CARVE: Practical Security-Focused Software Debloating Using Simple Feature Set Mappings
Michael D. Brown, Santosh Pande

TL;DR
CARVE is a practical, security-focused software debloating method that uses simple feature mappings and static annotations to effectively reduce bloat while maintaining software integrity and security.
Contribution
It introduces a novel debloating approach with feature replacement, overcoming limitations of existing methods in complexity, security, and applicability to complex software.
Findings
Outperforms existing debloating techniques in security and performance.
Preserves software interoperability during debloating.
Reduces technical complexity for users.
Abstract
Software debloating is an emerging field of study aimed at improving the security and performance of software by removing excess library code and features that are not needed by the end user (called bloat). Software bloat is pervasive, and several debloating techniques have been proposed to address this problem. While these techniques are effective at reducing bloat, they are not practical for the average user, risk creating unsound programs and introducing vulnerabilities, and are not well suited for debloating complex software such as network protocol implementations. In this paper, we propose CARVE, a simple yet effective security-focused debloating technique that overcomes these limitations. CARVE employs static source code annotation to map software features source code, eliminating the need for advanced software analysis during debloating and reducing the overall level of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
