Improving Security Through Software Debloating

Abstract

As software security breaches continue to increase in frequency and sophistication, there has been an increase in the research and development of new methods for improving software security. One such method that has seen a surge of new research recently is software debloating. Several software debloating techniques have been proposed that promise to improve security by removing code bloat at various stages of the software lifecycle. However, effectively measuring security improvement remains a challenge. In this lecture, I will review recently published software debloating techniques and the measures used to assess their impact on security. I will then present my work that demonstrates these measures are inadequate and propose a set of new measures for effectively measuring the security impact of software debloating.