Visible to the public Reducing Attack Surface via Executable Transformation

TitleReducing Attack Surface via Executable Transformation
Publication TypeConference Paper
Year of Publication2018
AuthorsMertoguno, S., Craven, R., Koller, D., Mickelson, M.
Conference Name2018 IEEE Cybersecurity Development (SecDev)
Date PublishedOct. 2018
ISBN Number978-1-5386-7662-2
Keywordsattack surface, Binary, binary transformation, Complexity theory, Conferences, constant demands, de-bloat software binaries, Debloat, deployment practices, executable transformation, individual approaches, individual decisions, Late Stage Customization, Libraries, maximal code reuse, Metrics, minimal developer effort, modern software development, Navy, obscure use cases, office of naval research, ONR, overwhelming emphasis, Productivity, programmers productivity, pubcrawl, resilience, Resiliency, Scalability, security, security of data, Software, software engineering, software engineering history, software maintenance, software reusability, telecommunication security, total platform cyber protection, TPCP

Modern software development and deployment practices encourage complexity and bloat while unintentionally sacrificing efficiency and security. A major driver in this is the overwhelming emphasis on programmers' productivity. The constant demands to speed up development while reducing costs have forced a series of individual decisions and approaches throughout software engineering history that have led to this point. The current state-of-the-practice in the field is a patchwork of architectures and frameworks, packed full of features in order to appeal to: the greatest number of people, obscure use cases, maximal code reuse, and minimal developer effort. The Office of Naval Research (ONR) Total Platform Cyber Protection (TPCP) program seeks to de-bloat software binaries late in the life-cycle with little or no access to the source code or the development process.

Citation Keymertoguno_reducing_2018