Software debloating for the web stack

debloating.com hosts the ongoing research projects on the topic of debloating for web applications


What is software debloating?

The main idea of software debloating is to reduce software's attack surface by removing pieces of code that are not required by users. Debloating can target various parts of the software stack. For instance, "Less is More" reduces the attack surface of web applications by removing the PHP code that is not required, and as a result, removing the potential vulnerabilities in those sections of the code. Orthogonally, "Saphire" makes it harder to mount exploits by disabling unnecessary system calls for web applications.

"Mininode" is a tool, which helps to reduce the attack surface of the Node.js applications by removing the unused modules and functions within the modules. Finally, "SQLBlock" limits each PHP function for accessing the database. It essentially reduces the attack surface of the vulnerable PHP functions in a web application to a set of query descriptors that demonstrate the benign functionality of the PHP function.


Debloating projects


Our Team

This line of research is pursued by researchers from multiple universities. Below are the leaders and the contributors of these projects.

Institutions

People

Stony Brook University
Babak Amin Azad
Babak Amin Azad
PhD Candidate
Stony Brook University
Pierre Laperdrix
Pierre Laperdrix
Full time researcher
CNRS / Univ. Lille / Inria
Nick Nikiforakis
Nick Nikiforakis
Associate Professor
Stony Brook University
Boston University
Alexander Bulekov
Alexander Bulekov
PhD Candidate
Boston University
Rasoul Jahanshahi
Rasoul Jahanshahi
PhD Candidate
Boston University
Manuel Egele
Manuel Egele
Assistant Professor
Boston University
North Carolina State University
Igibek Koishybayev
Igibek Koishybayev
PhD Candidate
North Carolina State University
Alexandros Kapravelos
Alexandros Kapravelos
Assistant Professor
North Carolina State University
Arizona State University
Adam Doupé
Adam Doupé
Associate Professor
Arizona State University

Funded by

Funded by the ONR
Office of Naval Research
Grant number: N00014-17-1-2541