Reducing Attack Surface via Executable Transformation
| Title | Reducing Attack Surface via Executable Transformation |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Mertoguno, S., Craven, R., Koller, D., Mickelson, M. |
| Conference Name | 2018 IEEE Cybersecurity Development (SecDev) |
| Date Published | Oct. 2018 |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-7662-2 |
| Keywords | attack surface, Binary, binary transformation, Complexity theory, Conferences, constant demands, de-bloat software binaries, Debloat, deployment practices, executable transformation, individual approaches, individual decisions, Late Stage Customization, Libraries, maximal code reuse, Metrics, minimal developer effort, modern software development, Navy, obscure use cases, office of naval research, ONR, overwhelming emphasis, Productivity, programmers productivity, pubcrawl, resilience, Resiliency, Scalability, security, security of data, Software, software engineering, software engineering history, software maintenance, software reusability, telecommunication security, total platform cyber protection, TPCP |
| Abstract | Modern software development and deployment practices encourage complexity and bloat while unintentionally sacrificing efficiency and security. A major driver in this is the overwhelming emphasis on programmers' productivity. The constant demands to speed up development while reducing costs have forced a series of individual decisions and approaches throughout software engineering history that have led to this point. The current state-of-the-practice in the field is a patchwork of architectures and frameworks, packed full of features in order to appeal to: the greatest number of people, obscure use cases, maximal code reuse, and minimal developer effort. The Office of Naval Research (ONR) Total Platform Cyber Protection (TPCP) program seeks to de-bloat software binaries late in the life-cycle with little or no access to the source code or the development process. |
| URL | https://ieeexplore.ieee.org/document/8543406 |
| DOI | 10.1109/SecDev.2018.00034 |
| Citation Key | mertoguno_reducing_2018 |
- security
- office of naval research
- ONR
- overwhelming emphasis
- Productivity
- programmers productivity
- pubcrawl
- resilience
- Resiliency
- Scalability
- obscure use cases
- security of data
- Software
- software engineering
- software engineering history
- software maintenance
- software reusability
- telecommunication security
- total platform cyber protection
- TPCP
- individual approaches
- Binary
- binary transformation
- Complexity theory
- Conferences
- constant demands
- de-bloat software binaries
- Debloat
- deployment practices
- executable transformation
- attack surface
- individual decisions
- Late Stage Customization
- Libraries
- maximal code reuse
- Metrics
- minimal developer effort
- modern software development
- Navy