slimium debloating the chromium browser with feature
play

Slimium: Debloating the Chromium Browser with Feature Subsetting - PowerPoint PPT Presentation

Aug 28, 2023 •259 likes •438 views

Slimium: Debloating the Chromium Browser with Feature Subsetting CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE 1 Background Chromium dominates Web browser market share. Ever-increasing Features: 2300+

  1. Slimium: Debloating the Chromium Browser with Feature Subsetting CHENXIONG QIAN, HYUNGJOON (KEVIN) KOO, CHANGSEOK OH, TAESOO KIM, WENKE LEE 1

  2. Background • Chromium dominates Web browser market share. • Ever-increasing Features: • 2300+ Html/Javascript properties • 700+ CSS properties • Hundreds of experimental features 2

  3. Problem • Not all features are used commonly. • Attack surface is increasing. Feature Policy 3

  4. Slimium Remove code of unused features. Given a set of websites, generate a slim version of Chromium. 4

  5. Overview Map code to features Remove unused features Entire Code F 2 F 1 Profile websites 5

  6. Feature Code Mapping • Challenge • Large-scale & Complex • Code generation during compiling 6

  7. Feature Code Mapping • Approach Feature B Feature A ➢ Manual Analysis aaa.cpp b.cpp c.cpp d.cpp dd.cpp • Investigate source code and documents. • Create an initial mapping between features and source code (i.e., files). aa.cpp 7

  8. Feature Code Mapping • Approach Feature B Feature A ➢ Manual Analysis • Investigate source code and documents. aaa.cpp b.cpp c.cpp d.cpp dd.cpp • Create an initial mapping between features and source code (i.e., files). aa.cpp ➢ Static Analysis • Build the call graph b.cpp dd.cpp aaa.cpp c.cpp d.cpp • Compute a relation vector 𝑺 = (𝒔 𝒅 , 𝒔 𝒕 ) • 𝒔 𝒅 -- Call Invocation Relation (0 ~ 1) • 𝒔 𝒕 -- File Name Similarity (0 ~ 1) aa.cpp • If 𝒔 𝒅 and 𝒔 𝒕 are greater than the thresholds, dd l ’s pp ng. 8

  9. Webpage Profiling • Challenge & Approach • Nondeterministic Code Identified nondeterministic code from visiting the top 1000 Alexa websites • Keep profiling until stable. • Performance • Ad p A L’s pp c . 9

  10. Removing Unused Features • Keep nondeterministic code. • lc l ’s c d c v g b s d n p l ng s l s. • If the code coverage is greater than the threshold (i.e., 𝑼 ), keep the feature. • w s , v ’s n c d c d . • Rewrite the binary to remove code. 10

  11. Evaluation ➢ Feature Code Mapping 42.3 MB 44.9 MB 57.0 MB Manual Analysis Static Analysis 11

  12. Evaluation ➢ Code Reduction & Security Benefits • Visit 40 websites from 10 different groups. 12

  13. Evaluation ➢ Feature Usages 13

  14. Related Works • nyd ’s w k ’17 • “M s W bs s D n’ N d V b : A s - B n App c p v ng B ws c y” • Scope • API blocking vs Code removing 14

  15. Limitations • Rely on manual analysis. • Not 100% guaranteed stable. 15

  16. Questions? 16

Recommend

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript features are used Feature defined as browser capability accessed through JavaScript function or property. Considers only sites in Alexa

523 views • 11 slides
Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I

Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I

Data-structure lock-in D. J. Bernstein University of Illinois at Chicago The browser is slow I ran chromium-browser http://bench.cr.yp.to /results-hash.html . Unsurprising: slow load. This page is 8509794 bytes + 32136149 bytes for 151

568 views • 39 slides
Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water

Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water

Sensitive Determination of Hexavalent Chromium in Drinking Water Chromium in Drinking Water Brian De Borba, Lipika Basumallick, Jeffrey Rohrer Outline Why do we need a sensitive method for hexavalent chromium analysis? U.S. EPA Method

537 views • 27 slides
Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2 O 3 , It is a p-type of oxide with Cr 3+ ions diffusing outward. Since the defect concentration is so low that even at high temperatures, the

613 views • 14 slides
Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th 2019 Nilo Redini Computer Science @ UC Santa Barbara nredini@cs.ucsb.edu Motivation - Software complexity pushes developers toward component

958 views • 50 slides
Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez Automotive Linux Summit 2015, Tokyo Myself, Igalia and Webkit/Chromium Co-founder of Igalia Open source consultancy founded in 2001 Igalia is

950 views • 51 slides
Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook

Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook

Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook <keescook@chromium.org> https://outflux.net/slides/2019/lpc/gcc-clang.pdf old school security feature examples stack canaries: -fstack-protector-strong

552 views • 15 slides
Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium

Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium

Chromium Assessments at Camdenton TCE Sites Kyle Anderson Christine Kump Mitchell Chromium Sample Data Based on the sampling conducted to date: Camdentons drinking water wells continue to meet all safe drinking water standards

249 views • 24 slides
On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong

On the Effectiveness of Kernel Debloating via Compile-time Configuration Mansour Alharthi, Hong Hu, Hyungon Moon, Taesoo Kim The problem of bloated software High complexity: more vulnerabilities Unused interfaces: an attacker can use

720 views • 25 slides
Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami

Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami

Multitasking on Cortex-M(0) class MCU A deepdive into the Chromium-EC scheduler $whoami Embedded Software Engineer at National Instruments We just finished our first product using Chromium-EC and future ones to come Other stuff I

848 views • 42 slides
Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour

Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour

Razor: A Framework for Post-deployment Software Debloating Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho (Simon) Chung, Taesoo Kim, Wenke Lee Software Is Getting Bigger 17.5M Lines of Code 5M Linux Kernel Version 2 Software Is Bloated

900 views • 24 slides
Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and

Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and

Deja Vu All Over Again CHROMIUM +6 Monrovia, California Dr. Andrew Eaton g MWH Labs August 15, 2011 NEMC j Presentation Outline 1. History Science and Society 2. Chemistry of Chromium Sources and Forms 3. Analytical Issues 4.

661 views • 26 slides
Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 |

Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 |

Servicification: Modularizing Chromium {blundell, clamy, rjkroege}@chromium.org 2018 | Proprietary What we want: Isolation Insert high resolution image 2018 | Proprietary What is Isolation? 2018 | Proprietary What is Isolation? Source

915 views • 28 slides
Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at) google.com GOTO Aarhus 2013 Outline Chromium Background Numbers Clang Background Error Messages Warnings Tools Conclusion Introducing

429 views • 27 slides
BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen

BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen

BUILD A BROWSER BY KOTLIN COLIN LEE SEBASTIAN KASPARI @colinmlee @Anti_Hype Copenhagen Denmark Feature Session Toolbar Downloads Contextmenu Customtabs Findinpage Webnotifications Reader View Search Sync Prompts Sendtab QR ...

653 views • 62 slides
When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A

When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A

When to tell your kids about presentation caching Matthew Deiters www.theAgileDeveloper.com A practical guide to stuffing your apps bits into someone elses browser Questions: @mdeiters Rapid Feature Development Rapid Feature

1.67k views • 166 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many <script> tags with hidden ordering dependencies Very

362 views • 15 slides
Reducing input latency on the web bit.ly/reduce-input-latency W3C Games Workshop - June 2019

Reducing input latency on the web bit.ly/reduce-input-latency W3C Games Workshop - June 2019

Reducing input latency on the web bit.ly/reduce-input-latency W3C Games Workshop - June 2019 Navid Zolghadr (nzolghadr@chromium.org) Chromium Input Dev Chromium input dev Goals Smooth user interaction and scrolling across the

295 views • 18 slides
Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does Standard Tor is easy to block GetTor helps you get Tor Browser GetTor helps you get Tor Browser Tor Browser ships with default

567 views • 24 slides
Decision Tree Prof. Seungchul Lee Industrial AI Lab. Feature Test Feature 1 Feature 2 Feature

Decision Tree Prof. Seungchul Lee Industrial AI Lab. Feature Test Feature 1 Feature 2 Feature

Decision Tree Prof. Seungchul Lee Industrial AI Lab. Feature Test Feature 1 Feature 2 Feature 3 Feature 4 output ? Yes Low Medium Bad Feature test in the first level Yes Yes High Medium Bad ? No High Medium Good No No

579 views • 23 slides
Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection

Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection

Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection Hypothesis Tests Examined (e.g. t-test): Useful for discarding features But does not tell us about overlap between classes for a feature! At Left

526 views • 21 slides
THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North Dan North & Associates The gangs 1990: Tim Berners-Lee - (WorldWideWeb) 1993: NCSA Mosaic 1994: Netscape - Navigator 1995: Microsoft -

971 views • 21 slides
Crossing the Chasm Pitching Security Research to Mainstream Browser Vendors Collin Jackson

Crossing the Chasm Pitching Security Research to Mainstream Browser Vendors Collin Jackson

Crossing the Chasm Pitching Security Research to Mainstream Browser Vendors Collin Jackson Carnegie Mellon University Why a security feature is like a startup <10 users ~1 million users >1 billion users Ideas trying to cross the chasm

825 views • 46 slides

More recommend