SoK: Software Debloating Landscape and Future Directions

TL;DR

This paper provides a comprehensive survey and classification of software debloating tools, analyzing their strategies, evaluation methods, and identifying open challenges to guide future research in improving software security and performance.

Contribution

It introduces a multilevel taxonomy for classifying debloating tools and offers a systematic analysis of the current landscape and open problems in software debloating.

Findings

Developed a multilevel taxonomy for debloating tools

Identified key open problems and research directions

Provided a comprehensive systematization of existing tools

Abstract

Software debloating seeks to mitigate security risks and improve performance by eliminating unnecessary code. In recent years, a plethora of debloating tools have been developed, creating a dense and varied landscape. Several studies have delved into the literature, focusing on comparative analysis of these tools. To build upon these efforts, this paper presents a comprehensive systematization of knowledge (SoK) of the software debloating landscape. We conceptualize the software debloating workflow, which serves as the basis for developing a multilevel taxonomy. This framework classifies debloating tools according to their input/output artifacts, debloating strategies, and evaluation criteria. Lastly, we apply the taxonomy to pinpoint open problems in the field, which, together with the SoK, provide a foundational reference for researchers aiming to improve software security and efficiency through debloating.