slimium debloating the chromium browser with feature
play

Slimium: Debloating the Chromium Browser with Feature Subsetting - PowerPoint PPT Presentation

Aug 28, 2023 •259 likes •438 views

Slimium: Debloating the Chromium Browser with Feature Subsetting CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE 1 Background Chromium dominates Web browser market share. Ever-increasing Features: 2300+

  1. Slimium: Debloating the Chromium Browser with Feature Subsetting CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE 1

  2. Background • Chromium dominates Web browser market share. • Ever-increasing Features: • 2300+ Html/Javascript properties • 700+ CSS properties • Hundreds of experimental features 2

  3. Problem • Not all features are used commonly. • Attack surface is increasing. Feature Policy 3

  4. Slimium Remove code of unused features. Given a set of websites, generate a slim version of Chromium. 4

  5. Overview Map code to features Remove unused features Entire Code F 2 F 1 Profile websites 5

  6. Feature Code Mapping • Challenge • Large-scale & Complex • Code generation during compiling 6

  7. Feature Code Mapping • Approach Feature B Feature A ➢ Manual Analysis aaa.cpp b.cpp c.cpp d.cpp dd.cpp • Investigate source code and documents. • Create an initial mapping between features and source code (i.e., files). aa.cpp 7

  8. Feature Code Mapping • Approach Feature B Feature A ➢ Manual Analysis • Investigate source code and documents. aaa.cpp b.cpp c.cpp d.cpp dd.cpp • Create an initial mapping between features and source code (i.e., files). aa.cpp ➢ Static Analysis • Build the call graph b.cpp dd.cpp aaa.cpp c.cpp d.cpp • Compute a relation vector 𝑺 = (𝒔 𝒅 , 𝒔 𝒕 ) • 𝒔 𝒅 -- Call Invocation Relation (0 ~ 1) • 𝒔 𝒕 -- File Name Similarity (0 ~ 1) aa.cpp • If 𝒔 𝒅 and 𝒔 𝒕 are greater than the thresholds, dd l ’s pp ng. 8

  9. Webpage Profiling • Challenge & Approach • Nondeterministic Code Identified nondeterministic code from visiting the top 1000 Alexa websites • Keep profiling until stable. • Performance • Ad p A L’s pp c . 9

  10. Removing Unused Features • Keep nondeterministic code. • lc l ’s c d c v g b s d n p l ng s l s. • If the code coverage is greater than the threshold (i.e., 𝑼 ), keep the feature. • w s , v ’s n c d c d . • Rewrite the binary to remove code. 10

  11. Evaluation ➢ Feature Code Mapping 42.3 MB 44.9 MB 57.0 MB Manual Analysis Static Analysis 11

  12. Evaluation ➢ Code Reduction & Security Benefits • Visit 40 websites from 10 different groups. 12

  13. Evaluation ➢ Feature Usages 13

  14. Related Works • nyd ’s w k ’17 • “M s W bs s D n’ N d V b : A s - B n App c p v ng B ws c y” • Scope • API blocking vs Code removing 14

  15. Limitations • Rely on manual analysis. • Not 100% guaranteed stable. 15

  16. Questions? 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript features are used Feature defined as browser capability accessed through JavaScript function or property. Considers only sites in Alexa

523 views • 11 slides
Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I

Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I

Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I ran chromium-browser http://bench.cr.yp.to /results-hash.html . Unsurprising: slow load. This page is 8509794 bytes + 32136149 bytes for 151

568 views • 39 slides
Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water

Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water

Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water Brian De Borba, Lipika Basumallick, Jeffrey Rohrer Outline Why do we need a sensitive method for hexavalent chromium analysis? U.S. EPA Method

537 views • 27 slides
Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2 O 3 , It is a p-type of oxide with Cr 3+ ions diffusing outward. Since the defect concentration is so low that even at high temperatures, the

613 views • 14 slides
Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th 2019 Nilo Redini Computer Science @ UC Santa Barbara nredini@cs.ucsb.edu Motivation - Software complexity pushes developers toward component

958 views • 50 slides
Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez Automotive Linux Summit 2015, Tokyo Myself, Igalia and Webkit/Chromium Co-founder of Igalia Open source consultancy founded in 2001 Igalia is

950 views • 51 slides
Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook

Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook

Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook <keescook@chromium.org> https://outflux.net/slides/2019/lpc/gcc-clang.pdf old school security feature examples stack canaries: -fstack-protector-strong

552 views • 15 slides
Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium

Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium

Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium Sample Data Based on the sampling conducted to date: Camdentons drinking water wells continue to meet all safe drinking water standards

249 views • 24 slides
On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong Hu, Hyungon Moon, Taesoo Kim The problem of bloated software High complexity: more vulnerabilities Unused interfaces: an attacker can use

720 views • 25 slides
Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami

Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami

Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami Embedded Software Engineer at National Instruments We just finished our first product using Chromium-EC and future ones to come Other stuff I

848 views • 42 slides
Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour

Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour

Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho (Simon) Chung, Taesoo Kim, Wenke Lee Software Is Getting Bigger 17.5M Lines of Code 5M Linux Kernel Version 2 Software Is Bloated

900 views • 24 slides
Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and

Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and

Deja Vu All Over Again CHROMIUM +6 Monrovia, California Dr. Andrew Eaton g MWH Labs August 15, 2011 NEMC j Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and Forms 3. Analytical Issues 4.

661 views • 26 slides
Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 |

Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 |

Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 | Proprietary What we want: Isolation Insert high resolution image 2018 | Proprietary What is Isolation? 2018 | Proprietary What is Isolation? Source

915 views • 28 slides
Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at) google.com GOTO Aarhus 2013 Outline Chromium Background Numbers Clang Background Error Messages Warnings Tools Conclusion Introducing

429 views • 27 slides
BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen

BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen

BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen Denmark Feature Session Toolbar Downloads Contextmenu Customtabs Findinpage Webnotifications Reader View Search Sync Prompts Sendtab QR ...

653 views • 62 slides
When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A

When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A

When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A practical guide to stuffing your apps bits into someone elses browser Questions: @mdeiters Rapid Feature Development Rapid Feature

1.67k views • 166 slides
Feat ure Select ion using/ f or Feat ure Select ion using/ f or Transduct ive ransduct ive S

Feat ure Select ion using/ f or Feat ure Select ion using/ f or Transduct ive ransduct ive S

NI PS03 Workshop of Feature Extraction and Feature Selection Challenge Feat ure Select ion using/ f or Feat ure Select ion using/ f or Transduct ive ransduct ive S Support upport V Vect or ect or M Machine achine T Mr. Zhili Wu Dr.

294 views • 13 slides
RF Exposure Procedures Update TCB Workshop October 2013 Laboratory Division Office of

RF Exposure Procedures Update TCB Workshop October 2013 Laboratory Division Office of

RF Exposure Procedures Update TCB Workshop October 2013 Laboratory Division Office of Engineering and Technology Federal Communications Commission Overview Existing KDB procedures update Evolving technology update SAR measurement

266 views • 25 slides
UNIVERSITY OF MANCHESTER Department of Computer Science CS3282: Digital Communications 06 BMG

UNIVERSITY OF MANCHESTER Department of Computer Science CS3282: Digital Communications 06 BMG

UNIVERSITY OF MANCHESTER Department of Computer Science CS3282: Digital Communications 06 BMG Cheetham Section 10 Multiple access for wireless communications 26/03/06 CS3282 Sectn 10 1 1. Multiple user access for wireless communications

398 views • 15 slides
coding Xin Sheng Zhou Problem for Wireless Networks Traffic demand Main problem: Shared

coding Xin Sheng Zhou Problem for Wireless Networks Traffic demand Main problem: Shared

Cooperative networks and coding Xin Sheng Zhou Problem for Wireless Networks Traffic demand Main problem: Shared medium = Interference What we have done? Wireless throughput had doubled every 30 months over a period of 104 years,

455 views • 23 slides
Feature Engineering ( x ) transform x Many slides attributable to: Prof. Mike Hughes Erik

Feature Engineering ( x ) transform x Many slides attributable to: Prof. Mike Hughes Erik

Tufts COMP 135: Introduction to Machine Learning https://www.cs.tufts.edu/comp/135/2019s/ Feature Engineering ( x ) transform x Many slides attributable to: Prof. Mike Hughes Erik Sudderth (UCI) Finale Doshi-Velez (Harvard) James,

642 views • 45 slides
A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang * Gregory Valiant Stanford University What are adversarial examples? Adding small amount of well-crafted noise to the test data fools the classifier More

574 views • 14 slides
Fast High-Dimensional Feature Matching for Object Recognition David Lowe Computer Science

Fast High-Dimensional Feature Matching for Object Recognition David Lowe Computer Science

Fast High-Dimensional Feature Matching for Object Recognition David Lowe Computer Science Department University of British Columbia Finding the panoramas Finding the panoramas Finding the panoramas Location recognition The Problem

375 views • 21 slides
6.869 Advances in Computer Vision Prof. Bill Freeman March 1, 2005 1 2 Local Features Today

6.869 Advances in Computer Vision Prof. Bill Freeman March 1, 2005 1 2 Local Features Today

6.869 Advances in Computer Vision Prof. Bill Freeman March 1, 2005 1 2 Local Features Today Matching points across images important for: Interesting points, correspondence. object identification (instance recognition) object (class)

167 views • 13 slides

More recommend