn this dissertation, I present three projects that address the above challenges incrementally. First,\u0026nbsp;I will introduce a binary rewriting framework (Razor) that first runs software on given running examples and collects the executed code as references. Then, it uses heuristics to syntactically infer non-executed code that is related to the functionality indicated by the running examples, and directly rewrites the binary to generate a debloated version of the software. Second, I will present a framework (Slimium) that customizes the dominant web browser, Chromium, for visiting specific websites. Slimium removes unrequired features in Chromium based on a feature-code mapping created from manual analysis and static program analysis; and identifies non-deterministic code through dynamic profiling. The results show that Slimium generates slim versions of Chromium with 60% of the potential vulnerabilities removed, for visiting popular websites. In the end, I will present a static analysis framework that automatically partitions a large-scale and complex software\u0026#39;s source code into different groups implementing different features. The framework provides static analysis for effectively summarizing each function\u0026#39;s code, type analysis, data dependency analysis, etc., and it uses graph algorithms to group the code and data objects relying on the static analysis results. The evaluation shows that the framework is able to build the feature-code mapping for Chromium automatically and the mapping is more accurate and complete than the one created manually in Slimium, which improves the code reduction performance.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E----------------------------------\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003EAdditional Meeting Details\u003C\/strong\u003E\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003ELink:\u0026nbsp;\u003C\/strong\u003E\u003Cstrong\u003E\u003Ca href=\u0022https:\/\/bluejeans.com\/116525426\u0022 id=\u0022LPlnk685456\u0022\u003Ehttps:\/\/bluejeans.com\/116525426\u003C\/a\u003E\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDial one of the following numbers:\u003C\/p\u003E\r\n\r\n\u003Cp\u003E+1.408.419.1715\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E(United States(San Jose))\u003C\/p\u003E\r\n\r\n\u003Cp\u003E+1.408.915.6290\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E(United States(San Jose))\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\n\u003Cbr \/\u003E\r\n\u003Cstrong\u003EMeeting ID\u003C\/strong\u003E:\u0026nbsp;116 525 426\u003Cbr \/\u003E\r\n\u003Cstrong\u003EModerator Passcode (if required)\u003C\/strong\u003E:\u0026nbsp;2461\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Reducing Software\u0027s Attack Surface with Code Debloating"}],"uid":"27707","created_gmt":"2021-04-09 17:08:47","changed_gmt":"2021-04-09 17:08:47","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2021-04-22T13:00:00-04:00","event_time_end":"2021-04-22T15:00:00-04:00","event_time_end_last":"2021-04-22T15:00:00-04:00","gmt_time_start":"2021-04-22 17:00:00","gmt_time_end":"2021-04-22 19:00:00","gmt_time_end_last":"2021-04-22 19:00:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78761","name":"Faculty\/Staff"},{"id":"78771","name":"Public"},{"id":"174045","name":"Graduate students"},{"id":"78751","name":"Undergraduate students"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}