research-article

Honey, I Shrunk the ELFs: Lightweight Binary Tailoring of Shared Libraries

Authors:

Andreas Ziegler,

Bernhard Heinloth,

Daniel LohmannAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 18, Issue 5s

Article No.: 102, Pages 1 - 23

https://doi.org/10.1145/3358222

Published: 08 October 2019 Publication History

Abstract

In the embedded domain, industrial sectors (i.e., automotive industry, avionics) are undergoing radical changes. They broadly adopt commodity hardware and move away from special-purpose control units. During this transition, heterogeneous software components are consolidated to run on commodity operating systems.

To efficiently consolidate such components, a modular encapsulation of common functionality into reusable binary files (i.e., shared libraries) is essential. However, shared libraries are often unnecessarily large as they entail a lot of generic functionality that is not required in a narrowly defined scenario. As the source code of proprietary components is often unavailable and the industry is heading towards binary-only distribution, we propose an approach towards lightweight binary tailoring.

As demonstrated in the evaluation, lightweight binary tailoring effectively reduces the amount of code in all shared libraries on a Linux-based system by 63 percent and shrinks their files by 17 percent. The reduction in size is beneficial to cut down costs (e.g., lower storage and memory footprint) and eases code analyses that are necessary for code audits.

References

[1]

Carliss Y. Baldwin and Kim B. Clark. 2000. Design Rules: The Power of Modularity. MIT Press.

Digital Library

[2]

Kent Beck. 2003. Test-driven Development: By Example. Addison-Wesley Professional.

Digital Library

[3]

Andrew R. Bernat and Barton P. Miller. 2011. Anywhere, any-time binary instrumentation. In Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools (PASTE’11). ACM, New York, NY, USA, 9--16.

[4]

Bryan M. Cantrill, Michael W. Shapiro, and Adam H. Leventhal. 2004. Dynamic instrumentation of production systems. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (ATEC’04). USENIX Association, Berkeley, CA, USA, 2--2. http://dl.acm.org/citation.cfm?id=1247415.1247417

Digital Library

[5]

Samarjit Chakraborty, Martin Lukasiewycz, Christian Buckl, Suhaib Fahmy, Naehyuck Chang, Sangyoung Park, Younghyun Kim, Patrick Leteinturier, and Hans Adlkofer. 2012. Embedded systems and software challenges in electric vehicles. In Proceedings of the 2012 Conference on Design, Automation and Test in Europe (DATE’12). 424--429.

[6]

Buddhika Chamith, Bo Joel Svensson, Luke Dalessandro, and Ryan R. Newton. 2016. Living on the edge: Rapid-toggling probes with cross-modification on x86. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’16). ACM, New York, NY, USA, 16--26.

[7]

Buddhika Chamith, Bo Joel Svensson, Luke Dalessandro, and Ryan R. Newton. 2017. Instruction punning: Lightweight instrumentation for x86-64. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017). ACM, New York, NY, USA, 320--332.

Digital Library

[8]

Yurong Chen, Shaowen Sun, Tian Lan, and Guru Venkataramani. 2018. TOSS: Tailoring online server systems through binary feature customization. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’18). ACM, New York, NY, USA, 1--7.

Digital Library

[9]

Intel Corporation. 2011. Simple MKL Matrix Multiply C example. Retrieved July 30, 2019 from http://software.intel.com/sites/default/files/article/171460/mkl-lab-solution.c

[10]

Intel Corporation. 2019. Intel Math Kernel Library (Intel MKL). Retrieved July 30, 2019 from https://software.intel.com/en-us/mkl

[11]

Nicolai Davidsson, Andre Pawlowski, and Thorsten Holz. 2019. Towards automated application-specific software stacks. arXiv e-prints, Article arXiv:1907.01933 (Jul 2019). https://arxiv.org/abs/1907.01933

[12]

Arnaldo Carvalho de Melo. 2009. Performance counters on linux. In Linux Plumbers Conference 2009.

[13]

The OpenWRT developers. 2004. OpenWRT, a highly extensible GNU/Linux distribution for embedded devices. Retrieved July 30, 2019 from https://openwrt.org/.

[14]

Pavel Dovgalyuk, Natalia Fursova, Ivan Vasiliev, and Vladimir Makarov. 2018. Introspection of the linux-based embedded firmwares: Work-in-progress. In Proceedings of the International Conference on Embedded Software (EMSOFT’18). IEEE Press, Piscataway, NJ, USA, Article 3, 2 pages. http://dl.acm.org/citation.cfm?id=3283535.3283538.

Digital Library

[15]

Chris Evans. 2000. vsftpd: Very Secure FTP Daemon. Retrieved July 30, 2019 from http://vsftpd.beasts.org.

[16]

Rich Felker. 2019. The musl C standard library. Retrieved July 30, 2019 from https://www.musl-libc.org/.

[17]

Arie Nicolaas Habermann, Lawrence Flon, and Lee W. Cooprider. 1976. Modularization and hierarchy in a family of operating systems. Commun. ACM 19, 5 (1976), 266--272.

Digital Library

[18]

Bernd Hardung, Thorsten Kölzow, and Andreas Krüger. 2004. Reuse of software in distributed embedded automotive systems. In Proceedings of the 4th ACM Conference on Embedded Software (EMSOFT’04). ACM Press, New York, NY, USA, 203--210.

Digital Library

[19]

Kihong Heo, Woosuk Lee, Pardis Pashakhanloo, and Mayur Naik. 2018. Effective program debloating via reinforcement learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, USA, 380--394.

Digital Library

[20]

Sun Microsystems Inc. 2008. Dynamic Tracing Guide. Retrieved July 30, 2019 from http://dtrace.org/guide/.

[21]

Jim Keniston, Ananth Mavinakayanahalli, Prasanna Panchamukhi, and Vara Prasad. 2007. Ptrace, utrace, uprobes: Lightweight, dynamic tracing of user apps. In Proceedings of the Linux Symposium 2007. 215--224.

[22]

Taddeus Kroes, Anil Altinay, Joseph Nash, Yeoul Na, Stijn Volckaert, Herbert Bos, Michael Franz, and Cristiano Giuffrida. 2018. BinRec: Attack surface reduction through dynamic binary recovery. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’18). ACM, New York, NY, USA, 8--13.

Digital Library

[23]

Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, and Rüdiger Kapitza. 2013. Attack surface metrics and automated compile-time OS kernel tailoring. In Proceedings of the 20th Network and Distributed Systems Security Symposium (NDSS’13). The Internet Society, The Internet Society. https://www.ibr.cs.tu-bs.de/users/kurmus/papers/kurmus-ndss13.pdf.

[24]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’05). ACM, New York, NY, USA, 190--200.

Digital Library

[25]

Gregory Malecha, Ashish Gehani, and Natarajan Shankar. 2015. Automated software winnowing. In Proceedings of the 30th Annual ACM Symposium on Applied Computing (SAC’15). ACM, New York, NY, USA, 1504--1511.

Digital Library

[26]

Shachee Mishra and Michalis Polychronakis. 2018. Shredder: Breaking exploits through API specialization. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18). ACM, New York, NY, USA, 1--16.

Digital Library

[27]

Collin Mulliner and Matthias Neugschwandtner. 2015. Breaking Payloads with Runtime Code Stripping and Image Freezing. (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing.pdf. Black Hat USA, Las Vegas, NV.

[28]

Girish Mururu, Chris Porter, Prithayan Barua, and Santosh Pande. 2019. Binary debloating for security via demand driven loading. arXiv e-prints, Article arXiv:1902.06570 (Feb 2019). https://arxiv.org/abs/1902.06570

[29]

Nicolas Navet, Aurélien Monot, Bernard Bavoux, and Françoise Simonot-Lion. 2010. Multi-source and multicore automotive ECUs - OS protection mechanisms and scheduling. In Proceedings of the 2010 IEEE International Symposium on Industrial Electronics (ISIE’10). 3734--3741. https://doi.org/10.1109/ISIE.2010.5637677

[30]

Anh Quynh Nguyen. 2019. Capstone: The Ultimate Disassembler. Retrieved July 30, 2019 from https://www.capstone-engine.org/.

[31]

The AUTOSAR partnership. 2019. Automotive Open System Architecture (AUTOSAR). Retrieved July 30, 2019 from https://www.autosar.org/standards/adaptive-platform/.

[32]

Vara Prasad, William Cohen, F. C. Eigler, Martin Hunt, Jim Keniston, and J. Chen. 2005. Locating system problems using dynamic instrumentation. In Proceedings of the Linux Symposium 2005. Citeseer, 49--64.

[33]

Alexander Pretschner, Manfred Broy, Ingolf H. Kruger, and Thomas Stauner. 2007. Software engineering for automotive systems: A roadmap. In Future of Software Engineering (FOSE’07) (ICSE’07). 55--71.

[34]

Corina S. Pǎsǎreanu, Peter C. Mehlitz, David H. Bushnell, Karen Gundy-Burlet, Michael Lowry, Suzette Person, and Mark Pape. 2008. Combining unit-level symbolic execution and system-level concrete execution for testing nasa software. In Proceedings of the 2008 International Symposium on Software Testing and Analysis (ISSTA’08). ACM, New York, NY, USA, 15--26. https://doi.org/10.1145/1390630.1390635

Digital Library

[35]

Anh Quach, Rukayat Erinfolami, David Demicco, and Aravind Prakash. 2017. A multi-OS cross-layer study of bloating in user programs, kernel and managed execution environments. In Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation (FEAST’17). ACM, New York, NY, USA, 65--70. https://doi.org/10.1145/3141235.3141242

Digital Library

[36]

Anh Quach, Aravind Prakash, and Lok Yan. 2018. Debloating Software through piece-wise compilation and loading. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, Berkeley, CA, USA, 869--886. https://www.usenix.org/conference/usenixsecurity18/presentation/quach.

[37]

Anh Quach, Aravind Prakash, and Lok Yan. 2018. Piecewise debloating toolchain. Retrieved July 30, 2019 from https://github.com/bingseclab/piecewise.

[38]

Hashim Sharif, Muhammad Abubakar, Ashish Gehani, and Fareed Zaffar. 2018. TRIMMER: Application specialization for code debloating. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE 2018). ACM, New York, NY, USA, 329--339. https://doi.org/10.1145/3238147.3238160.

Digital Library

[39]

Andrey Shedel, Gopikrishna Kannan, and Hari Pulapaka. 2019. DTrace on Windows. Retrieved July 30, 2019 from https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/DTrace-on-Windows/ba-p/362902.

[40]

Peter Szor. 2007. Return-to-LIBC attack blocking system and method. US Patent 7,287,283.

[41]

Zhi Zhang, Yueqiang Cheng, Surya Nepal, Dongxi Liu, Qingni Shen, and Fethi Rabhi. 2018. KASR: A reliable and practical approach to attack surface reduction of commodity OS kernels. In Research in Attacks, Intrusions, and Defenses (RAID 2018). Springer International Publishing, Cham, 691--710.

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Wang XHui TZhao LCheng YChandra SBlincoe KTonella P(2023)Input-Driven Dynamic Program Debloating for Code-Reuse Attack MitigationProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616274(934-946)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616274
Rommel FDietrich CZiegler AOstapyshyn ILohmann DEgger BLee D(2023)Thread-Level Attack-Surface ReductionProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3589610.3596281(64-75)Online publication date: 13-Jun-2023
https://dl.acm.org/doi/10.1145/3589610.3596281
Show More Cited By

Index Terms

Honey, I Shrunk the ELFs: Lightweight Binary Tailoring of Shared Libraries
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
      1. Embedded software
2. Software and its engineering
  1. Software notations and tools
    1. Software libraries and repositories
    2. Software maintenance tools

Recommendations

KVM/ARM: the design and implementation of the linux ARM hypervisor
ASPLOS '14

As ARM CPUs become increasingly common in mobile devices and servers, there is a growing demand for providing the benefits of virtualization for ARM-based devices. We present our experiences building the Linux ARM hypervisor, KVM/ARM, the first full ...
A detailed performance analysis of UDP/IP, TCP/IP, and M-VIA network protocols using Linux/SimOS

This paper presents a performance study of UDP/IP, TCP/IP, and M-VIA using Linux/SimOS. Linux/SimOS is a Linux operating system port to a complete machine simulator SimOS. A complete machine simulator includes all the system components, such as CPU, ...
A tool for converting Linux device drivers into Solaris compatible binaries
Research Articles

The Linux operating system is quickly becoming a standard, attracting a wide user community and supporting a broad variety of applications and devices. Other vendors, such as Sun, have provided Linux-compatible system call interfaces to their kernels, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 18, Issue 5s

Special Issue ESWEEK 2019, CASES 2019, CODES+ISSS 2019 and EMSOFT 2019

October 2019

1423 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/3365919

Editor:
Sandeep K. Shukla
Indian Institute of Technology, India

Issue’s Table of Contents

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 08 October 2019

Accepted: 01 July 2019

Revised: 01 June 2019

Received: 01 April 2019

Published in TECS Volume 18, Issue 5s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Deutsche Forschungsgemeinschaft

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
360
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Wang XHui TZhao LCheng YChandra SBlincoe KTonella P(2023)Input-Driven Dynamic Program Debloating for Code-Reuse Attack MitigationProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616274(934-946)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616274
Rommel FDietrich CZiegler AOstapyshyn ILohmann DEgger BLee D(2023)Thread-Level Attack-Surface ReductionProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3589610.3596281(64-75)Online publication date: 13-Jun-2023
https://dl.acm.org/doi/10.1145/3589610.3596281
Ahmad ANoor ASharif HHameed UAsif SAnwar MGehani AZaffar FSiddiqui J(2022)Trimmer: An Automated System for Configuration-Based Software DebloatingIEEE Transactions on Software Engineering10.1109/TSE.2021.309571648:9(3485-3505)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TSE.2021.3095716
Bartell SDietz WAdve V(2020)Guided linking: dynamic linking without the costsProceedings of the ACM on Programming Languages10.1145/34282134:OOPSLA(1-29)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3428213

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents