File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1145/3372297.3417866
- Scopus: eid_2-s2.0-85096201114
- WOS: WOS:000768470400030
- Find via
Supplementary
- Citations:
- Appears in Collections:
Conference Paper: Slimium: Debloating the Chromium Browser with Feature Subsetting
Title | Slimium: Debloating the Chromium Browser with Feature Subsetting |
---|---|
Authors | |
Keywords | program analysis binary rewriting browser debloating |
Issue Date | 2020 |
Citation | Proceedings of the ACM Conference on Computer and Communications Security, 2020, p. 461-476 How to Cite? |
Abstract | Today, a web browser plays a crucial role in offering a broad spectrum of web experiences. The most popular browser, Chromium, has become an extremely complex application to meet ever-increasing user demands, exposing unavoidably large attack vectors due to its large code base. Code debloating attracts attention as a means of reducing such a potential attack surface by eliminating unused code. However, it is very challenging to perform sophisticated code removal without breaking needed functionalities because Chromium operates on a large number of closely connected and complex components, such as a renderer and JavaScript engine. In this paper, we present Slimium, a debloating framework for a browser (i.e., Chromium) that harnesses a hybrid approach for a fast and reliable binary instrumentation. The main idea behind Slimium is to determine a set of features as a debloating unit on top of a hybrid (i.e., static, dynamic, heuristic) analysis, and then leverage feature subsetting to code debloating. It aids in i) focusing on security-oriented features, ii) discarding unneeded code simply without complications, and iii)~reasonably addressing a non-deterministic path problem raised from code complexity. To this end, we generate a feature-code map with a relation vector technique and prompt webpage profiling results. Our experimental results demonstrate the practicality and feasibility of Slimium for 40 popular websites, as on average it removes 94 CVEs (61.4%) by cutting down 23.85 MB code (53.1%) from defined features (21.7% of the whole) in Chromium. |
Persistent Identifier | http://hdl.handle.net/10722/303713 |
ISSN | 2023 SCImago Journal Rankings: 1.430 |
ISI Accession Number ID |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Qian, Chenxiong | - |
dc.contributor.author | Koo, Hyungjoon | - |
dc.contributor.author | Oh, Chang Seok | - |
dc.contributor.author | Kim, Taesoo | - |
dc.contributor.author | Lee, Wenke | - |
dc.date.accessioned | 2021-09-15T08:25:52Z | - |
dc.date.available | 2021-09-15T08:25:52Z | - |
dc.date.issued | 2020 | - |
dc.identifier.citation | Proceedings of the ACM Conference on Computer and Communications Security, 2020, p. 461-476 | - |
dc.identifier.issn | 1543-7221 | - |
dc.identifier.uri | http://hdl.handle.net/10722/303713 | - |
dc.description.abstract | Today, a web browser plays a crucial role in offering a broad spectrum of web experiences. The most popular browser, Chromium, has become an extremely complex application to meet ever-increasing user demands, exposing unavoidably large attack vectors due to its large code base. Code debloating attracts attention as a means of reducing such a potential attack surface by eliminating unused code. However, it is very challenging to perform sophisticated code removal without breaking needed functionalities because Chromium operates on a large number of closely connected and complex components, such as a renderer and JavaScript engine. In this paper, we present Slimium, a debloating framework for a browser (i.e., Chromium) that harnesses a hybrid approach for a fast and reliable binary instrumentation. The main idea behind Slimium is to determine a set of features as a debloating unit on top of a hybrid (i.e., static, dynamic, heuristic) analysis, and then leverage feature subsetting to code debloating. It aids in i) focusing on security-oriented features, ii) discarding unneeded code simply without complications, and iii)~reasonably addressing a non-deterministic path problem raised from code complexity. To this end, we generate a feature-code map with a relation vector technique and prompt webpage profiling results. Our experimental results demonstrate the practicality and feasibility of Slimium for 40 popular websites, as on average it removes 94 CVEs (61.4%) by cutting down 23.85 MB code (53.1%) from defined features (21.7% of the whole) in Chromium. | - |
dc.language | eng | - |
dc.relation.ispartof | Proceedings of the ACM Conference on Computer and Communications Security | - |
dc.subject | program analysis | - |
dc.subject | binary rewriting | - |
dc.subject | browser | - |
dc.subject | debloating | - |
dc.title | Slimium: Debloating the Chromium Browser with Feature Subsetting | - |
dc.type | Conference_Paper | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1145/3372297.3417866 | - |
dc.identifier.scopus | eid_2-s2.0-85096201114 | - |
dc.identifier.spage | 461 | - |
dc.identifier.epage | 476 | - |
dc.identifier.isi | WOS:000768470400030 | - |