通过特征识别和裁剪的自动化软件大规模定制

EAI Endorsed Trans. Security Safety Pub Date : 2019-04-29 DOI:10.4108/eai.13-7-2018.162291

Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan

{"title":"通过特征识别和裁剪的自动化软件大规模定制","authors":"Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan","doi":"10.4108/eai.13-7-2018.162291","DOIUrl":null,"url":null,"abstract":"The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"AMASS: Automated Software Mass Customization via Feature Identification and Tailoring\",\"authors\":\"Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan\",\"doi\":\"10.4108/eai.13-7-2018.162291\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.\",\"PeriodicalId\":335727,\"journal\":{\"name\":\"EAI Endorsed Trans. Security Safety\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EAI Endorsed Trans. Security Safety\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/eai.13-7-2018.162291\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.13-7-2018.162291","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

软件特性的快速膨胀给程序带来了低效率和漏洞，导致攻击面增加，被利用的可能性更高。在本文中，我们提出了一种新的自动化软件大规模定制(AMASS)框架，该框架以完全无监督的方式自动从二进制文件中识别程序特征，并根据用户需求剪裁和消除特征以创建定制的程序二进制文件。它使我们能够模块化程序功能，并有效地大规模创建自定义程序二进制文件。使用包括OpenSSL和LibreOffice在内的真实可执行文件进行评估表明，AMASS可以为不同的功能需求创建广泛的定制二进制文件，特征/功能识别的平均准确率为92.76%，程序攻击面减少高达67%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

AMASS: Automated Software Mass Customization via Feature Identification and Tailoring

The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

EAI Endorsed Trans. Security Safety

自引率

0.00%

发文量