TY - GEN
T1 - Reducing attack surface via executable transformation
AU - Mertoguno, Sukarno
AU - Craven, Ryan
AU - Koller, Daniel
AU - Mickelson, Matthew
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/11/21
Y1 - 2018/11/21
N2 - Modern software development and deployment practices encourage complexity and bloat while unintentionally sacrificing efficiency and security. A major driver in this is the overwhelming emphasis on programmers' productivity. The constant demands to speed up development while reducing costs have forced a series of individual decisions and approaches throughout software engineering history that have led to this point. The current state-of-The-practice in the field is a patchwork of architectures and frameworks, packed full of features in order to appeal to: The greatest number of people, obscure use cases, maximal code reuse, and minimal developer effort. The Office of Naval Research (ONR) Total Platform Cyber Protection (TPCP) program seeks to de-bloat software binaries late in the life-cycle with little or no access to the source code or the development process.
AB - Modern software development and deployment practices encourage complexity and bloat while unintentionally sacrificing efficiency and security. A major driver in this is the overwhelming emphasis on programmers' productivity. The constant demands to speed up development while reducing costs have forced a series of individual decisions and approaches throughout software engineering history that have led to this point. The current state-of-The-practice in the field is a patchwork of architectures and frameworks, packed full of features in order to appeal to: The greatest number of people, obscure use cases, maximal code reuse, and minimal developer effort. The Office of Naval Research (ONR) Total Platform Cyber Protection (TPCP) program seeks to de-bloat software binaries late in the life-cycle with little or no access to the source code or the development process.
UR - http://www.scopus.com/inward/record.url?scp=85059830112&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85059830112&partnerID=8YFLogxK
U2 - 10.1109/SecDev.2018.00034
DO - 10.1109/SecDev.2018.00034
M3 - Conference contribution
AN - SCOPUS:85059830112
T3 - Proceedings - 2018 IEEE Cybersecurity Development Conference, SecDev 2018
SP - 138
BT - Proceedings - 2018 IEEE Cybersecurity Development Conference, SecDev 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd Annual IEEE Cybersecurity Development Conference, SecDev 2018
Y2 - 30 September 2018 through 2 October 2018
ER -