Slimium: Debloating the Chromium Browser with Feature Subsetting - - PowerPoint PPT Presentation

slimium debloating the chromium browser with feature
SMART_READER_LITE
LIVE PREVIEW

Slimium: Debloating the Chromium Browser with Feature Subsetting - - PowerPoint PPT Presentation

Aug 28, 2023 259 likes •439 views

Slimium: Debloating the Chromium Browser with Feature Subsetting CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE 1 Background Chromium dominates Web browser market share. Ever-increasing Features: 2300+

slide-1
SLIDE 1

Slimium: Debloating the Chromium Browser with Feature Subsetting

CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE

1

slide-2
SLIDE 2

Background

  • Chromium dominates Web

browser market share.

  • Ever-increasing Features:
  • 2300+ Html/Javascript properties
  • 700+ CSS properties
  • Hundreds of experimental features

2

slide-3
SLIDE 3

Problem

  • Not all features are used

commonly.

  • Attack surface is increasing.

3

Feature Policy

slide-4
SLIDE 4

Slimium

Remove code of unused features. Given a set of websites, generate a slim version of Chromium.

4

slide-5
SLIDE 5

Overview

Entire Code F1 F2 Map code to features Profile websites Remove unused features

5

slide-6
SLIDE 6

Feature Code Mapping

  • Challenge
  • Large-scale & Complex
  • Code generation during compiling

6

slide-7
SLIDE 7

Feature Code Mapping

  • Approach

➢ Manual Analysis

  • Investigate source code and documents.
  • Create an initial mapping between features and source

code (i.e., files).

aaa.cpp b.cpp c.cpp d.cpp dd.cpp

Feature A Feature B

aa.cpp 7

slide-8
SLIDE 8

Feature Code Mapping

  • Approach

➢ Manual Analysis

  • Investigate source code and documents.
  • Create an initial mapping between features

and source code (i.e., files).

➢ Static Analysis

  • Build the call graph
  • Compute a relation vector 𝑺 = (𝒔𝒅, 𝒔𝒕)
  • 𝒔𝒅 -- Call Invocation Relation (0 ~ 1)
  • 𝒔𝒕 -- File Name Similarity (0 ~ 1)
  • If 𝒔𝒅 and 𝒔𝒕 are greater than the thresholds,

dd l ’s pp ng.

aaa.cpp b.cpp c.cpp d.cpp dd.cpp

Feature A Feature B

aa.cpp

aaa.cpp b.cpp c.cpp d.cpp dd.cpp aa.cpp

8

slide-9
SLIDE 9

Webpage Profiling

  • Challenge & Approach
  • Nondeterministic Code
  • Keep profiling until stable.
  • Performance
  • Ad p A L’s pp c .

Identified nondeterministic code from visiting the top 1000 Alexa websites

9

slide-10
SLIDE 10

Removing Unused Features

  • Keep nondeterministic code.
  • lc l ’s c d c v g b s d n p l ng s l s.
  • If the code coverage is greater than the threshold (i.e., 𝑼), keep the feature.
  • w s , v ’s n c d c d .
  • Rewrite the binary to remove code.

10

slide-11
SLIDE 11

Evaluation

➢ Feature Code Mapping

Manual Analysis Static Analysis 57.0 MB 42.3 MB 44.9 MB

11

slide-12
SLIDE 12

Evaluation

➢ Code Reduction & Security Benefits

  • Visit 40 websites from 10 different groups.

12

slide-13
SLIDE 13

Evaluation

➢ Feature Usages

13

slide-14
SLIDE 14

Related Works

  • nyd ’s w k ’17
  • “M s W bs s D n’ N d V b : A s -B n App c p v ng B ws c y”
  • Scope
  • API blocking vs Code removing

14

slide-15
SLIDE 15

Limitations

  • Rely on manual analysis.
  • Not 100% guaranteed stable.

15

slide-16
SLIDE 16

Questions?

16