Carve

Brown, M. Christopher; Pande, Santosh

doi:10.1145/3338502.3359764

Cited by 17 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Brown et al [20] primarily focused on the impact of software debloating on malware detection. It reveals how reducing the size of malware through debloating techniques can decrease its detectability by antivirus systems.…”

Section: System Call Restrictionmentioning

confidence: 99%

FFRA: A Fine-Grained Function-Level Framework to Reduce the Attack Surface

Zhang,

Liu,

Fan

et al. 2024

CSSE

View full text Add to dashboard Cite

System calls are essential interfaces that enable applications to access and utilize the operating system's services and resources. Attackers frequently exploit application's vulnerabilities and misuse system calls to execute malicious code, aiming to elevate privileges and so on. Consequently, restricting the misuse of system calls becomes a crucial measure in ensuring system security. It is an effective method known as reducing the attack surface. Existing attack surface reduction techniques construct a global whitelist of system calls for the entire lifetime of the application, which is coarse-grained. In this paper, we propose a Fine-grained Function-level framework to Reduce the Attack surface (FFRA). FFRA employs software static analysis to obtain the function call graph of the application. Combining the graph with a mapping of library functions generates each function's legitimate system calls. As far as we know, it is the first approach to construct the whitelist of system calls for each function of the application. We have implemented a prototype of FFRA and evaluated its effectiveness with six popular server applications. The experimental results show that it disables 33% more system calls compared to existing approaches while detecting 15% more shellcode vulnerabilities. Our framework outperforms existing models by defending against a broader range of attacks. Integrated into antivirus software and intrusion prevention systems, FFRA could effectively counter malware by precisely restricting system calls.

show abstract

Section: System Call Restrictionmentioning

confidence: 99%

FFRA: A Fine-Grained Function-Level Framework to Reduce the Attack Surface

Zhang,

Liu,

Fan

et al. 2024

CSSE

View full text Add to dashboard Cite

show abstract

JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating

Liu

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

Scratching the Surface of ./configure: Learning the Effects of Compile-Time Options on Binary Size and Gadgets

Tërnava

Acher

Lesoil

et al. 2022

Reuse and Software Quality

View full text Add to dashboard Cite

Numerous software systems are configurable through compiletime options and the widely used ./configure. However, the combined effects of these options on binary's non-functional properties (size and attack surface) are often not documented, and or not well understood, even by experts. Our goal is to provide automated support for exploring and comprehending the configuration space (a.k.a., surface) of compile-time options using statistical learning techniques. In this paper, we perform an empirical study on four C-based configurable systems. We measure the variation of binary size and attack surface (by quantifying the number of code reuse gadgets) in over 400 compile-time configurations of a subject system. We then apply statistical learning techniques on top of our build infrastructure to identify how compile-time options relate to non-functional properties. Our results show that, by changing the default configuration, the system's binary size and gadgets vary greatly (roughly −79% to 244% and −77% to 30%, respectively). Then, we found out that identifying the most influential options can be accurately learned with a small training set, while their relative importance varies across size and attack surface for the same system. Practitioners can use our approach and artifacts to explore the effects of compile-time options in order to take informed decisions when configuring a system with ./configure.

show abstract

Carve

Cited by 17 publications

References 12 publications

FFRA: A Fine-Grained Function-Level Framework to Reduce the Attack Surface

FFRA: A Fine-Grained Function-Level Framework to Reduce the Attack Surface

JSLIM: Reducing the Known Vulnerabilities of JavaScript Application by Debloating

Scratching the Surface of ./configure: Learning the Effects of Compile-Time Options on Binary Size and Gadgets

Contact Info

Product

Resources

About