Florian Rommel and Daniel Lohmann
Dynamic Context-Based Code Elimination
Research on binary tailoring showed that it is possible to remove large portions of unneeded library code, which not only reduces the size of an application, but it also shrinks the attack surface by removing vulnerabilities.
Can we go further? Complex applications usually come with different components within a single process. A database, for example, may have a dispatcher thread, workers and a persistence subsystem. These parts operate on the same common code segment, even if they only share little of it.
With address-space views, we developed a technique which allows thread-level variations in specific memory regions. This is achieved by allowing threads to switch between synchronized address-space clones (views) within a single Unix process.
Existing tailoring techniques can be combined with address-space views in order to dynamically eliminate unreachable code on the basis of user-defined contexts. Therefore, the developer specifies functions that constitute entry points for these contexts. Each context gets its own view of the text segment. Compiler-generated call-graph information is used to determine the code areas that are safe to be removed for each view.